Protect against pack/unpack repeat count overflows,

based on: To: Brian Keefer <mgomes@cwix.com> Cc: perl5-porters@perl.org Subject: Re: [ID 19990806.001] Core dump with obfuscated code Message-ID: <14250.27711.769942.100675@localhost.frii.com> p4raw-id: //depot/cfgperl@3928
author: Nathan Torkington <gnat@frii.com> 1999-08-05 17:01:51 -0600
committer: Jarkko Hietaniemi <jhi@iki.fi> 1999-08-06 08:08:03 +0000
commit: 0638735429cd9f405fe3527971d0275cbbe212d8 (patch)
tree: ba79b0695271c4ee8b9e2c01b47334845360052d /pp.c
parent: 89ad24c9aa03f6971d66557246333c6005015dc5 (diff)
download: perl-0638735429cd9f405fe3527971d0275cbbe212d8.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/pp.c b/pp.c
index 8437e5b40c..a020f54589 100644
--- a/pp.c
+++ b/pp.c
@@ -3350,8 +3350,11 @@ PP(pp_unpack)
 	}
 	else if (isDIGIT(*pat)) {
 	    len = *pat++ - '0';
-	    while (isDIGIT(*pat))
+	    while (isDIGIT(*pat)) {
 		len = (len * 10) + (*pat++ - '0');
+		if (len < 0)
+		    Perl_croak(aTHX_ "Repeat count in unpack overflows");
+	    }
 	}
 	else
 	    len = (datumtype != '@');
@@ -4394,8 +4397,11 @@ PP(pp_pack)
 	}
 	else if (isDIGIT(*pat)) {
 	    len = *pat++ - '0';
-	    while (isDIGIT(*pat))
+	    while (isDIGIT(*pat)) {
 		len = (len * 10) + (*pat++ - '0');
+		if (len < 0)
+		    Perl_croak(aTHX_ "Repeat count in pack overflows");
+	    }
 	}
 	else
 	    len = 1;
author	Nathan Torkington <gnat@frii.com>	1999-08-05 17:01:51 -0600
committer	Jarkko Hietaniemi <jhi@iki.fi>	1999-08-06 08:08:03 +0000
commit	0638735429cd9f405fe3527971d0275cbbe212d8 (patch)
tree	ba79b0695271c4ee8b9e2c01b47334845360052d /pp.c
parent	89ad24c9aa03f6971d66557246333c6005015dc5 (diff)
download	perl-0638735429cd9f405fe3527971d0275cbbe212d8.tar.gz