Fix a crash with a tainted formline() picture

A private (tainted) string did not get its share of space in the destination string, causing a buffer overflow later. Originally reported by Roland Kuhn as http://bugs.debian.org/575318
author: Niko Tyni <ntyni@debian.org> 2010-11-01 09:19:07 +0200
committer: Father Chrysostomos <sprout@cpan.org> 2010-11-14 16:52:23 -0800
commit: 7e6078c645571643c0a8840234dc94bc4572a5e4 (patch)
tree: 0b7effae6787f9ba83033084d10f49291f97aee7 /pp_ctl.c
parent: 9733086de353bc33c973e56ef83fcd300a3f9492 (diff)
download: perl-7e6078c645571643c0a8840234dc94bc4572a5e4.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/pp_ctl.c b/pp_ctl.c
index 2d4d6ddd18..4c3ffafb7e 100644
--- a/pp_ctl.c
+++ b/pp_ctl.c
@@ -504,7 +504,7 @@ PP(pp_formline)
     NV value;
     bool gotsome = FALSE;
     STRLEN len;
-    const STRLEN fudge = SvPOK(tmpForm)
+    const STRLEN fudge = SvPOKp(tmpForm)
 			? (SvCUR(tmpForm) * (IN_BYTES ? 1 : 3) + 1) : 0;
     bool item_is_utf8 = FALSE;
     bool targ_is_utf8 = FALSE;
author	Niko Tyni <ntyni@debian.org>	2010-11-01 09:19:07 +0200
committer	Father Chrysostomos <sprout@cpan.org>	2010-11-14 16:52:23 -0800
commit	7e6078c645571643c0a8840234dc94bc4572a5e4 (patch)
tree	0b7effae6787f9ba83033084d10f49291f97aee7 /pp_ctl.c
parent	9733086de353bc33c973e56ef83fcd300a3f9492 (diff)
download	perl-7e6078c645571643c0a8840234dc94bc4572a5e4.tar.gz