diff options
| author | Tony Cook <tony@develop-help.com> | 2014-04-08 11:12:38 +1000 |
|---|---|---|
| committer | Tony Cook <tony@develop-help.com> | 2014-04-14 08:56:37 +1000 |
| commit | 78beb4ca6d139a7188817b2d3f61702d5cfd5365 (patch) | |
| tree | 96406bfb8f4f8f9a022b94b7a9b2be1eb6225d31 /pp_ctl.c | |
| parent | 78269f095bc831a3ca7c226f93a5bba93565dfad (diff) | |
| download | perl-78beb4ca6d139a7188817b2d3f61702d5cfd5365.tar.gz | |
[perl #120998] avoid caller() crashing on eval '' stack frames
Starting from v5.17.3-150-g19bcb54e caller() on an eval frame would
end up calling Perl_sv_grow() with newlen = 0xFFFFFFFF on 32-bit
systems.
This eventually started segfaulting with v5.19.0-442-gcbcb2a1 which
added code to round up allocations to the nearest 0x100, setting
newlen to 0, faulting when sv_setpvn() attempted to copy its source
string into the zero space provided.
Diffstat (limited to 'pp_ctl.c')
| -rw-r--r-- | pp_ctl.c | 13 |
1 files changed, 10 insertions, 3 deletions
@@ -1847,9 +1847,16 @@ PP(pp_caller) if (CxTYPE(cx) == CXt_EVAL) { /* eval STRING */ if (CxOLD_OP_TYPE(cx) == OP_ENTEREVAL) { - PUSHs(newSVpvn_flags(SvPVX(cx->blk_eval.cur_text), - SvCUR(cx->blk_eval.cur_text)-2, - SvUTF8(cx->blk_eval.cur_text)|SVs_TEMP)); + SV *cur_text = cx->blk_eval.cur_text; + if (SvCUR(cur_text) >= 2) { + PUSHs(newSVpvn_flags(SvPVX(cur_text), SvCUR(cur_text)-2, + SvUTF8(cur_text)|SVs_TEMP)); + } + else { + /* I think this is will always be "", but be sure */ + PUSHs(sv_2mortal(newSVsv(cur_text))); + } + PUSHs(&PL_sv_no); } /* require */ |