diff options
| author | Father Chrysostomos <sprout@cpan.org> | 2013-10-28 21:59:14 -0700 |
|---|---|---|
| committer | Father Chrysostomos <sprout@cpan.org> | 2013-12-21 18:09:54 -0800 |
| commit | c1cec775e9019cc8ae244d4db239a7ea5c0b343e (patch) | |
| tree | f2c2393343552b8a6e74bce1257e8770413d1839 /pp_ctl.c | |
| parent | bb02e0c10a57ab28b9ec6ca218c7aa6aac53a90c (diff) | |
| download | perl-c1cec775e9019cc8ae244d4db239a7ea5c0b343e.tar.gz | |
[perl #119801] Stop @DB::dbline modifications from crashing
The cop address for each breakable line was being stored in the IVX
slot of ${"_<$file"}[$line]. This value itself, writable from Perl
space, was being used as the address of the op to be flagged, whenever
a breakpoint was set.
This meant writing to ${"_<$file"}[$line] and assigning a number (like
42) would cause perl to use 42 as an op address, and crash when trying
to flag the op.
Furthermore, since the array holding the lines could outlive the ops,
setting a breakpoint on the op could write to freed memory or to an
unrelated op (even a different type), potentially changing the beha-
viour of unrelated code.
This commit solves those pitfalls by moving breakpoints into a global
breakpoint bitfield. Dbstate ops now have an extra field on the end
holding a sequence number, representing which bit holds the breakpoint
for that op.
Diffstat (limited to 'pp_ctl.c')
| -rw-r--r-- | pp_ctl.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1929,6 +1929,7 @@ PP(pp_reset) PP(pp_dbstate) { dVAR; + size_t const seq = ((struct dbop *)PL_op)->dbop_seq; PL_curcop = (COP*)PL_op; TAINT_NOT; /* Each statement is presumed innocent */ PL_stack_sp = PL_stack_base + cxstack[cxstack_ix].blk_oldsp; @@ -1936,7 +1937,8 @@ PP(pp_dbstate) PERL_ASYNC_CHECK(); - if (PL_op->op_flags & OPf_SPECIAL /* breakpoint */ + assert(seq+8/8 <= PL_breakpointslen); + if (PL_breakpoints[seq/8] & 1 << seq%8 || SvIV(PL_DBsingle) || SvIV(PL_DBsignal) || SvIV(PL_DBtrace)) { dSP; |