diff options
| author | Father Chrysostomos <sprout@cpan.org> | 2014-12-23 20:12:06 -0800 |
|---|---|---|
| committer | Father Chrysostomos <sprout@cpan.org> | 2014-12-23 20:13:11 -0800 |
| commit | 3c6ef0a5332fe51f7e409d17fce0788646ee5bf6 (patch) | |
| tree | aef0d1875f1be7015d2d5da1d5828e23aed44f7f /pp_hot.c | |
| parent | 4bba85d0fdb428e77c7a589a992b892d7999bb33 (diff) | |
| download | perl-3c6ef0a5332fe51f7e409d17fce0788646ee5bf6.tar.gz | |
[perl #103260] Fix s/// with long strings
This is also the subject of perl #123071.
The iteration count was stored in an I32 and was overflowing. If the
maximum number of iterations possible overflowed, then it would become
negative, and the substitution would fail immediately with ‘Substitu-
tion loop’.
I tried fixing this without increasing the size of the context
stack entries on 64-bit builds (by skipping the loop check for long
strings), but was unable to, because we have to return the number of
iterations, which was also stored as I32. If we change just that one
to SSize_t, we get an I32-sized alignment hole, so we might as well
make maxiters a SSize_t as well, fixing the bug that way (the more
straightforward way).
Diffstat (limited to 'pp_hot.c')
| -rw-r--r-- | pp_hot.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -2514,8 +2514,8 @@ PP(pp_subst) char *strend; const char *c; STRLEN clen; - I32 iters = 0; - I32 maxiters; + SSize_t iters = 0; + SSize_t maxiters; bool once; U8 rxtainted = 0; /* holds various SUBST_TAINT_* flag bits. See "how taint works" above */ @@ -2739,7 +2739,7 @@ PP(pp_subst) Move(s, d, i+1, char); /* include the NUL */ } SPAGAIN; - mPUSHi((I32)iters); + mPUSHi(iters); } } else { @@ -2851,7 +2851,7 @@ PP(pp_subst) SvPV_set(dstr, NULL); SPAGAIN; - mPUSHi((I32)iters); + mPUSHi(iters); } } |