diff options
author | Hugo van der Sanden <hv@crypt.org> | 2022-04-19 19:06:10 +0100 |
---|---|---|
committer | Karl Williamson <khw@cpan.org> | 2022-05-28 13:02:24 -0600 |
commit | f24623d674e0b493bbafe0d87eb3e5d047815a63 (patch) | |
tree | 84ac14a4030a30ec7e4b07747bbda14ac839cd5b /pp_pack.c | |
parent | dae8ab819b9ffd6d540355efffacf225aff00a0f (diff) | |
download | perl-f24623d674e0b493bbafe0d87eb3e5d047815a63.tar.gz |
GH16319: avoid recursion parsing 'pack' template
A template with many open brackets or open parentheses could
overflow the stack, modify the parsing loop to avoid that.
Diffstat (limited to 'pp_pack.c')
-rw-r--r-- | pp_pack.c | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -541,22 +541,24 @@ STATIC const char * S_group_end(pTHX_ const char *patptr, const char *patend, char ender) { PERL_ARGS_ASSERT_GROUP_END; + Size_t opened = 0; /* number of pending opened brackets */ while (patptr < patend) { const char c = *patptr++; - if (isSPACE(c)) - continue; - else if (c == ender) + if (opened == 0 && c == ender) return patptr-1; else if (c == '#') { while (patptr < patend && *patptr != '\n') patptr++; continue; - } else if (c == '(') - patptr = group_end(patptr, patend, ')') + 1; - else if (c == '[') - patptr = group_end(patptr, patend, ']') + 1; + } else if (c == '(' || c == '[') + ++opened; + else if (c == ')' || c == ']') { + if (opened == 0) + Perl_croak(aTHX_ "Mismatched brackets in template"); + --opened; + } } Perl_croak(aTHX_ "No group ending character '%c' found in template", ender); |