diff options
| author | Father Chrysostomos <sprout@cpan.org> | 2013-08-24 18:02:09 -0700 |
|---|---|---|
| committer | Father Chrysostomos <sprout@cpan.org> | 2013-08-25 06:39:28 -0700 |
| commit | e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb (patch) | |
| tree | 4ecc06a52d1ab4fb015da2e28803da335120ab95 /proto.h | |
| parent | e94bb4701fe9ef6ea7467f3fbc456bd68d184ef0 (diff) | |
| download | perl-e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb.tar.gz | |
Use SSize_t for tmps stack offsets
This is a partial fix for #119161.
On 64-bit platforms, I32 is too small to hold offsets into a stack
that can grow larger than I32_MAX. What happens is the offsets can
wrap so we end up referencing and modifying elements with negative
indices, corrupting memory, and causing crashes.
With this commit, ()=1..1000000000000 stops crashing immediately.
Instead, it gobbles up all your memory first, and then, if your com-
puter still survives, crashes. The second crash happesn bcause of
a similar bug with the argument stack, which the next commit will
take care of.
Diffstat (limited to 'proto.h')
| -rw-r--r-- | proto.h | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -3667,6 +3667,11 @@ PERL_CALLCONV void Perl_save_sptr(pTHX_ SV** sptr) #define PERL_ARGS_ASSERT_SAVE_SPTR \ assert(sptr) +PERL_CALLCONV void Perl_save_strlen(pTHX_ STRLEN* ptr) + __attribute__nonnull__(pTHX_1); +#define PERL_ARGS_ASSERT_SAVE_STRLEN \ + assert(ptr) + PERL_CALLCONV SV* Perl_save_svref(pTHX_ SV** sptr) __attribute__nonnull__(pTHX_1); #define PERL_ARGS_ASSERT_SAVE_SVREF \ @@ -4576,7 +4581,7 @@ PERL_CALLCONV OP * Perl_tied_method(pTHX_ SV *methname, SV **sp, SV *const sv, c #define PERL_ARGS_ASSERT_TIED_METHOD \ assert(methname); assert(sp); assert(sv); assert(mg) -PERL_CALLCONV void Perl_tmps_grow(pTHX_ I32 n); +PERL_CALLCONV void Perl_tmps_grow(pTHX_ SSize_t n); /* PERL_CALLCONV UV Perl_to_uni_fold(pTHX_ UV c, U8 *p, STRLEN *lenp) __attribute__nonnull__(pTHX_2) __attribute__nonnull__(pTHX_3); */ |