diff options
author | Jarkko Hietaniemi <jhi@iki.fi> | 2014-04-21 18:15:58 -0400 |
---|---|---|
committer | Tony Cook <tony@develop-help.com> | 2014-04-30 09:58:53 +1000 |
commit | 53673d98756218ddd125311548c0f73c714722f7 (patch) | |
tree | c35400204c6b7caf015692539f3c3d03a78a593a /regcomp.c | |
parent | 608fe6e2ff595fc26cd6115e2040cb51154c6e45 (diff) | |
download | perl-53673d98756218ddd125311548c0f73c714722f7.tar.gz |
Fix for Coverity perl5 CID 29032: Out-of-bounds read (OVERRUN) overrun-local: Overrunning array anyofs of 34 8-byte elements at element index 34 (byte offset 272) using index index (which evaluates to 34).
Off-by-one error: because the test "index > number of elements"
should have used ">=", the anyofs[] could have been accessed one
past the end. Use the C_ARRAY_LENGTH since we have it.
I think regprop is only used by -Mre=debug.
Diffstat (limited to 'regcomp.c')
-rw-r--r-- | regcomp.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -15831,10 +15831,7 @@ Perl_regprop(pTHX_ const regexp *prog, SV *sv, const regnode *o, const regmatch_ } else if (k == POSIXD || k == NPOSIXD) { U8 index = FLAGS(o) * 2; - if (index > (sizeof(anyofs) / sizeof(anyofs[0]))) { - Perl_sv_catpvf(aTHX_ sv, "[illegal type=%d])", index); - } - else { + if (index < C_ARRAY_LENGTH(anyofs)) { if (*anyofs[index] != '[') { sv_catpv(sv, "["); } @@ -15843,6 +15840,9 @@ Perl_regprop(pTHX_ const regexp *prog, SV *sv, const regnode *o, const regmatch_ sv_catpv(sv, "]"); } } + else { + Perl_sv_catpvf(aTHX_ sv, "[illegal type=%d])", index); + } } else if (k == BRANCHJ && (OP(o) == UNLESSM || OP(o) == IFMATCH)) Perl_sv_catpvf(aTHX_ sv, "[%d]", -(o->flags)); |