diff options
| author | Jarkko Hietaniemi <jhi@iki.fi> | 2014-04-21 21:43:12 -0400 |
|---|---|---|
| committer | Tony Cook <tony@develop-help.com> | 2014-04-30 09:58:53 +1000 |
| commit | adc2d0c9de764f1cb892860df8ecc93dc8909b39 (patch) | |
| tree | ecfc5cba6fc7d278683dd9d8d8cd2b6970a44471 /regen | |
| parent | 2a600bb8f7c0d6b36cb37c899b6c9e82537ec394 (diff) | |
| download | perl-adc2d0c9de764f1cb892860df8ecc93dc8909b39.tar.gz | |
Fix for Coverity perl5 CID 29034: Out-of-bounds read (OVERRUN) overrun-local: Overrunning array PL_reg_intflags name of 14 8-byte elements at element index 31 (byte offset 248) using index bit (which evaluates to 31).
Needed compile-time limits for the PL_reg_intflags_name so that the
bit loop doesn't waltz off past the array. Could not use C_ARRAY_LENGTH
because the size of name array is not visible during compile time
(only const char*[] is), so modified regcomp.pl to generate the size,
made it visible only under DEBUGGING. Did extflags analogously
even though its size currently exactly 32 already. The sizeof(flags)*8
is extra paranoia for ILP64.
Diffstat (limited to 'regen')
| -rw-r--r-- | regen/regcomp.pl | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/regen/regcomp.pl b/regen/regcomp.pl index 4a8b9d52ab..2b6d9641c2 100644 --- a/regen/regcomp.pl +++ b/regen/regcomp.pl @@ -261,6 +261,7 @@ my %rxfv; my %definitions; # Remember what the symbol definitions are my $val = 0; my %reverse; +my $REG_EXTFLAGS_NAME_SIZE = 0; foreach my $file ("op_reg_common.h", "regexp.h") { open FH,"<$file" or die "Can't read $file: $!"; while (<FH>) { @@ -332,6 +333,7 @@ for (0..31) { s/\bRXf_(PMf_)?// for $n, $extra; printf $out qq(\t%-20s/* 0x%08x%s */\n), qq("$n",),$power_of_2, $extra; + $REG_EXTFLAGS_NAME_SIZE++; } print $out <<EOP; @@ -339,6 +341,12 @@ print $out <<EOP; #endif /* DOINIT */ EOP +print $out <<EOQ +#ifdef DEBUGGING +# define REG_EXTFLAGS_NAME_SIZE $REG_EXTFLAGS_NAME_SIZE +#endif + +EOQ } { print $out <<EOP; @@ -354,6 +362,7 @@ my %rxfv; my %definitions; # Remember what the symbol definitions are my $val = 0; my %reverse; +my $REG_INTFLAGS_NAME_SIZE = 0; foreach my $file ("regcomp.h") { open my $fh, "<", $file or die "Can't read $file: $!"; while (<$fh>) { @@ -369,6 +378,7 @@ foreach my $file ("regcomp.h") { $comment= $comment ? " - $comment" : ""; printf $out qq(\t%-30s/* 0x%08x - %s%s */\n), qq("$abbr",), $val, $define, $comment; + $REG_INTFLAGS_NAME_SIZE++; } } } @@ -378,8 +388,13 @@ print $out <<EOP; #endif /* DOINIT */ EOP -} +print $out <<EOQ; +#ifdef DEBUGGING +# define REG_INTFLAGS_NAME_SIZE $REG_INTFLAGS_NAME_SIZE +#endif +EOQ +} print $out process_flags('V', 'varies', <<'EOC'); /* The following have no fixed length. U8 so we can do strchr() on it. */ |