Off-by-one in PL_fold_locale use.

Fix for Coverity perl5 CID 29033: Out-of-bounds read (OVERRUN) overrun-local: Overrunning array PL_fold_locale of 256 bytes at byte offset 256 using index c1 (which evaluates to 256). - the "c1 > 256" was off-by-one, it needed to be "c1 > 255", it could have caused the PL_fold_locale to be accessed one past the end, at offset 256, but we have dodged the bullet thanks to the regex engine optimizing the bad case away before we hit it (analysis by Karl Williamson): regexec.c - comment fixes (pointed out by Karl Williamson): regexec.c - add tests to nail down the behaviour of fold matching for the last of Latin-1 (0xFF, lowercase which curiously does not have uppercase within Latin-1). and the first pure Unicode: t/re/pat.t
author: Jarkko Hietaniemi <jhi@iki.fi> 2014-05-07 09:19:00 -0400
committer: Steffen Mueller <smueller@cpan.org> 2014-05-28 15:20:53 +0200
commit: e8ea8356d847d9e52f20d12b33fbd589beced868 (patch)
tree: e20fa94039e44e547c6f85f8ae73aea9070a383a /regexec.c
parent: 3f49e765225af085951605f8b1c60eadd98ef39f (diff)
download: perl-e8ea8356d847d9e52f20d12b33fbd589beced868.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/regexec.c b/regexec.c
index 362390bd66..7d6827aa81 100644
--- a/regexec.c
+++ b/regexec.c
@@ -3695,7 +3695,7 @@ S_setup_EXACTISH_ST_c1_c2(pTHX_ const regnode * const text_node, int *c1p,
         }
         else { /* an EXACTFish node which doesn't begin with a multi-char fold */
             c1 = is_utf8_pat ? valid_utf8_to_uvchr(pat, NULL) : *pat;
-            if (c1 > 256) {
+            if (c1 > 255) {
                 /* Load the folds hash, if not already done */
                 SV** listp;
                 if (! PL_utf8_foldclosures) {
@@ -3748,10 +3748,10 @@ S_setup_EXACTISH_ST_c1_c2(pTHX_ const regnode * const text_node, int *c1p,
                         /* Folds that cross the 255/256 boundary are forbidden
                          * if EXACTFL (and isnt a UTF8 locale), or EXACTFA and
                          * one is ASCIII.  Since the pattern character is above
-                         * 256, and its only other match is below 256, the only
+                         * 255, and its only other match is below 256, the only
                          * legal match will be to itself.  We have thrown away
                          * the original, so have to compute which is the one
-                         * above 255 */
+                         * above 255. */
                         if ((c1 < 256) != (c2 < 256)) {
                             if ((OP(text_node) == EXACTFL
                                  && ! IN_UTF8_CTYPE_LOCALE)
@@ -3770,7 +3770,7 @@ S_setup_EXACTISH_ST_c1_c2(pTHX_ const regnode * const text_node, int *c1p,
                     }
                 }
             }
-            else /* Here, c1 is < 255 */
+            else /* Here, c1 is <= 255 */
                 if (utf8_target
                     && HAS_NONLATIN1_FOLD_CLOSURE(c1)
                     && ( ! (OP(text_node) == EXACTFL && ! IN_UTF8_CTYPE_LOCALE))
author	Jarkko Hietaniemi <jhi@iki.fi>	2014-05-07 09:19:00 -0400
committer	Steffen Mueller <smueller@cpan.org>	2014-05-28 15:20:53 +0200
commit	e8ea8356d847d9e52f20d12b33fbd589beced868 (patch)
tree	e20fa94039e44e547c6f85f8ae73aea9070a383a /regexec.c
parent	3f49e765225af085951605f8b1c60eadd98ef39f (diff)
download	perl-e8ea8356d847d9e52f20d12b33fbd589beced868.tar.gz