Re: static buffer in not_a_number() [sv.c] might overflow

p5p-msgid: <hbu9uz1si.fsf@bergen.sn.no>
author: Gisle Aas <aas@bergen.sn.no> 1997-02-09 11:55:41 +0100
committer: Chip Salzenberg <chip@atlantic.net> 1997-02-11 07:29:00 +1200
commit: dc28f22bb2b1060caded9429d0b1ed07e8890332 (patch)
tree: d4e8ffd83fb49cb531b51f09bdb7f5bf47ee52a8 /sv.c
parent: 47109bfb6ec14235ab32462f69f32cdab1822cee (diff)
download: perl-dc28f22bb2b1060caded9429d0b1ed07e8890332.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/sv.c b/sv.c
index 5adbe8a4b7..528afd988c 100644
--- a/sv.c
+++ b/sv.c
@@ -1195,9 +1195,11 @@ SV *sv;
     char tmpbuf[64];
     char *d = tmpbuf;
     char *s;
-    int i;
+    char *limit = tmpbuf + sizeof(tmpbuf) - 8;
+                  /* each *s can expand to 4 chars + "...\0",
+                     i.e. need room for 8 chars */
 
-    for (s = SvPVX(sv), i = 50; *s && i; s++,i--) {
+    for (s = SvPVX(sv); *s && d < limit; s++) {
 	int ch = *s & 0xFF;
 	if (ch & 128 && !isPRINT_LC(ch)) {
 	    *d++ = 'M';
author	Gisle Aas <aas@bergen.sn.no>	1997-02-09 11:55:41 +0100
committer	Chip Salzenberg <chip@atlantic.net>	1997-02-11 07:29:00 +1200
commit	dc28f22bb2b1060caded9429d0b1ed07e8890332 (patch)
tree	d4e8ffd83fb49cb531b51f09bdb7f5bf47ee52a8 /sv.c
parent	47109bfb6ec14235ab32462f69f32cdab1822cee (diff)
download	perl-dc28f22bb2b1060caded9429d0b1ed07e8890332.tar.gz