Stop calling sv_usepvn_flags from sv_sethek

sv_usepvn_flags assumes that ptr is at the head of a block
of memory allocated by malloc.  If perl's malloc is in use,
the data structures malloc uses and the data allocated for
perl are intermixed, and accounting done by malloced_size
in sv_usepvn_flags will overwrite valid memory if its called
on an address that is not the start of a malloced block.

The actual work being accomplished by sv_usepvn_flags, and
not undone immediately after by sv_sethek, is limited to 3 calls
on the SV.  Inlining those calls removes the dependency on malloc.

This fixes perl #104034.

1 files changed, 7 insertions, 1 deletions

diff --git a/sv.c b/sv.c
index ee64e1fe7d..a2df6f5811 100644
--- a/sv.c
+++ b/sv.c
@@ -4583,8 +4583,14 @@ Perl_sv_sethek(pTHX_ register SV *const sv, const HEK *const hek)
             return;
 	}
         {
+	    /* Emulate what sv_usepvn_flags does; it can't be called
+	       directly, because it assumes that the data for the PV is at the
+	       start of a malloced block */
+	    SV_CHECK_THINKFIRST_COW_DROP(sv);
 	    SvUPGRADE(sv, SVt_PV);
-	    sv_usepvn_flags(sv, (char *)HEK_KEY(share_hek_hek(hek)), HEK_LEN(hek), SV_HAS_TRAILING_NUL);
+	    SvPV_set(sv,(char *)HEK_KEY(share_hek_hek(hek)));
+	    SvTAINT(sv);
+	    SvCUR_set(sv, HEK_LEN(hek));
 	    SvLEN_set(sv, 0);
 	    SvREADONLY_on(sv);
 	    SvFAKE_on(sv);