(perl #131836) avoid a use-after-free after parsing a "sub" keyword

The: d = skipspace(d); can reallocate linestr in the test case, invalidating s. This would end up in PL_bufptr from the embedded (PL_bufptr = s) in the TOKEN() macro. Assigning s to PL_bufptr and restoring s from PL_bufptr allows lex_next_chunk() to adjust the pointer to the reallocated buffer.
author: Tony Cook <tony@develop-help.com> 2017-08-07 11:27:50 +1000
committer: Tony Cook <tony@develop-help.com> 2017-08-28 16:05:47 +1000
commit: 3b8804a4c2320ae4e7e713c5836d340eb210b6cd (patch)
tree: fa0811bdc2ba2b27f4340bfbcca8d56d019a050b /t/comp
parent: 43272d222fe12f33c708d42b2a71af36cc92e4bd (diff)
download: perl-3b8804a4c2320ae4e7e713c5836d340eb210b6cd.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/t/comp/parser_run.t b/t/comp/parser_run.t
index 0fca5b2800..a2cc27d3fb 100644
--- a/t/comp/parser_run.t
+++ b/t/comp/parser_run.t
@@ -10,7 +10,7 @@ BEGIN {
 }
 
 require './test.pl';
-plan(2);
+plan(3);
 
 # [perl #130814] can reallocate lineptr while looking ahead for
 # "Missing $ on loop variable" diagnostic.
@@ -31,5 +31,13 @@ EOS
 Unrecognized character \xD5; marked by <-- HERE after ${ <-- HERE near column 4 at - line 1.
 EXPECT
 
+fresh_perl_is(<<'EOS', <<'EXPECTED', {}, "use after free (#131836)");
+${sub#xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+EOS
+Missing right curly or square bracket at - line 1, at end of line
+syntax error at - line 1, at EOF
+Execution of - aborted due to compilation errors.
+EXPECTED
+
 __END__
 # ex: set ts=8 sts=4 sw=4 et:
author	Tony Cook <tony@develop-help.com>	2017-08-07 11:27:50 +1000
committer	Tony Cook <tony@develop-help.com>	2017-08-28 16:05:47 +1000
commit	3b8804a4c2320ae4e7e713c5836d340eb210b6cd (patch)
tree	fa0811bdc2ba2b27f4340bfbcca8d56d019a050b /t/comp
parent	43272d222fe12f33c708d42b2a71af36cc92e4bd (diff)
download	perl-3b8804a4c2320ae4e7e713c5836d340eb210b6cd.tar.gz