diff options
author | Karl Williamson <khw@cpan.org> | 2018-02-06 14:50:48 -0700 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2018-03-23 19:36:22 +0000 |
commit | 8e6f44c90c7fa1f63c19a44c45482b09a407e15b (patch) | |
tree | 0f3d8170d96dc554824af58ca5165cc3817bda50 /t | |
parent | 0fcf83230df5f8c52602ae22fde57c7ea885534d (diff) | |
download | perl-8e6f44c90c7fa1f63c19a44c45482b09a407e15b.tar.gz |
[perl #132063]: Heap buffer overflow
The proximal cause is several instances in regexec.c of the code
assuming that the input was valid UTF-8, whereas the input was too short
for what the start byte claimed it would be.
I grepped through the core for any other similar uses, and did not find
any.
(cherry picked from commit 9a55d25bcb19abb556c14717b222dc81776d0166)
Diffstat (limited to 't')
-rw-r--r-- | t/lib/warnings/regexec | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec index 900dd6ee7f..6635142dea 100644 --- a/t/lib/warnings/regexec +++ b/t/lib/warnings/regexec @@ -260,3 +260,10 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale); "k" =~ /(?[ \N{KELVIN SIGN} ])/i; ":" =~ /(?[ \: ])/; EXPECT +######## +# NAME perl #132063, read beyond buffer end +# OPTION fatal +"\xff" =~ /(?il)\x{100}|\x{100}/; +EXPECT +Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2. +Malformed UTF-8 character (fatal) at - line 2. |