[perl #132063]: Heap buffer overflow

The proximal cause is several instances in regexec.c of the code assuming that the input was valid UTF-8, whereas the input was too short for what the start byte claimed it would be. I grepped through the core for any other similar uses, and did not find any. (cherry picked from commit 9a55d25bcb19abb556c14717b222dc81776d0166)
author: Karl Williamson <khw@cpan.org> 2018-02-06 14:50:48 -0700
committer: Steve Hay <steve.m.hay@googlemail.com> 2018-03-23 19:36:22 +0000
commit: 8e6f44c90c7fa1f63c19a44c45482b09a407e15b (patch)
tree: 0f3d8170d96dc554824af58ca5165cc3817bda50 /t
parent: 0fcf83230df5f8c52602ae22fde57c7ea885534d (diff)
download: perl-8e6f44c90c7fa1f63c19a44c45482b09a407e15b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
index 900dd6ee7f..6635142dea 100644
--- a/t/lib/warnings/regexec
+++ b/t/lib/warnings/regexec
@@ -260,3 +260,10 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
 "k" =~ /(?[ \N{KELVIN SIGN} ])/i;
 ":" =~ /(?[ \: ])/;
 EXPECT
+########
+# NAME perl #132063, read beyond buffer end
+# OPTION fatal
+"\xff" =~ /(?il)\x{100}|\x{100}/;
+EXPECT
+Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
+Malformed UTF-8 character (fatal) at - line 2.
author	Karl Williamson <khw@cpan.org>	2018-02-06 14:50:48 -0700
committer	Steve Hay <steve.m.hay@googlemail.com>	2018-03-23 19:36:22 +0000
commit	8e6f44c90c7fa1f63c19a44c45482b09a407e15b (patch)
tree	0f3d8170d96dc554824af58ca5165cc3817bda50 /t
parent	0fcf83230df5f8c52602ae22fde57c7ea885534d (diff)
download	perl-8e6f44c90c7fa1f63c19a44c45482b09a407e15b.tar.gz