diff options
| -rw-r--r-- | regexec.c | 17 | ||||
| -rw-r--r-- | t/re/re_tests | 1 |
2 files changed, 14 insertions, 4 deletions
@@ -907,19 +907,28 @@ Perl_re_intuit_start(pTHX_ && prog->intflags & PREGf_ANCH && prog->check_offset_max != SSize_t_MAX) { - SSize_t len = SvCUR(check) - !!SvTAIL(check); + SSize_t check_len = SvCUR(check) - !!SvTAIL(check); const char * const anchor = (prog->intflags & PREGf_ANCH_GPOS ? strpos : strbeg); + SSize_t targ_len = (char*)end_point - anchor; + + if (check_len > targ_len) { + DEBUG_EXECUTE_r(Perl_re_printf( aTHX_ + "Anchored string too short...\n")); + goto fail_finish; + } /* do a bytes rather than chars comparison. It's conservative; * so it skips doing the HOP if the result can't possibly end * up earlier than the old value of end_point. */ - if ((char*)end_point - anchor > prog->check_offset_max) { + assert(anchor + check_len <= (char *)end_point); + if (prog->check_offset_max + check_len < targ_len) { end_point = HOP3lim((U8*)anchor, prog->check_offset_max, - end_point -len) - + len; + end_point - check_len + ) + + check_len; } } diff --git a/t/re/re_tests b/t/re/re_tests index 0bd9b5541f..9dff78c928 100644 --- a/t/re/re_tests +++ b/t/re/re_tests @@ -1984,6 +1984,7 @@ AB\s+\x{100} AB \x{100}X y - - /(?x)[a b]/xx \N{SPACE} yS $& # Note a space char here /(?xx)[a b]/x \N{SPACE} n - - /(?-x:[a b])/xx \N{SPACE} yS $& # Note a space char here +^a?bcd\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff ABCDEFGHIJKLMNOPQRSTUVWXYZ n - - # [perl #132187] for valgrind's benefit # Keep these lines at the end of the file # vim: softtabstop=0 noexpandtab |