| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
(cherry picked from commit 15e2c76df78f6d5fe4a20de12c83453c422a36b9)
|
| |
|
| |
|
| |
|
|
|
|
| |
(cherry picked from commit 811612a11efb1ebc131370e8238d3512779354f8)
|
| |
|
| |
|
| |
|
|
|
|
| |
(cherry picked from commit 1f807e151b9979621bcb51f3b884b4daf37b7001)
|
| |
|
| |
|
|
|
|
|
|
|
| |
This checks for and aborts if it find control characters in a supposed
Unicode property name. Code further along could not handle these.
This also fixes #132553 and #132658
|
| |
|
|
|
|
|
|
|
|
| |
encounter a sharp S
This could lead to a buffer overflow.
(cherry picked from commit 190b97e86cd07d984ea2e9f0c844d33cd3399d21)
|
|
|
|
|
|
|
|
|
|
| |
The first patch for 132063 prevented the buffer read overflow when
dumping the warning but didn't fix the underlying problem.
The next change treats the supplied buffer correctly, preventing the
non-UTF-8 SV from being treated as UTF-8, preventing the warning.
(cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f)
|
|
|
|
| |
(cherry picked from commit 7304de2a32efe1324d229724a46efb6c33817208)
|
|
|
|
|
|
|
|
|
|
|
| |
The proximal cause is several instances in regexec.c of the code
assuming that the input was valid UTF-8, whereas the input was too short
for what the start byte claimed it would be.
I grepped through the core for any other similar uses, and did not find
any.
(cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- for the originally reported case, if the start/cur pointer is in the
top 75% of the address space the add (cur) + glen addition would
overflow, resulting in the condition failing incorrectly.
- the addition of the existing space used to the space needed could
overflow, resulting in too small an allocation and a buffer overflow.
- the scaling for UTF8 could overflow.
- the multiply to calculate the space needed for many items could
overflow.
For the first case, do a space calculation without making new pointers.
For the other cases, detect the overflow and croak if there's an
overflow.
Originally this used Size_t_MAX as the maximum size of a memory
allocation, but for -DDEBUGGING builds realloc() throws a panic for
allocations over half the address space in size, changing the error
reported for the allocation.
For non-DEBUGGING builds the Size_t_MAX limit has the small chance
of finding a system that has 3GB of contiguous space available, and
allocating that space, which could be a denial of servce in some cases.
Unfortunately changing the limit to half the address space means that
the exact case with the original issue can no longer occur, so the
test is no longer testing against the address + length issue that
caused the original problem, since the allocation is failing earlier.
One option would be to change the test so the size request by pack is
just under 2GB, but this has a higher (but still low) probability that
the system has the address space available, and will actually try to
allocate the memory, so let's not do that.
(cherry picked from commit f5506feddde8546eabb69d71569d856c7e9c615b)
|
| |
|
|
|
|
| |
(manually cherry picked from commit 27ee818c2aa6c1aa9d6223226f7dcb9e4aea75ae)
|
|
|
|
| |
(manually cherry picked from commit 4f01496f3c1a7adbef81d146f9a09e8700d85ed9)
|
|
|
|
| |
(cherry picked from commit ae5389b2505efdb9b72847eb64757aea68e8da52)
|
|
|
|
| |
(cherry picked from commit f0282de6e1af44f945ea5d4ec9c7cf6469324731)
|
| |
|
|
|
|
| |
(cherry picked from commit 9a40fcb68413c7a6091696885a6f6b34ec8bdf97)
|
|
|
|
| |
(cherry picked from commit 8f6628e3029399ac1e48dfcb59c3cd30e5127c3e)
|
|
|
|
|
|
|
|
| |
readpipe() wasn't applying context to its argument list, resulting in
readpipe()'s context leaking in, and broken stack discipline when a list
expression was used. Fixes [perl #4574].
(cherry picked from commit 397baf232086e0a9ad6f881a9614d3dbaea853fc)
|
|
|
|
| |
(manually cherry picked from commit 9862549e18ce884c834a61a7eeed90e9a10412f8)
|
|
|
|
| |
(cherry picked from commit e60142ac4ee7a9ea05f15c3467311c25d3a80fc6)
|
|
|
|
| |
(cherry picked from commit 987cf6a02ef79898831f1294a6fe97c5884cfa5a)
|
|
|
|
|
| |
(Porting/corelist.pl, plus $VERSION bumps and Changes entry for a tentative
release date which is to coincide with a 5.26.2 release)
|
| |
|
|
|
|
| |
(includes regen/opcode.pl)
|
|
|
|
|
|
| |
Now, 2018 is included.
(cherry picked from commit e84cc8c8c341ace6a1e2f671190dd7be93c1a380)
|
|
|
|
| |
(manually cherry picked from commit 3f4fae50f32e50b0765e1c3cdad0177f585083d5)
|
|
|
|
| |
(cherry picked from commit 48d2ed925f836776d71bf601b08979f75598779d)
|
|
|
|
| |
(manually cherry picked from commit 946b6ed4ec08dfa012129f650bc1259f5ea1dd48)
|
|
|
|
| |
(cherry picked from commit e4b1fb853daf025ccf38412ddd1de212d59ed4da)
|
|
|
|
| |
(manually cherry picked from commit a67b31e34ebefb1016300f9f31538d443eaa2fc6)
|
|
|
|
| |
(manually cherry picked from commit feee2c5b7491677bad66b338eabf2a37c74fdbf5)
|
|
|
|
| |
(manually cherry picked from commit 78425520cae902929c02d73f35289c87c3e33e4c)
|
|
|
|
| |
(manually cherry picked from commit 0b2e8509fb24fb483d20fee843cdf58afae9368e)
|
|
|
|
| |
(manually cherry picked from commit 0ba9031a35e032d8c2c46497a0c7cd1052a5dd97)
|
|
|
|
| |
(manually cherry picked from commit 1967e4078fc58b815297507a9bd9fc1f9bb34f9e)
|
|
|
|
| |
(cherry picked from commit 791e35a526045e7a38c4de447a14509789ed24ac)
|
|
|
|
| |
(cherry picked from commit 2be676a02a4872b3dd21b3ee2303feec66598c3e)
|
|
|
|
| |
(cherry picked from commit b32be96ecb4a22bfe0aec4388a7ca1498b9fb06d)
|
|
|
|
| |
(cherry picked from commit a474ee7c01e23ead818a9a75a96463c93d6a6c88)
|
|
|
|
| |
(cherry picked from commit b508aa38aa3cce188df271c3110e397eecb79b7b)
|