From 0b97d15690d19a1fee0c903da7f5898764d8f15e Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Tue, 19 Mar 2019 12:37:04 -0600
Subject: PATCH: [perl #133937] Assertion failure

This recently added assertion actually caught an error, which is a
potential read beyond end of buffer.  This doesn't actually happen in
this case because this is a regular expression pattern, and the toker
makes sure there is a trailing NUL (that isn't counted).

The solution is to check the bounds before reading.
---
 dquote.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'dquote.c')

diff --git a/dquote.c b/dquote.c
index bed6624e51..bf5cf902a2 100644
--- a/dquote.c
+++ b/dquote.c
@@ -210,8 +210,21 @@ Perl_grok_bslash_x(pTHX_ char **s, const char * const send, UV *uv,
 
     assert(*(*s - 1) == '\\');
     assert(* *s      == 'x');
+
     (*s)++;
 
+    if (send <= *s) {
+        if (strict) {
+            *error_msg = "Empty \\x";
+            return FALSE;
+        }
+
+        /* Sadly, to preserve backcompat, an empty \x at the end of string is
+         * interpreted as a NUL */
+        *uv = 0;
+        return TRUE;
+    }
+
     if (strict || ! output_warning) {
         flags |= PERL_SCAN_SILENT_ILLDIGIT;
     }
-- 
cgit v1.2.1