From 4aada8b9eda25f3f024283c0c27c1424b5ba40ff Mon Sep 17 00:00:00 2001 From: Karl Williamson Date: Sat, 7 Dec 2019 13:47:05 -0700 Subject: Add memCHRs() macro and use it This replaces strchr("list", c) calls throughout the core. They don't work properly when 'c' is a NUL, returning the position of the terminating NUL in "list" instead of failure. This could lead to segfaults or even security issues. --- pp_pack.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pp_pack.c') diff --git a/pp_pack.c b/pp_pack.c index 33cb086db2..6479398380 100644 --- a/pp_pack.c +++ b/pp_pack.c @@ -1779,9 +1779,9 @@ S_unpack_rec(pTHX_ tempsym_t* symptr, const char *s, const char *strbeg, const c } /* End of switch */ if (checksum) { - if (strchr("fFdD", TYPE_NO_MODIFIERS(datumtype)) || + if (memCHRs("fFdD", TYPE_NO_MODIFIERS(datumtype)) || (checksum > bits_in_uv && - strchr("cCsSiIlLnNUWvVqQjJ", TYPE_NO_MODIFIERS(datumtype))) ) { + memCHRs("cCsSiIlLnNUWvVqQjJ", TYPE_NO_MODIFIERS(datumtype))) ) { NV trouble, anv; anv = (NV) (1 << (checksum & 15)); @@ -2135,7 +2135,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist ) switch (howlen) { case e_star: - len = strchr("@Xxu", TYPE_NO_MODIFIERS(datumtype)) ? + len = memCHRs("@Xxu", TYPE_NO_MODIFIERS(datumtype)) ? 0 : items; break; default: @@ -2160,7 +2160,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist ) if (symptr->flags & FLAG_SLASH) { IV count; if (!found) Perl_croak(aTHX_ "Code missing after '/' in pack"); - if (strchr("aAZ", lookahead.code)) { + if (memCHRs("aAZ", lookahead.code)) { if (lookahead.howlen == e_number) count = lookahead.length; else { if (items > 0) { -- cgit v1.2.1