From f24623d674e0b493bbafe0d87eb3e5d047815a63 Mon Sep 17 00:00:00 2001 From: Hugo van der Sanden Date: Tue, 19 Apr 2022 19:06:10 +0100 Subject: GH16319: avoid recursion parsing 'pack' template A template with many open brackets or open parentheses could overflow the stack, modify the parsing loop to avoid that. --- pp_pack.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'pp_pack.c') diff --git a/pp_pack.c b/pp_pack.c index 41f72b798f..4241338d09 100644 --- a/pp_pack.c +++ b/pp_pack.c @@ -541,22 +541,24 @@ STATIC const char * S_group_end(pTHX_ const char *patptr, const char *patend, char ender) { PERL_ARGS_ASSERT_GROUP_END; + Size_t opened = 0; /* number of pending opened brackets */ while (patptr < patend) { const char c = *patptr++; - if (isSPACE(c)) - continue; - else if (c == ender) + if (opened == 0 && c == ender) return patptr-1; else if (c == '#') { while (patptr < patend && *patptr != '\n') patptr++; continue; - } else if (c == '(') - patptr = group_end(patptr, patend, ')') + 1; - else if (c == '[') - patptr = group_end(patptr, patend, ']') + 1; + } else if (c == '(' || c == '[') + ++opened; + else if (c == ')' || c == ']') { + if (opened == 0) + Perl_croak(aTHX_ "Mismatched brackets in template"); + --opened; + } } Perl_croak(aTHX_ "No group ending character '%c' found in template", ender); -- cgit v1.2.1