From e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb Mon Sep 17 00:00:00 2001
From: Father Chrysostomos <sprout@cpan.org>
Date: Sat, 24 Aug 2013 18:02:09 -0700
Subject: Use SSize_t for tmps stack offsets

This is a partial fix for #119161.

On 64-bit platforms, I32 is too small to hold offsets into a stack
that can grow larger than I32_MAX.  What happens is the offsets can
wrap so we end up referencing and modifying elements with negative
indices, corrupting memory, and causing crashes.

With this commit, ()=1..1000000000000 stops crashing immediately.
Instead, it gobbles up all your memory first, and then, if your com-
puter still survives, crashes.  The second crash happesn bcause of
a similar bug with the argument stack, which the next commit will
take care of.
---
 proto.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'proto.h')

diff --git a/proto.h b/proto.h
index 48723db258..4d5db7f4f7 100644
--- a/proto.h
+++ b/proto.h
@@ -3667,6 +3667,11 @@ PERL_CALLCONV void	Perl_save_sptr(pTHX_ SV** sptr)
 #define PERL_ARGS_ASSERT_SAVE_SPTR	\
 	assert(sptr)
 
+PERL_CALLCONV void	Perl_save_strlen(pTHX_ STRLEN* ptr)
+			__attribute__nonnull__(pTHX_1);
+#define PERL_ARGS_ASSERT_SAVE_STRLEN	\
+	assert(ptr)
+
 PERL_CALLCONV SV*	Perl_save_svref(pTHX_ SV** sptr)
 			__attribute__nonnull__(pTHX_1);
 #define PERL_ARGS_ASSERT_SAVE_SVREF	\
@@ -4576,7 +4581,7 @@ PERL_CALLCONV OP *	Perl_tied_method(pTHX_ SV *methname, SV **sp, SV *const sv, c
 #define PERL_ARGS_ASSERT_TIED_METHOD	\
 	assert(methname); assert(sp); assert(sv); assert(mg)
 
-PERL_CALLCONV void	Perl_tmps_grow(pTHX_ I32 n);
+PERL_CALLCONV void	Perl_tmps_grow(pTHX_ SSize_t n);
 /* PERL_CALLCONV UV	Perl_to_uni_fold(pTHX_ UV c, U8 *p, STRLEN *lenp)
 			__attribute__nonnull__(pTHX_2)
 			__attribute__nonnull__(pTHX_3); */
-- 
cgit v1.2.1