From eabab8bccf871f8e85dfa4a3825827825fb86cd9 Mon Sep 17 00:00:00 2001 From: Father Chrysostomos Date: Wed, 4 Feb 2015 21:30:36 -0800 Subject: Localise PL_lex_stuff (crash fix) This fixes crashes and assertion failures related to ticket #123617. When the lexer encounters a quote-like operator, it scans for the final delimiter, putting the string in PL_lex_stuff and the replace- ment, if any, in PL_sublex_info.repl. Those are just temporary spots for those values. As soon as the next token is emitted (FUNC or PMFUNC), the values are copied to PL_linestr and PL_lex_repl, respec- tively, after these latter have been localised. When scan_str (which scans a quote-like op) sees that PL_lex_stuff is already set, it assumes that it is now parsing a replacement, so it puts the result in PL_sublex_info.repl. The FUNC or PMFUNC token for a quote-like operator may trigger a syn- tax error while PL_lex_stuff and PL_sublex_info.repl are still set. A syntax error can cause scopes to be popped, discarding the inner lex- ing scope (for the quote op) that we were about to enter, but leaving a PL_lex_stuff value behind. If another quote-like op is parsed after that, scan_str will assume it is parsing a replacement since PL_lex_stuff is set. So you can end up with a replacement for an op of type OP_MATCH, which is not supposed to happen. S_sublex_done fails an assertion in that case. Some exam- ples of this bug crash later on non-debugging builds. Localising PL_lex_stuff fixes the problem. --- t/base/lex.t | 3 +++ 1 file changed, 3 insertions(+) (limited to 't/base') diff --git a/t/base/lex.t b/t/base/lex.t index f93816855c..66db28b0ae 100644 --- a/t/base/lex.t +++ b/t/base/lex.t @@ -485,3 +485,6 @@ print "ok $test - map{sub :lvalue...}\n"; $test++; # Used to crash [perl #123711] 0-5x-l{0}; + +# Used to fail an assertion [perl #123617] +eval '"$a{ 1 m// }"; //'; -- cgit v1.2.1