blob: 40437f38ca4cf1f7b0902799afc3c962e4cb3075 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
Upstream-Status:Inappropriate [debian patch]
From: Niko Tyni <ntyni@debian.org>
Subject: Fix stack pointer corruption in pp_concat() with 'use encoding'
Bug-Debian: http://bugs.debian.org/596105
Bug: http://rt.perl.org/rt3/Ticket/Display.html?id=78674
Origin: upstream, http://perl5.git.perl.org/perl.git/commit/e3393f51d48d8b790e26324eb0336fac9689fa46
If the stack is reallocated during pp_concat() and 'use encoding' in
effect, the stack pointer gets corrupted, causing memory allocation bugs
and the like.
---
pp_hot.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/pp_hot.c b/pp_hot.c
index ee699ef..c5ed14e 100644
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -271,6 +271,8 @@ PP(pp_concat)
rbyte = !DO_UTF8(right);
}
if (lbyte != rbyte) {
+ /* sv_utf8_upgrade_nomg() may reallocate the stack */
+ PUTBACK;
if (lbyte)
sv_utf8_upgrade_nomg(TARG);
else {
@@ -279,6 +281,7 @@ PP(pp_concat)
sv_utf8_upgrade_nomg(right);
rpv = SvPV_const(right, rlen);
}
+ SPAGAIN;
}
sv_catpvn_nomg(TARG, rpv, rlen);
--
tg: (a508b62..) fixes/concat-stack-corruption (depends on: upstream)
|