New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in token.c:S_scan_formline() #16125
Comments
From imdb95@gmail.comHello, **********Build Date & Hardware********** This is perl 5, version 27, subversion 4 (v5.27.4 Copyright 1987-2017, Larry Wall Perl may be copied only under the terms of either the Artistic License or the Complete documentation for Perl, including FAQ lists, should be found on OS: Ubuntu 16.04 Desktop Compilation: **********Reproduce**********
|
From imdb95@gmail.comGreetings, On Thu, Aug 24, 2017 at 12:16 PM, <perl5-security-report@perl.org> wrote:
|
From @tonycozOn Sun, 27 Aug 2017 01:10:04 -0700, imdb95@gmail.com wrote:
I expect to take a close look at it tomorrow (or maybe later today). Just from the backtrace it doesn't appear to be a security issue, but I won't be sure of that until I take that close look. Tony |
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Sun, 27 Aug 2017 17:10:40 -0700, tonyc wrote:
This requires feeding code to the parser and isn't a security issue. scan_formline() is being entered with PL_bufptr == PL_bufend+1 and things go downhill from there. I haven't tracked down exactly why that's happening though. Tony |
From @tonycozOn Mon, 28 Aug 2017 18:42:02 -0700, tonyc wrote:
This looks like it was fixed by 8174801. Tony |
From @tonycozOn Sun, 20 Jan 2019 19:31:32 -0800, tonyc wrote:
So closing. Tony |
@tonycoz - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release today of Perl 5.30.0, this and 160 other issues have been Perl 5.30.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#131955 (status was 'resolved')
Searchable as RT131955$
The text was updated successfully, but these errors were encountered: