This reduces to:
./miniperl -e 'pack "[" x 20000'
.. which explodes the stack because we check for close parens recursively in pack.c:S_group_end():
else if (c == '[')
patptr = group_end(patptr, patend, ']') + 1;
The same happens for "(", for the same reason.
I don't think we class such things as vulnerabilities, can anyone confirm or deny?
I'm also not sure what would be involved in avoiding this, or if there's value in doing so.
#Tue, 09 Jan 2018 12:08:12 -0800The RT System itself - Status changed from 'new' to 'open'