New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
uninitialized variable and integer overrun in pp.c and toke.c #16290
Comments
From marc-philip@die-werners.deFrom: marc-philip@die-werners.de This is a bug report for perl from marc-philip@die-werners.de, Hi, I'm attaching a patchfile. Best Regards Flags: Site configuration information for perl 5.26.1: Configured by sap at Thu Dec 7 10:39:47 CET 2017. Summary of my perl5 (revision 5 version 26 subversion 1) configuration: Platform: @INC for perl 5.26.1: Environment for perl 5.26.1: |
From marc-philip@die-werners.decoverity_5.26.1.patchdiff -Naur perl-5.26.1.orig/pp.c perl-5.26.1/pp.c
--- perl-5.26.1.orig/pp.c 2017-08-23 20:22:51.000000000 +0000
+++ perl-5.26.1/pp.c 2017-11-27 15:18:24.000000000 +0000
@@ -3811,6 +3811,7 @@
if (! slen) { /* If empty */
need = 1; /* still need a trailing NUL */
ulen = 0;
+ *tmpbuf = '\0';
}
else if (DO_UTF8(source)) { /* Is the source utf8? */
doing_utf8 = TRUE;
diff -Naur perl-5.26.1.orig/toke.c perl-5.26.1/toke.c
--- perl-5.26.1.orig/toke.c 2017-07-18 23:00:00.000000000 +0000
+++ perl-5.26.1/toke.c 2017-11-27 15:33:36.000000000 +0000
@@ -8943,7 +8943,7 @@
HEK * const stashname = HvNAME_HEK(stash);
SV * const sym = newSVhek(stashname);
sv_catpvs(sym, "::");
- sv_catpvn_flags(sym, PL_tokenbuf+1, tokenbuf_len - 1, (UTF ? SV_CATUTF8 : SV_CATBYTES ));
+ sv_catpvn_flags(sym, PL_tokenbuf+1, tokenbuf_len > 0 ? tokenbuf_len - 1 : 0, (UTF ? SV_CATUTF8 : SV_CATBYTES ));
pl_yylval.opval = newSVOP(OP_CONST, 0, sym);
pl_yylval.opval->op_private = OPpCONST_ENTERED;
if (pit != '&')
@@ -8971,7 +8971,7 @@
&& PL_lex_state != LEX_NORMAL
&& !PL_lex_brackets)
{
- GV *const gv = gv_fetchpvn_flags(PL_tokenbuf + 1, tokenbuf_len - 1,
+ GV *const gv = gv_fetchpvn_flags(PL_tokenbuf + 1, tokenbuf_len > 0 ? tokenbuf_len - 1 : 0,
( UTF ? SVf_UTF8 : 0 ) | GV_ADDMG,
SVt_PVAV);
if ((!gv || ((PL_tokenbuf[0] == '@') ? !GvAV(gv) : !GvHV(gv)))
@@ -8988,11 +8988,11 @@
/* build ops for a bareword */
pl_yylval.opval = newSVOP(OP_CONST, 0,
newSVpvn_flags(PL_tokenbuf + 1,
- tokenbuf_len - 1,
+ tokenbuf_len > 0 ? tokenbuf_len - 1 : 0,
UTF ? SVf_UTF8 : 0 ));
pl_yylval.opval->op_private = OPpCONST_ENTERED;
if (pit != '&')
- gv_fetchpvn_flags(PL_tokenbuf+1, tokenbuf_len - 1,
+ gv_fetchpvn_flags(PL_tokenbuf+1, tokenbuf_len > 0 ? tokenbuf_len - 1 : 0,
(PL_in_eval ? GV_ADDMULTI : GV_ADD)
| ( UTF ? SVf_UTF8 : 0 ),
((PL_tokenbuf[0] == '$') ? SVt_PV
|
From @avarOn Thu, Dec 7, 2017 at 1:00 PM, Marc-Philip <perlbug-followup@perl.org> wrote:
Thanks, the first hunk probably looks sensible, although maybe it All the rest of the hunks are paranoia that strlen() will return a |
The RT System itself - Status changed from 'new' to 'open' |
From marc-philip.werner@sap.comOn Thu, 07 Dec 2017 06:01:35 -0800, avarab@gmail.com wrote:
Regards |
From Eirik-Berg.Hanssen@allverden.noOn Thu, Dec 7, 2017 at 3:01 PM, Ævar Arnfjörð Bjarmason <avarab@gmail.com>
An unsigned int can still be zero, in which case -1 gives a negative. Or (Perhaps testing for !=0 instead of >0 would be clearer? :) ) Eirik |
From zefram@fysh.orgMarc-Philip wrote:
Neither is a real bug. In the empty string case in pp_ucfirst(), tmpbuf -zefram |
Is this closable then |
I dont think Zefram is going to answer so I will close it. |
Migrated from rt.perl.org#132540 (status was 'open')
Searchable as RT132540$
The text was updated successfully, but these errors were encountered: