Skip to content

(perl #17844) don't update SvCUR until after we've done moving #17845

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 30, 2020
Merged

(perl #17844) don't update SvCUR until after we've done moving #17845

merged 1 commit into from
Jul 30, 2020

Conversation

@lightsey
Copy link
Contributor

@lightsey lightsey commented Jun 8, 2020
edited by xsawyerx
Loading

SvCUR() before the SvGROW() calls could result in reading beyond the
end of a buffer.

It wasn't a problem in the normal case, since sv_grow() just calls
realloc() which has its own notion of how big the memory block is, but
if the SV is SvOOK(), sv_backoff() tries to move SvCUR()+1 bytes, which
might be larger than the currently allocated size of the PV.

Note: Tony's original patch did not apply cleanly, but the changes required to correct this were trivial. I also altered the commit message and comments to use the new issue number.

@tonycoz @lightsey
(perl Perl#17844) don't update SvCUR until after we've done moving
00c8389 
SvCUR() before the SvGROW() calls could result in reading beyond the
end of a buffer.

It wasn't a problem in the normal case, since sv_grow() just calls
realloc() which has its own notion of how big the memory block is, but
if the SV is SvOOK() sv_backoff() tries to move SvCUR()+1 bytes, which
might be larger than the currently allocated size of the PV.
@lightsey lightsey mentioned this pull request Jun 8, 2020
Closed
@xsawyerx xsawyerx added this to the 5.33.1 milestone Jun 8, 2020
@xsawyerx xsawyerx added the do not merge Don't merge this PR, at least for now label Jun 20, 2020
@toddr toddr requested review from khwilliamson and tonycoz July 30, 2020 23:19
@atoomic atoomic self-requested a review July 30, 2020 23:27
@toddr toddr added Ready-to-merge and removed do not merge Don't merge this PR, at least for now labels Jul 30, 2020
@atoomic atoomic merged commit 45f235c into Perl:blead Jul 30, 2020
@toddr
Copy link
Member

toddr commented Jul 30, 2020

Per @tonycoz this is good to merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@khwilliamson khwilliamson khwilliamson approved these changes

@atoomic atoomic atoomic approved these changes

@tonycoz tonycoz Awaiting requested review from tonycoz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

5.33.1

Development

Successfully merging this pull request may close these issues.

6 participants

@lightsey @toddr @khwilliamson @atoomic @xsawyerx @tonycoz