The

Subject: Very old debugger UTF-8 bug
Message-ID: <m3y9iot1jr.fsf@anima.de>

still broken, but this should work as a stopgap
measure to stop pp_match accessing naughty data.

p4raw-id: //depot/perl@14405

diff --git a/pod/perldiag.pod b/pod/perldiag.pod
index 7ea6e85..2a3f5d0 100644 (file)
--- a/pod/perldiag.pod
+++ b/pod/perldiag.pod
@@ -2515,7 +2515,7 @@ reference.
 (P) We popped the context stack to an eval context, and then discovered
 it wasn't an eval context.
 
-=item panic: pp_match
+=item panic: pp_match%s
 
 (P) The internal pp_match() routine was called with invalid operational
 data.

diff --git a/pp_hot.c b/pp_hot.c
index 4a88348..1d2dffa 100644 (file)
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -1322,6 +1322,9 @@ play_it_again:
            /*SUPPRESS 560*/
            if ((rx->startp[i] != -1) && rx->endp[i] != -1 ) {
                len = rx->endp[i] - rx->startp[i];
+               if (rx->endp[i] < 0 || rx->startp[i] < 0 ||
+                   len < 0 || len > strend - s)
+                   DIE(aTHX_ "panic: pp_match start/end pointers");
                s = rx->startp[i] + truebase;
                sv_setpvn(*SP, s, len);
                if (DO_UTF8(TARG) && is_utf8_string((U8*)s, len))