fix memory overrun due to off-by-one in change#5192

p4raw-link: @5192 on //depot/perl: 012bcf8d26492bcf446b8c77c363cfa2f1a6a609

p4raw-id: //depot/perl@5205

diff --git a/toke.c b/toke.c
index bdf8e51..11e966f 100644 (file)
--- a/toke.c
+++ b/toke.c
@@ -1298,9 +1298,9 @@ S_scan_const(pTHX_ char *start)
           (void)utf8_to_uv((U8*)s, &len);
           if (len == 1) {
               /* illegal UTF8, make it valid */
-              /* need to grow with 1 char to be safe */
               char *old_pvx = SvPVX(sv);
-              d = SvGROW(sv, SvCUR(sv)+2) + (d - old_pvx);
+              /* need space for two characters and a null */
+              d = SvGROW(sv, SvCUR(sv) + 2 + 1) + (d - old_pvx);
               d = (char*)uv_to_utf8((U8*)d, (U8)*s++);
           }
           else {