Potential buffer overrun if the radix separator is more than

one byte.  Also, under locales, prefer the locale-specific
separator over the old boring ".".

p4raw-id: //depot/perl@10414

diff --git a/perl.h b/perl.h
index 7d9b2ed..4c878ea 100644 (file)
--- a/perl.h
+++ b/perl.h
@@ -3434,9 +3434,10 @@ typedef struct am_table_short AMTS;
 #define IN_LOCALE \
        (PL_curcop == &PL_compiling ? IN_LOCALE_COMPILETIME : IN_LOCALE_RUNTIME)
 
-#define IS_NUMERIC_RADIX(s)    \
+#define IS_NUMERIC_RADIX(s, send)      \
        (PL_numeric_radix_sv \
         && IN_LOCALE \
+        && SvCUR(PL_numeric_radix_sv) < ((send)-(s)) \
         && memEQ(s, SvPVX(PL_numeric_radix_sv), SvCUR(PL_numeric_radix_sv)))
 
 #define STORE_NUMERIC_LOCAL_SET_STANDARD() \

diff --git a/sv.c b/sv.c
index eac192d..581c788 100644 (file)
--- a/sv.c
+++ b/sv.c
@@ -2529,11 +2529,11 @@ Perl_looks_like_number(pTHX_ SV *sv)
                           UV_MAX= 18446744073709551615) so be cautious  */
            numtype |= IS_NUMBER_TO_INT_BY_STRTOL | IS_NUMBER_AS_LONG_AS_IV_MAX;
 
-        if (*s == '.'
+        if (
 #ifdef USE_LOCALE_NUMERIC
-           || (specialradix = IS_NUMERIC_RADIX(s))
+           (specialradix = IS_NUMERIC_RADIX(s, send)) ||
 #endif
-           ) {
+           *s == '.') {
 #ifdef USE_LOCALE_NUMERIC
            if (specialradix)
                s += SvCUR(PL_numeric_radix_sv);
@@ -2545,10 +2545,11 @@ Perl_looks_like_number(pTHX_ SV *sv)
                 s++;
         }
     }
-    else if (*s == '.'
+    else if (
 #ifdef USE_LOCALE_NUMERIC
-           || (specialradix = IS_NUMERIC_RADIX(s))
+            (specialradix = IS_NUMERIC_RADIX(s, send)) ||
 #endif
+           *s == '.'
            ) {
 #ifdef USE_LOCALE_NUMERIC
        if (specialradix)