From: Nicholas Clark Date: Sun, 8 May 2011 07:38:02 +0000 (+0200) Subject: Don't recurse into op_size() on op->pmnext. X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=0914842a8e0fe4df89aa9a872dc6d2ddd414cd86;p=p5sagit%2FDevel-Size.git Don't recurse into op_size() on op->pmnext. It doesn't point to an OP owned by the current OP - it is used to form a linked list that reset uses to find regexps to reset. Moreover, prior to 5.8.0 it can end up pointing to freed memory, which results in much jollity. [Bug 20010301.005, a.k.a. RT #5935, fixed in cb55de95c99e4650] --- diff --git a/Size.xs b/Size.xs index fa0673f..a2e30b1 100644 --- a/Size.xs +++ b/Size.xs @@ -414,7 +414,6 @@ op_size(pTHX_ const OP * const baseop, struct state *st) #if PERL_VERSION < 9 || (PERL_VERSION == 9 && PERL_SUBVERSION < 5) op_size(aTHX_ cPMOPx(baseop)->op_pmreplroot, st); op_size(aTHX_ cPMOPx(baseop)->op_pmreplstart, st); - op_size(aTHX_ (OP *)cPMOPx(baseop)->op_pmnext, st); #endif /* This is defined away in perl 5.8.x, but it is in there for 5.6.x */