From: Andreas König <a.koenig@mind.de>
Date: Thu, 24 Jan 2002 12:45:44 +0000 (+0100)
Subject: The
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=290deeac09590d3d537138ffc29b7441c55f585a;p=p5sagit%2Fp5-mst-13.2.git

The

Subject: Very old debugger UTF-8 bug
Message-ID: <m3y9iot1jr.fsf@anima.de>

still broken, but this should work as a stopgap
measure to stop pp_match accessing naughty data.

p4raw-id: //depot/perl@14405
---

diff --git a/pod/perldiag.pod b/pod/perldiag.pod
index 7ea6e85..2a3f5d0 100644
--- a/pod/perldiag.pod
+++ b/pod/perldiag.pod
@@ -2515,7 +2515,7 @@ reference.
 (P) We popped the context stack to an eval context, and then discovered
 it wasn't an eval context.
 
-=item panic: pp_match
+=item panic: pp_match%s
 
 (P) The internal pp_match() routine was called with invalid operational
 data.
diff --git a/pp_hot.c b/pp_hot.c
index 4a88348..1d2dffa 100644
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -1322,6 +1322,9 @@ play_it_again:
 	    /*SUPPRESS 560*/
 	    if ((rx->startp[i] != -1) && rx->endp[i] != -1 ) {
 		len = rx->endp[i] - rx->startp[i];
+	        if (rx->endp[i] < 0 || rx->startp[i] < 0 ||
+		    len < 0 || len > strend - s)
+		    DIE(aTHX_ "panic: pp_match start/end pointers");
 		s = rx->startp[i] + truebase;
 		sv_setpvn(*SP, s, len);
 		if (DO_UTF8(TARG) && is_utf8_string((U8*)s, len))