From: Nicholas Clark Date: Sun, 11 Dec 2005 12:54:14 +0000 (+0000) Subject: Quench the other 2 ways obscure ways of abusing positional parameters X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=7ad96abb1ad587ddcec56cda2faec929c6a20956;p=p5sagit%2Fp5-mst-13.2.git Quench the other 2 ways obscure ways of abusing positional parameters to generate bogus array indexes. These two are inside the vector formatting code. p4raw-id: //depot/perl@26320 --- diff --git a/sv.c b/sv.c index 19a2ce7..fc2540d 100644 --- a/sv.c +++ b/sv.c @@ -7977,9 +7977,12 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const char *pat, STRLEN patlen, va_list *args, SV if (vectorarg) { if (args) vecsv = va_arg(*args, SV*); - else - vecsv = (evix ? evix <= svmax : svix < svmax) ? - svargs[evix ? evix-1 : svix++] : &PL_sv_undef; + else if (evix) { + vecsv = (evix > 0 && evix <= svmax) + ? svargs[evix-1] : &PL_sv_undef; + } else { + vecsv = svix < svmax ? svargs[svix++] : &PL_sv_undef; + } dotstr = SvPV_const(vecsv, dotstrlen); if (DO_UTF8(vecsv)) is_utf8 = TRUE; @@ -7987,7 +7990,7 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const char *pat, STRLEN patlen, va_list *args, SV if (args) { VECTORIZE_ARGS } - else if (efix ? efix <= svmax : svix < svmax) { + else if (efix ? (efix > 0 && efix <= svmax) : svix < svmax) { vecsv = svargs[efix ? efix-1 : svix++]; vecstr = (U8*)SvPV_const(vecsv,veclen); vec_utf8 = DO_UTF8(vecsv); diff --git a/t/op/sprintf.t b/t/op/sprintf.t index 35bb8e6..4130a5a 100755 --- a/t/op/sprintf.t +++ b/t/op/sprintf.t @@ -421,3 +421,5 @@ __END__ >%#b< >0< >0< >%#o< >0< >0< >%#x< >0< >0< +>%2918905856$v2d< >''< >< +>%*2918905856$v2d< >''< > UNINIT<