From: Nicholas Clark Date: Sat, 12 Jun 2010 19:43:37 +0000 (+0100) Subject: Fix edge cases in pp_getc and pp_tell where the stack extent was not checked. X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=ac3697cd90b00fae88e4f19931af920bc552e2b8;p=p5sagit%2Fp5-mst-13.2.git Fix edge cases in pp_getc and pp_tell where the stack extent was not checked. Both conditionally POP a GV from the stack, but always PUSH a return value to it. For the case where they did not POP the GV, they made no check that the stack had space for the PUSH. This bug has been present since perl 5.000. --- diff --git a/pp_sys.c b/pp_sys.c index 59ec533..9d4887f 100644 --- a/pp_sys.c +++ b/pp_sys.c @@ -1194,6 +1194,9 @@ PP(pp_getc) IO *io = NULL; GV * const gv = (MAXARG==0) ? PL_stdingv : MUTABLE_GV(POPs); + if (MAXARG == 0) + EXTEND(SP, 1); + if (gv && (io = GvIO(gv))) { MAGIC * const mg = SvTIED_mg((const SV *)io, PERL_MAGIC_tiedscalar); if (mg) { @@ -2067,6 +2070,8 @@ PP(pp_tell) if (MAXARG != 0) PL_last_in_gv = MUTABLE_GV(POPs); + else + EXTEND(SP, 1); gv = PL_last_in_gv; if (gv && (io = GvIO(gv))) {