From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Sun, 3 Jun 2001 22:49:55 +0000 (+0000)
Subject: Potential buffer overrun if the radix separator is more than
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=b1d91914ebabe76be933f5f742b7228fd199e7e5;p=p5sagit%2Fp5-mst-13.2.git

Potential buffer overrun if the radix separator is more than
one byte.  Also, under locales, prefer the locale-specific
separator over the old boring ".".

p4raw-id: //depot/perl@10414
---

diff --git a/perl.h b/perl.h
index 7d9b2ed..4c878ea 100644
--- a/perl.h
+++ b/perl.h
@@ -3434,9 +3434,10 @@ typedef struct am_table_short AMTS;
 #define IN_LOCALE \
 	(PL_curcop == &PL_compiling ? IN_LOCALE_COMPILETIME : IN_LOCALE_RUNTIME)
 
-#define IS_NUMERIC_RADIX(s)	\
+#define IS_NUMERIC_RADIX(s, send)	\
 	(PL_numeric_radix_sv \
 	 && IN_LOCALE \
+	 && SvCUR(PL_numeric_radix_sv) < ((send)-(s)) \
 	 && memEQ(s, SvPVX(PL_numeric_radix_sv), SvCUR(PL_numeric_radix_sv)))
 
 #define STORE_NUMERIC_LOCAL_SET_STANDARD() \
diff --git a/sv.c b/sv.c
index eac192d..581c788 100644
--- a/sv.c
+++ b/sv.c
@@ -2529,11 +2529,11 @@ Perl_looks_like_number(pTHX_ SV *sv)
 			   UV_MAX= 18446744073709551615) so be cautious  */
 	    numtype |= IS_NUMBER_TO_INT_BY_STRTOL | IS_NUMBER_AS_LONG_AS_IV_MAX;
 
-        if (*s == '.'
+        if (
 #ifdef USE_LOCALE_NUMERIC
-	    || (specialradix = IS_NUMERIC_RADIX(s))
+	    (specialradix = IS_NUMERIC_RADIX(s, send)) ||
 #endif
-	    ) {
+	    *s == '.') {
 #ifdef USE_LOCALE_NUMERIC
 	    if (specialradix)
 		s += SvCUR(PL_numeric_radix_sv);
@@ -2545,10 +2545,11 @@ Perl_looks_like_number(pTHX_ SV *sv)
                 s++;
         }
     }
-    else if (*s == '.'
+    else if (
 #ifdef USE_LOCALE_NUMERIC
-	    || (specialradix = IS_NUMERIC_RADIX(s))
+	     (specialradix = IS_NUMERIC_RADIX(s, send)) ||
 #endif
+	    *s == '.'
 	    ) {
 #ifdef USE_LOCALE_NUMERIC
 	if (specialradix)