[perl #38784] [PATCH] imcc/parser_util.c memory overrun
Andy Dougherty
# Please include the string: [perl #38784]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=38784 >
The following trivial patch prevents parrot from reading possibly
unallocated memory: If the C< char *name > were less than 10 characters
long, then the memcmp could read beyond the end of the allocated block;
the strncmp will properly terminate at the end of C<name>.
In most other places, this file uses a plain strcmp(). In these two
places, it used a memcmp(). I don't know why.
--- parrot-current/compilers/imcc/parser_util.c Wed Feb 22 11:15:12 2006
+++ parrot-andy/compilers/imcc/parser_util.c Wed Mar 22 12:36:53 2006
@@ -537,8 +537,8 @@
else if (!strcmp(name, "yield")) {
cur_unit->instructions->r[0]->pcc_sub->calls_a_sub |= 1 |ITPCCYIELD;
}
- else if (!memcmp(name, "invoke", 6) ||
- !memcmp(name, "callmethod", 10)) {
+ else if (!strncmp(name, "invoke", 6) ||
+ !strncmp(name, "callmethod", 10)) {
if (cur_unit->type & IMC_PCCSUB)
cur_unit->instructions->r[0]->pcc_sub->calls_a_sub |= 1;
}
--
Andy Dougherty doug...@lafayette.edu
Leopold Toetsch
On Mar 22, 2006, at 18:53, Andy Dougherty (via RT) wrote:
>
> The following trivial patch prevents parrot from reading possibly
> unallocated memory: If the C< char *name > were less than 10
> characters
> long, then the memcmp could read beyond the end of the allocated block;
> the strncmp will properly terminate at the end of C<name>.
Good catch. Thanks, applied r12003.
leo