Poorly written perl code that allows an attacker to specify the count to
perl's 'x' string repeat operator can already cause a memory exhaustion
denial-of-service attack. A flaw in versions of perl before 5.15.5 can
escalate that into a heap buffer overrun; coupled with versions of glibc
before 2.16, it possibly allows the execution of arbitrary code.
The flaw addressed to this commit has been assigned identifier
CVE-2012-5195.
{
PERL_ARGS_ASSERT_REPEATCPY;
+ if (count < 0)
+ Perl_croak_nocontext("%s",PL_memory_wrap);
+
if (len == 1)
memset(to, *from, count);
else if (count) {