From 7d3a730ee869d89a6f40963c80aaa0e044b0c7d2 Mon Sep 17 00:00:00 2001 From: Niko Tyni Date: Sat, 6 Nov 2010 21:44:35 +0200 Subject: [PATCH] Fix an out of bounds write in Data-Dumper with malformed utf8 input When warnings are enabled and Dumper() is called with an invalid utf8 string that still has the UTF8 flag on, esc_q_utf8() miscounts the size of the escaped string. --- dist/Data-Dumper/Dumper.xs | 6 +++++- dist/Data-Dumper/t/bugs.t | 14 +++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/dist/Data-Dumper/Dumper.xs b/dist/Data-Dumper/Dumper.xs index 7845962..ce38ec0 100644 --- a/dist/Data-Dumper/Dumper.xs +++ b/dist/Data-Dumper/Dumper.xs @@ -142,11 +142,15 @@ esc_q_utf8(pTHX_ SV* sv, register const char *src, register STRLEN slen) STRLEN single_quotes = 0; STRLEN qq_escapables = 0; /* " $ @ will need a \ in "" strings. */ STRLEN normal = 0; + int increment; /* this will need EBCDICification */ - for (s = src; s < send; s += UTF8SKIP(s)) { + for (s = src; s < send; s += increment) { const UV k = utf8_to_uvchr((U8*)s, NULL); + /* check for invalid utf8 */ + increment = (k == 0 && *s != '\0') ? 1 : UTF8SKIP(s); + #ifdef EBCDIC if (!isprint(k) || k > 256) { #else diff --git a/dist/Data-Dumper/t/bugs.t b/dist/Data-Dumper/t/bugs.t index 3c5d141..ceca4b9 100644 --- a/dist/Data-Dumper/t/bugs.t +++ b/dist/Data-Dumper/t/bugs.t @@ -12,7 +12,7 @@ BEGIN { } use strict; -use Test::More tests => 6; +use Test::More tests => 7; use Data::Dumper; { @@ -85,4 +85,16 @@ Data::Dumper->Dump([*{*STDERR{IO}}]); ok("ok", #ok "empty-string glob [perl #72332]"); +# writing out of bounds with malformed utf8 +SKIP: { + eval { require Encode }; + skip("Encode not available", 1) if $@; + local $^W=1; + local $SIG{__WARN__} = sub {}; + my $a="\x{fc}'" x 50; + Encode::_utf8_on($a); + Dumper $a; + ok("ok", "no crash dumping malformed utf8 with the utf8 flag on"); +} + # EOF -- 2.7.4