From bf2bec63bfe4a40a7b64fc7688213cbfa85b1418 Mon Sep 17 00:00:00 2001 From: David Mitchell Date: Sun, 29 May 2011 14:01:11 +0100 Subject: [PATCH] pp_formline: don't overgrow PL_formtarget In various places, PL_formtarget is grown by fudge bytes. But fudge is already equal to the whole width of the format line, and PL_formtarget is pre-grown by fudge at the start, so normally there's no need to extend it further. So don't. Instead, only grow it by the amount needed (which will ormally be nothing) as a safety measure. Also add an assert at the end to check that we haven't overrun the buffer. --- pp_ctl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pp_ctl.c b/pp_ctl.c index acab077..06952b2 100644 --- a/pp_ctl.c +++ b/pp_ctl.c @@ -629,7 +629,7 @@ PP(pp_formline) } if (!targ_is_utf8 && item_is_utf8) { SvCUR_set(PL_formtarget, t - SvPVX_const(PL_formtarget)); - sv_utf8_upgrade_flags_grow(PL_formtarget, 0, fudge + 1); + sv_utf8_upgrade_flags_grow(PL_formtarget, 0, arg); t = SvEND(PL_formtarget); targ_is_utf8 = TRUE; } @@ -814,8 +814,7 @@ PP(pp_formline) if (item_is_utf8) { if (!targ_is_utf8) { SvCUR_set(PL_formtarget, t - SvPVX_const(PL_formtarget)); - sv_utf8_upgrade_flags_grow(PL_formtarget, 0, - fudge + 1); + sv_utf8_upgrade_flags_grow(PL_formtarget, 0, arg); t = SvEND(PL_formtarget); targ_is_utf8 = TRUE; } @@ -933,7 +932,7 @@ PP(pp_formline) assert (item_is_utf8 == targ_is_utf8); } SvGROW(PL_formtarget, - SvCUR(PL_formtarget) + to_copy + fudge + 1); + SvCUR(PL_formtarget) + to_copy + 1); t = SvPVX(PL_formtarget) + SvCUR(PL_formtarget); Copy(source, t, to_copy, char); @@ -1042,6 +1041,7 @@ PP(pp_formline) } case FF_END: end: + assert(t < SvPVX_const(PL_formtarget) + SvLEN(PL_formtarget)); *t = '\0'; SvCUR_set(PL_formtarget, t - SvPVX_const(PL_formtarget)); if (targ_is_utf8) -- 2.7.4