Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
fix buffer overrun issue due to strncat usage #8
Yes, that's the bug -- when the code detects a malformed comment it tries to alert the user, but if the malformed comment contains more than 2000 bytes of data it blows up by writing a NULL just past the allocated buffer space. If it weren't malformed the reallocation code would deal with it correctly, it's only zzFAIL() that has the issue.
but I am getting this:
So, it seems it is not passing yet...
I get an error when I run
prove --lib lib t/overflow.t
but I don't when I run
The difference between the two appears to be PERL_DL_NONLAZY=1 set in the environment when I run Build but not when I run prove. If instead I run
PERL_DL_NONLAZY=1 prove --verbose --lib lib t/overflow.t
It works. It seems like there is some issue in the XS layer, possibly handling the result of an incomplete parse. I have this stack trace:
Program terminated with signal 11, Segmentation fault.
I will look into this some more and see if I can figure out what the issue is.
I believe this fixes the crash in perl, but I'm not totally confident in what the "right" behaviour is when there are no values. Not storing anything will probably be fine, as there's nothing to store?
I also noticed that in convert_assigned_entry, prev_line is similarly uninitialized and may be used uninitialized if bt_next_field never returns anything. Just an integer, probably won't result in a crash, but might result in some incorrect results somewhere.