Skip to content
This repository was archived by the owner on Jun 1, 2023. It is now read-only.

Commit 35886a1

Browse files
rurbanrurban
committed
perlcdelta: for the afl-fuzzer #293 fixed bugs
Some of them critical. Thanks to Ryan Whitworth.
1 parent 8e11a66 commit 35886a1

File tree

1 file changed

+34
-7
lines changed

1 file changed

+34
-7
lines changed

pod/perlcdelta.pod

Lines changed: 34 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,7 @@ with deferring the attributes::import call after an assignment.
194194
assign %h = (...);
195195
attributes->import(PACKAGE, \%h, const);
196196

197-
See L<[cperl #294|https://github.com/perl11/cperl/issues/294>.
197+
See L<[cperl #294]|https://github.com/perl11/cperl/issues/294>.
198198

199199
=item L<Devel::PPPort>
200200

@@ -217,7 +217,7 @@ File::chdir to install.
217217

218218
Implemented C<strict 'names'> to reject illegal identifiers created via
219219
C<no strict 'refs'> also at run-time, not only at compile-time. See
220-
L<[cperl #282|https://github.com/perl11/cperl/issues/282>.
220+
L<[cperl #282]|https://github.com/perl11/cperl/issues/282>.
221221

222222
=back
223223

@@ -436,11 +436,6 @@ XXX
436436

437437
=head1 Selected Bug Fixes
438438

439-
XXX Important bug fixes in the core language are summarized here. Bug fixes in
440-
files in F<ext/> and F<lib/> are best summarized in L</Modules and Pragmata>.
441-
442-
[ List each fix as a =item entry ]
443-
444439
=over 4
445440

446441
=item *
@@ -451,6 +446,38 @@ $=2, $=do{$i++} $="foo", $a="bar", $b="zoot")>, with the first C<$>,
451446
the 2nd C<$=0>, the 3rd C<$=1> and the 5th C<$=do{}> argument.
452447
cperl-only.
453448

449+
=item *
450+
451+
Harmonized TOKENBUF_SIZE and stack buf sizes
452+
453+
The max identifier length depends on the max tokenbuf size, which went
454+
from 256 in perl5 to 1024 in cperl, mostly to speed up parsing with a
455+
larger parser buffer. A few places still had hardcoded 256 tmpbuf sizes, which
456+
led to wrong error messages.
457+
See L<[cperl #293]|https://github.com/perl11/cperl/issues/293>.
458+
459+
=item *
460+
461+
Fixed one place in ck_sort for utf8 lexical variable names, which
462+
passed the unneeded UTF8 flag to C<pad_findmy_pvn()>. In cperl all pads
463+
are normalized UTF8 for faster searches, the flag argument must be 0.
464+
See L<[cperl #293]|https://github.com/perl11/cperl/issues/293>.
465+
466+
=item *
467+
468+
Fix regex stack recursion overflow with DEBUGGING
469+
470+
This is a regression since 5.26 (also in upstream perl5). Without
471+
DEBUGGING it failed with the error message "Unmatched ( in regex", now
472+
with more than 5000 open parens it will fail with the same error message.
473+
This would be security relevant if one would use a DEBUGGING perl in
474+
production as one can construct a pattern which writes arbitrary
475+
values to the stack, similar to the Storable (L<[cperl
476+
#257]|https://github.com/perl11/cperl/issues/257>, L<[cpan
477+
#97526]|https://rt.cpan.org/Public/Bug/Display.html?id=97526>) stack
478+
overflow and the old 5.10 regex stack overflow attack. See L<[cperl
479+
#293]|https://github.com/perl11/cperl/issues/293>.
480+
454481
=back
455482

456483
=head1 Known Problems

0 commit comments

Comments
 (0)