Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/perl512/patches/CVE-2011-2939.patch
branchs11-sru
changeset 2235 a44c81d82486
equal deleted inserted replaced
2234:b2997935ce9b 2235:a44c81d82486 
       
     1 #
 
       
     2 # CVE-2011-2939
 
       
     3 # http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
 
       
     4 # https://bugzilla.redhat.com/show_bug.cgi?id=731246
 
       
     5 #
 
       
     6 --- perl-5.12.3/cpan/Encode/Unicode/Unicode.xs.old	2011-11-15 22:37:18.836023493 -0800
 
       
     7 +++ perl-5.12.3/cpan/Encode/Unicode/Unicode.xs	2011-11-15 22:40:56.191609987 -0800
 
       
     8 @@ -246,7 +246,10 @@
 
       
     9  	       This prevents allocating too much in the rogue case of a large
 
       
    10  	       input consisting initially of long sequence uft8-byte unicode
 
       
    11  	       chars followed by single utf8-byte chars. */
 
       
    12 -	    STRLEN remaining = (e - s)/usize;
 
       
    13 +	    /* +1 
       
    14 +	       fixes  Unicode.xs!decode_xs n-byte heap-overflow
 
       
    15 +	      */
 
       
    16 +	    STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
 
       
    17  	    STRLEN max_alloc = remaining + (8*1024*1024);
 
       
    18  	    STRLEN est_alloc = remaining * UTF8_MAXLEN;
 
       
    19  	    STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
upstream/oracle/userland-gate