Close of build 10.
#
# CVE-2011-2939
# http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
# https://bugzilla.redhat.com/show_bug.cgi?id=731246
#
--- perl-5.12.3/cpan/Encode/Unicode/Unicode.xs.old 2011-11-15 22:37:18.836023493 -0800
+++ perl-5.12.3/cpan/Encode/Unicode/Unicode.xs 2011-11-15 22:40:56.191609987 -0800
@@ -246,7 +246,10 @@
This prevents allocating too much in the rogue case of a large
input consisting initially of long sequence uft8-byte unicode
chars followed by single utf8-byte chars. */
- STRLEN remaining = (e - s)/usize;
+ /* +1
+ fixes Unicode.xs!decode_xs n-byte heap-overflow
+ */
+ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
STRLEN max_alloc = remaining + (8*1024*1024);
STRLEN est_alloc = remaining * UTF8_MAXLEN;
STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */