[PATCH] Perl: NULL-terminate argument list
piotr at cloudflare.com
Fri Jun 20 23:09:31 UTC 2014
> Most suspicious line I see in perl 5.18 sources is in toke.c:
> Copy(PL_origargv+1, newargv+2, PL_origargc+1, char*);
> I suspect that "+" in the "PL_origargc+1" is just a typo, it
> should be "-". I don't think that suggested patch will help if
> it's the reason (or, at least, it won't help in all cases), as it
> looks like 2 pointers overrun, not just 1 pointer you are adding.
I don't think that's what's really happening, though.
I don't see the invalid access errors that I was getting for the 1
byte overrun if I position the input to detect 2 byte buffer overrun,
that is: argv[argc+1] == pool->d.end
More information about the nginx-devel