[PATCH] Perl: NULL-terminate argument list

Piotr Sikora piotr at cloudflare.com
Fri Jun 20 23:09:31 UTC 2014

Hey Maxim,

> Most suspicious line I see in perl 5.18 sources is in toke.c:
>                         Copy(PL_origargv+1, newargv+2, PL_origargc+1, char*);
> I suspect that "+" in the "PL_origargc+1" is just a typo, it
> should be "-".  I don't think that suggested patch will help if
> it's the reason (or, at least, it won't help in all cases), as it
> looks like 2 pointers overrun, not just 1 pointer you are adding.

I don't think that's what's really happening, though.

I don't see the invalid access errors that I was getting for the 1
byte overrun if I position the input to detect 2 byte buffer overrun,
that is: argv[argc+1] == pool->d.end

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list