49 lines
1.3 KiB
Diff
49 lines
1.3 KiB
Diff
--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684 2004-02-09 16:37:13.000000000 -0500
|
|
+++ perl-5.8.7/t/op/sprintf2.t 2005-12-01 13:11:34.000000000 -0500
|
|
@@ -6,7 +6,7 @@
|
|
require './test.pl';
|
|
}
|
|
|
|
-plan tests => 3;
|
|
+plan tests => 6;
|
|
|
|
is(
|
|
sprintf("%.40g ",0.01),
|
|
@@ -26,3 +26,20 @@
|
|
q(width calculation under utf8 upgrade)
|
|
);
|
|
}
|
|
+# check %NNN$ for range bounds, especially negative 2's complement
|
|
+{
|
|
+ my ($warn, $bad) = (0,0);
|
|
+ local $SIG{__WARN__} = sub {
|
|
+ if ($_[0] =~ /uninitialized/) {
|
|
+ $warn++
|
|
+ }
|
|
+ else {
|
|
+ $bad++
|
|
+ }
|
|
+ };
|
|
+ my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
|
|
+ qw(a b c d);
|
|
+ is($result, "abcd", "only four valid values");
|
|
+ is($warn, 36, "expected warnings");
|
|
+ is($bad, 0, "unexpected warnings");
|
|
+}
|
|
--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684 2005-05-27 06:38:11.000000000 -0400
|
|
+++ perl-5.8.7/sv.c 2005-12-01 13:11:14.000000000 -0500
|
|
@@ -8707,9 +8707,10 @@
|
|
|
|
if (vectorize)
|
|
argsv = vecsv;
|
|
- else if (!args)
|
|
- argsv = (efix ? efix <= svmax : svix < svmax) ?
|
|
- svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
|
|
+ else if (!args) {
|
|
+ I32 i = efix ? efix-1 : svix++;
|
|
+ argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
|
|
+ }
|
|
|
|
switch (c = *q++) {
|
|
|