39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 9ba9a28aaea66bad2de041880a2c4210a911dda6 Mon Sep 17 00:00:00 2001
|
|
From: David Mitchell <davem@iabyn.com>
|
|
Date: Wed, 21 Nov 2018 12:09:45 +0000
|
|
Subject: [PATCH] S_hv_delete_common(): avoid undefined behaviour
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
ASAN -fsanitize-undefined was tripping on the second of these two lines:
|
|
|
|
svp = AvARRAY(isa);
|
|
end = svp + AvFILLp(isa)+1;
|
|
|
|
In the case where svp is NULL and AvFILLp(isa) is -1, the first addition
|
|
is undefined behaviour. Add the 1 first, so that it becomes
|
|
svp + (-1+1), which is safe.
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
hv.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hv.c b/hv.c
|
|
index d3d02d1046..fc90a5146b 100644
|
|
--- a/hv.c
|
|
+++ b/hv.c
|
|
@@ -1295,7 +1295,7 @@ S_hv_delete_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
|
|
SV **svp, **end;
|
|
strip_magic:
|
|
svp = AvARRAY(isa);
|
|
- end = svp + AvFILLp(isa)+1;
|
|
+ end = svp + (AvFILLp(isa)+1);
|
|
while (svp < end) {
|
|
if (*svp)
|
|
mg_free_type(*svp, PERL_MAGIC_isaelem);
|
|
--
|
|
2.17.2
|
|
|