aboutsummaryrefslogtreecommitdiffstats
path: root/main/perl/CVE-2011-2939.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/perl/CVE-2011-2939.patch')
-rw-r--r--main/perl/CVE-2011-2939.patch16
1 files changed, 16 insertions, 0 deletions
diff --git a/main/perl/CVE-2011-2939.patch b/main/perl/CVE-2011-2939.patch
new file mode 100644
index 0000000000..7b5068d473
--- /dev/null
+++ b/main/perl/CVE-2011-2939.patch
@@ -0,0 +1,16 @@
+diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
+index 16f4cd1..039f155 100644
+--- a/cpan/Encode/Unicode/Unicode.xs
++++ b/cpan/Encode/Unicode/Unicode.xs
+@@ -256,7 +256,10 @@ CODE:
+ This prevents allocating too much in the rogue case of a large
+ input consisting initially of long sequence uft8-byte unicode
+ chars followed by single utf8-byte chars. */
+- STRLEN remaining = (e - s)/usize;
++ /* +1
++ fixes Unicode.xs!decode_xs n-byte heap-overflow
++ */
++ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
+ STRLEN max_alloc = remaining + (8*1024*1024);
+ STRLEN est_alloc = remaining * UTF8_MAXLEN;
+ STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 02:11:34 +0000