blob: 7b5068d473c0323f4ff6a5c725de81960cb9f993 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
index 16f4cd1..039f155 100644
--- a/cpan/Encode/Unicode/Unicode.xs
+++ b/cpan/Encode/Unicode/Unicode.xs
@@ -256,7 +256,10 @@ CODE:
This prevents allocating too much in the rogue case of a large
input consisting initially of long sequence uft8-byte unicode
chars followed by single utf8-byte chars. */
- STRLEN remaining = (e - s)/usize;
+ /* +1
+ fixes Unicode.xs!decode_xs n-byte heap-overflow
+ */
+ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
STRLEN max_alloc = remaining + (8*1024*1024);
STRLEN est_alloc = remaining * UTF8_MAXLEN;
STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
|
