aboutsummaryrefslogtreecommitdiffstats
path: root/main/perl/CVE-2011-2939.patch
blob: 7b5068d473c0323f4ff6a5c725de81960cb9f993 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
index 16f4cd1..039f155 100644
--- a/cpan/Encode/Unicode/Unicode.xs
+++ b/cpan/Encode/Unicode/Unicode.xs
@@ -256,7 +256,10 @@ CODE:
 	       This prevents allocating too much in the rogue case of a large
 	       input consisting initially of long sequence uft8-byte unicode
 	       chars followed by single utf8-byte chars. */
-	    STRLEN remaining = (e - s)/usize;
+            /* +1 
+               fixes  Unicode.xs!decode_xs n-byte heap-overflow
+              */
+	    STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
 	    STRLEN max_alloc = remaining + (8*1024*1024);
 	    STRLEN est_alloc = remaining * UTF8_MAXLEN;
 	    STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */