Bug#689314: perl: segfaults when echoing a very long string [CVE-2012-5195]
Dominic Hargreaves
dom at earth.li
Sat Jan 5 16:44:48 UTC 2013
On Fri, Jan 04, 2013 at 05:00:24PM +0400, Alexander Kudrevatykh wrote:
> perl still segfaults with command # perl -e 'print "x"x(2**31)'
> but not segfaults with original command
I can reproduce this on i386, but not amd64.
$ perl -le 'print "v"x(2**31+1) ."=1"'
panic: memory wrap at -e line 1.
$ perl -e 'print "x"x(2**31)'
Segmentation fault
Strangely, when I try and reproduce with a vanilla 5.14.3 build, I
get:
$ ./perl -e 'print "x"x(2**31)'
$ echo $?
0
which seems wrong in a different way...
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list