Storable 3.05_11: croak on sizes read > I32_MAX

detected by coverity: CID 165606 (#2 of 2): Untrusted value as argument (TAINTED_SCALAR) 146. tainted_data: Passing tainted variable size to a tainted sink.
Perl · Mar 29, 2017 · 735d922 · 735d922
1 parent f1e1f90
commit 735d922
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/dist/Storable/Storable.pm b/dist/Storable/Storable.pm
@@ -26,7 +26,7 @@ package Storable; @ISA = qw(Exporter);
 
 use vars qw($canonical $forgive_me $VERSION $XS_VERSION);
 
-$VERSION = '3.05_10';
+$VERSION = '3.05_11';
 $XS_VERSION = $VERSION;
 $VERSION = eval $VERSION;
 

diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
@@ -566,6 +566,8 @@ static stcxt_t *Context_ptr = NULL;
 #define KBUFCHK(x)							\
     STMT_START {							\
         if (x >= ksiz) {                                                \
+            if (x >= I32_MAX)                                           \
+                CROAK(("Too large size > I32_MAX"));                    \
             TRACEME(("** extending kbuf to %d bytes (had %d)",          \
                      (int)(x+1), (int)ksiz));                           \
             Renew(kbuf, x+1, char);                                     \
@@ -5863,8 +5865,7 @@ static SV *retrieve_svundef_elem(pTHX_ stcxt_t *cxt, const char *cname)
  */
 static SV *retrieve_array(pTHX_ stcxt_t *cxt, const char *cname)
 {
-    I32 len;
-    I32 i;
+    I32 len, i;
     AV *av;
     SV *sv;
     HV *stash;