From 515c395bcca24c55c85b5aeea239e5e836c36059 Mon Sep 17 00:00:00 2001 From: Tony Cook Date: Wed, 23 Aug 2017 14:18:26 +1000 Subject: [PATCH] (perl #131562) correct large line numbers copying eval lines on #line Previously this used I32 for line numbers, which takes half the range of line_t and folds it into negative numbers, leading to trying to store the lines at negative indexes. The while loop was also modified to stop storing if/when the line number no longer fits into cop_line, or no longer fits into SSize_t (as a positive number) since the index parameter to av_store() is a SSize_t. --- toke.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/toke.c b/toke.c index de4ab2e65224..5a3fe78472e5 100644 --- a/toke.c +++ b/toke.c @@ -1829,14 +1829,14 @@ S_incline(pTHX_ const char *s, const char *end) } else if (GvAV(cfgv)) { AV * const av = GvAV(cfgv); - const I32 start = CopLINE(PL_curcop)+1; - I32 items = AvFILLp(av) - start; + const line_t start = CopLINE(PL_curcop)+1; + SSize_t items = AvFILLp(av) - start; if (items > 0) { AV * const av2 = GvAVn(gv2); SV **svp = AvARRAY(av) + start; - I32 l = (I32)line_num+1; - while (items--) - av_store(av2, l++, SvREFCNT_inc(*svp++)); + Size_t l = line_num+1; + while (items-- && l < SSize_t_MAX && l == (line_t)l) + av_store(av2, (SSize_t)l++, SvREFCNT_inc(*svp++)); } } }