fix harmless invalid read in Perl_re_compile()

[perl #2460] described a case where electric fence reported an invalid read. This could be reproduced under valgrind with blead and -e'/x/', but only on a non-debugging build. This was because it was checking for certain pairs of nodes (e.g. BOL + END) and wasn't allowing for EXACT nodes, which have the string at the next node position when using a naive NEXTOPER(first). In the non-debugging build, the nodes aren't initialised to zero, and a 1-char EXACT node isn't long enough to spill into the type field of the "next node". Fix this by only using NEXTOPER(first) when we know the first node is kosher.
Perl · Jan 24, 2011 · f6d9469 · f6d9469
1 parent 010f0c4
commit f6d9469
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/regcomp.c b/regcomp.c
@@ -5105,13 +5105,13 @@ Perl_re_compile(pTHX_ SV * const pattern, U32 orig_pm_flags)
     else {
         regnode *first = ri->program + 1;
         U8 fop = OP(first);
-        U8 nop = OP(NEXTOPER(first));
-
-        if (PL_regkind[fop] == NOTHING && nop == END)
+
+        if (PL_regkind[fop] == NOTHING && OP(NEXTOPER(first)) == END)
             r->extflags |= RXf_NULL;
-        else if (PL_regkind[fop] == BOL && nop == END)
+        else if (PL_regkind[fop] == BOL && OP(NEXTOPER(first)) == END)
             r->extflags |= RXf_START_ONLY;
-        else if (fop == PLUS && nop ==SPACE && OP(regnext(first))==END)
+        else if (fop == PLUS && OP(NEXTOPER(first)) == SPACE
+			     && OP(regnext(first)) == END)
             r->extflags |= RXf_WHITE;    
     }
 #endif