# New Ticket Created by Christoph Otto
# Please include the string: [perl #50186]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=50186 >
The Env PMC doesn't check whether integer indicies are smaller than the number
of elements. This allows the following PIR code to cause a segfault:
$P0 = new .Env
$S0 = $P0[999]
The patch only affects src/pmc/env.pmc.
Index: src/pmc/env.pmc
===================================================================
--- src/pmc/env.pmc (revision 25181)
+++ src/pmc/env.pmc (working copy)
@@ -138,7 +138,7 @@
STRING *get_string_keyed(PMC *key) {
if ((PObj_get_FLAGS(key) & KEY_type_FLAGS) == KEY_integer_FLAG) {
- if (PMC_int_val(key) < 0) {
+ if (PMC_int_val(key) < 0 || PMC_int_val(key) >= DYNSELF.elements()) {
return CONST_STRING(interp, "");
}
else {
