Interger overflow in eval trigger write out of bound

Disclosed: 2017-12-11 07:53:16 By mipu94 To ibb

Medium

Vulnerability Details

Hi security team, i [reported](https://rt.perl.org/Public/Bug/Display.html?id=131562) some samples triggered crash in eval funtion in perl. The bug come because variable `start` and `items` used type `I32` which takes half the range of line_t and folds it into negative numbers, leading to trying to store the lines at negative indexes.

Actions

View on HackerOne

Report Stats

Report ID: 272097
State: Closed
Substate: informative
Upvotes: 2

Interger overflow in eval trigger write out of bound

Vulnerability Details

Actions

Report Stats

Share this report