Security Advisories (3)
CVE-2026-13221 (2026-07-13)

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.

CVE-2026-57432 (2026-07-13)

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

pod/buildtoc - Generate table of contents

DESCRIPTION

This program generates a table of contents for the documentation included in the Perl core distribution. This table of contents takes two forms:

1 pod/perltoc.pod

A file in Perl's Plain Old Documentation (POD) format found in the pod/ directory in the core distribution. Once Perl is installed, this file becomes accessible system-wide via perldoc perltoc.

2 pod/roffitall

A shell script originally written by Tom Christiansen and Raphael Manfredi, also found in the pod/ directory, which can be used to translate Perl documentation into man pages.

USAGE

This program will typically not need to be called directly by a user. Rather, it is one of the last commands invoked during make test_prep:

./perl -Ilib -I. -f pod/buildtoc -q

The only command-line switch is -q|--quiet, which quiets some non-critical warnings.

Diagnosing Problems

This program requires Porting/pod_lib.pl and makes use of several subroutines found in that file: get_pod_metadata() and pods_to_install() in particular. Consequently, any warnings or exceptions you see when this program is running may be being passed through from those subroutines. You may have to (a) examine those subroutines and/or (b) run that program from the command-line to fully understand what is causing such warnings or exceptions.

AUTHORS and MAINTENANCE

This program was introduced into the Perl 5 core distribution by Andy Dougherty, based on earlier work by Tom Christiansen. It is maintained by the Perl 5 Porters.