/ 
perl-5.42.2
⭐ Starred 2013 / ExtUtils::Miniperl
Security Advisories (1)
CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

ExtUtils::Miniperl - write the C code for miniperlmain.c and perlmain.c

SYNOPSIS

use ExtUtils::Miniperl;
writemain(@directories);
# or
writemain($fh, @directories);
# or
writemain(\$filename, @directories);

DESCRIPTION

writemain() takes an argument list of zero or more directories containing archive libraries that relate to perl modules and should be linked into a new perl binary. It writes a corresponding miniperlmain.c or perlmain.c file that is a plain C file containing all the bootstrap code to make the modules associated with the libraries available from within perl. If the first argument to writemain() is a reference to a scalar it is used as the filename to open for output. Any other reference is used as the filehandle to write to. Otherwise output defaults to STDOUT.

The typical usage is from within perl's own Makefile (to build perlmain.c) or from regen/miniperlmain.pl (to build miniperlmain.c). So under normal circumstances you won't have to deal with this module directly.

SEE ALSO

ExtUtils::MakeMaker