[perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow

On Sat Apr 21 14:12:10 2012, john.peacock@havurah-software.org wrote:
> On 04/16/2012 10:10 PM, Ricardo Signes wrote:
> > * Father Chrysostomos via RT<perlbug-followup@perl.org>  [2012-04-
> 16T21:39:47]
> >> On Mon Apr 16 18:22:11 2012, sprout wrote:
> >>> Commit ad63d80fcd28c3 seems to have caused the first regression.
> It
> >>> apparently stops any error from being reported at all.
> >>
> >> And commit c8a14fb6c15f introduced the panic.
> >>
> >> Since this is a regression from 5.8 (and I was really hoping to get
> rid
> >> of all of those!), and since the fix is simple (I’ll probably have
> it
> >> done tonight), can this be fixed for 5.16?
> >
> > I hope so.
> 
> I've just had a chance to look at the fix that Father Chrysostomos
> made
> for this and I am not happy with it at all.  There is already a limit
> on
> the maximum size of any single element of a version object of
> 0x7FFFFFFF
> (see VERSION_MAX in util.c), so we should use something based on that
> as
> the upper limit rather than the magical number 10e50.

If you look carefully at my patch, you will see that added the logic ‘if
this buffer looks too small, use a bigger one’, without changing the
code in any essential way.  The number 10e50 is based on the size of the
existing buffer, with some breathing room.

While using VERSION_MAX would be a better approach, the change would be
more intrusive, would require diligence in making sure valid numbers are
not excluded due to off-by-one, rounding or casting errors, and was not
something I was willing to do during code freeze.

I just removed the panic/overflow in a way that I knew to be safe.

> This also means I need to bump the CPAN release with this fix too.

Alternatively, we could add _01 to version’s version in blead.

> Please, please cc: me on any change to the version code because I
> don't
> always see the p5p changes immediately.

I did CC you.  I hope you don’t mean to say I didn’t. :-)

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: resolved
https://rt.perl.org:443/rt3/Ticket/Display.html?id=112478

• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Father Chrysostomos via RT
• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Father Chrysostomos via RT
• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Father Chrysostomos via RT
• Re: [perl #112478] use asking for very large module version numberraises panic: snprintf buffer overflow by Ricardo Signes
• Re: [perl #112478] use asking for very large module version numberraises panic: snprintf buffer overflow by John Peacock
• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Father Chrysostomos via RT
• Re: [perl #112478] use asking for very large module version numberraises panic: snprintf buffer overflow by John Peacock
• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Father Chrysostomos via RT
• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Father Chrysostomos via RT
• [perl #112478] use asking for very large module version number raises panic: snprintf buffer overflow by Zsban Ambrus