develooper Front page | perl.par | Postings from September 2008

[rt.cpan.org #39233] Suspected buffer overflow while running executable made by Par::Packer

Thread Previous | Thread Next
From:
Clarke, Dave S via RT
Date:
September 12, 2008 18:35
Subject:
[rt.cpan.org #39233] Suspected buffer overflow while running executable made by Par::Packer
Message ID:
rt-3.6.HEAD-24620-1221251502-1121.39233-15-0@rt.cpan.org
Fri Sep 12 16:31:35 2008: Request 39233 was acted upon.
Transaction: Ticket created by dave_clarke@merck.com
       Queue: PAR
     Subject: Suspected buffer overflow while running executable made by Par::Packer
   Broken in: (no value)
    Severity: (no value)
       Owner: Nobody
  Requestors: dave_clarke@merck.com
      Status: new
 Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=39233 >


I have encountered an error while running an executable made by
Par::Packer.  It occurs as part of a regexp pattern match.
The error has been narrowed down to this snippet of code (problem
bolded):
		$_ =
q[TEXT="some_very_large_text_to_be_extracted_between_double_quotes"];
		my $rQStr = qr/"((?:""|[^"])*)"/;
# String between double quotes (")
		my $key = 'TEXT';
		if (m/${key}=${rQStr}/) {
			$_ = $1;
		
$_ at the start of the pattern match contains a large string (> 7000)
characters.
The perl script executes flawlessly, and has been in production for over
a year.  I recently distributed this script and associated modules to
other users using Par::Packer.
The .exe generated by Par::Packer works for strings up to 7261
characters, but fails silently at 7262 characters between the quotes.
In other words, the .exe just exits w/o issuing any kind of error msg.
Perl Version:
This is perl, v5.8.8 built for MSWin32-x86-multi-thread
Binary build 820 [274739] provided by ActiveState
http://www.ActiveState.com
Built Jan 23 2007 15:57:46
Module Versions (installed from bribes):
PAR 		0.982
PAR-Dist	0.31
PAR-Packer	0.982
OS Version:
Microsoft Windows XP Professional
Version	5.1.2600 Service Pack 2 Build 2600
If you need any additional information, or explanation of the problem.
Please E-Mail, or call me using the info below.

Dave Clarke
Aker Solutions Representative  at Merck & Co., Inc
 a& Co., Inc. -  Business Confidential 
Phone: (215)  993-3015
Email: dave_clarke@merck.com


Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
New Jersey, USA 08889), and/or its affiliates (which may be known
outside the United States as Merck Frosst, Merck Sharp & Dohme or
MSD and in Japan, as Banyu - direct contact information for affiliates is
available at http://www.merck.com/contact/contacts.html) that may be
confidential, proprietary copyrighted and/or legally privileged. It is
intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this
message in error, please notify us immediately by reply e-mail and
then delete it from your system.


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About