develooper Front page | perl.par | Postings from September 2008

RE: [rt.cpan.org #39233] Suspected buffer overflow while running executable made by Par::Packer

Thread Previous | Thread Next
From:
Clarke, Dave S via RT
Date:
September 16, 2008 07:13
Subject:
RE: [rt.cpan.org #39233] Suspected buffer overflow while running executable made by Par::Packer
Message ID:
rt-3.6.HEAD-11521-1221513004-278.39233-15-0@rt.cpan.org
Mon Sep 15 17:10:04 2008: Request 39233 was acted upon.
Transaction: Correspondence added by dave_clarke@merck.com
       Queue: PAR
     Subject: RE: [rt.cpan.org #39233] Suspected buffer overflow while running executable made by Par::Packer
   Broken in: (no value)
    Severity: (no value)
       Owner: Nobody
  Requestors: dave_clarke@merck.com
      Status: open
 Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=39233 >


Steffen,

I reduced the script to the following, which still demonstrates the
problem.  I am running both the script and the .exe on the same machine.
By the way, I tried using the regexp that you supplied, and it runs fine
in both the interpreted and compiled mode.  It makes a lot more sense,
when I take a few minutes to study it.

	use strict;
	use warnings;

	my $pre  = q[TEXT="];
	my $filler = q[A long string with an ""embedded quotation"" in
it] x 10;
	my $post = q["];

	my $key = 'TEXT';
	my $rQStr1 = qr/"((?>(""|[^"]+)*))"/;		# RE that
Steffen recommends
	my $rQStr2 = qr/"((?:""|[^"])*)"/;			# RE
that crashes

	for my $loop (1..100) {
		$_ = $pre . ( $filler x $loop) . $post;
		my $size = length($_);
		if ( m/${key}=${rQStr1}/) {
			warn "Iteration $loop: RE1: String size $size,
matched size " . length($1) . "\n";
		}
		if ( m/${key}=${rQStr2}/) {
			warn "Iteration $loop: RE2: String size $size,
matched size " . length($1) . "\n";
		}
	}

__END__

perl h.pl
pp -o h.exe h.pl
h.exe

The results are interesting:  The script starts generating warnings for
$rQStr2 on loop 69-100.  The .exe stops after loop 8.

...
Iteration 8: RE1: String size 4007, matched size 4000
...
Iteration 68: RE1: String size 34007, matched size 34000
Iteration 68: RE2: String size 34007, matched size 34000
Iteration 69: RE1: String size 34507, matched size 34500
Complex regular subexpression recursion limit (32766) exceeded at h.pl
line 19.
Iteration 69: RE2: String size 34507, matched size 34122
...
Iteration 100: RE1: String size 50007, matched size 50000
Complex regular subexpression recursion limit (32766) exceeded at h.pl
line 20.
Iteration 100: RE2: String size 50007, matched size 34122


Environment:

Perl Version:
This is perl, v5.8.8 built for MSWin32-x86-multi-thread
Binary build 820 [274739] provided by ActiveState
http://www.ActiveState.com
Built Jan 23 2007 15:57:46
Module Versions (installed from bribes):
PAR 		0.982
PAR-Dist	0.31
PAR-Packer	0.982
OS Version:
Microsoft Windows XP Professional
Version	5.1.2600 Service Pack 2 Build 2600

Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
New Jersey, USA 08889), and/or its affiliates (which may be known
outside the United States as Merck Frosst, Merck Sharp & Dohme or
MSD and in Japan, as Banyu - direct contact information for affiliates is
available at http://www.merck.com/contact/contacts.html) that may be
confidential, proprietary copyrighted and/or legally privileged. It is
intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this
message in error, please notify us immediately by reply e-mail and
then delete it from your system.



Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About