develooper Front page | perl.perl5.porters | Postings from May 2007

Re: Perl Storable2.16 Bug?

Thread Previous
From:
Joshua ben Jore
Date:
May 31, 2007 16:48
Subject:
Re: Perl Storable2.16 Bug?
Message ID:
dc5c751d0705311646g29657e24x5de20bd0969e3695@mail.gmail.com
On 5/30/07, Matt Spear <batman900@gmail.com> wrote:
> Hi, I think I found a bug(ish) in Storable, if you use freeze/nfreeze to

Aha! Per your other email I've just read your attachment. It's easy to
not notice attachments in gmail. Your fix is to change your safe to
allow the caller opcode or perhaps upgrade to a newer warnings.pm
which does not use() Carp.

It is legitimate for Safe to reject that code because it uses a
disallowed opcode. It is also legitimate to use Carp and other
call-stack using code in warnings.pm. It's just when you combine the
two that you've got pain. I just suspect Safe-using code will have to
adapt to allow  anything required as pragmas in deparsed code.

For typical code this means Safe.pm ought to pass all opcodes used by
strict.pm and warnings.pm. I'm not sure if Safe.pm's default ruleset
should be adjusted to add caller() or if this is something to expect
users to do. caller() in blead returns something %^H-like too. I don't
recall whether that is writeable or not or whether there are
information leaks.

Josh

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About