develooper Front page | perl.perl5.porters | Postings from May 2007

Re: Perl Storable2.16 Bug?

Thread Previous
Joshua ben Jore
May 31, 2007 16:48
Re: Perl Storable2.16 Bug?
Message ID:
On 5/30/07, Matt Spear <> wrote:
> Hi, I think I found a bug(ish) in Storable, if you use freeze/nfreeze to

Aha! Per your other email I've just read your attachment. It's easy to
not notice attachments in gmail. Your fix is to change your safe to
allow the caller opcode or perhaps upgrade to a newer
which does not use() Carp.

It is legitimate for Safe to reject that code because it uses a
disallowed opcode. It is also legitimate to use Carp and other
call-stack using code in It's just when you combine the
two that you've got pain. I just suspect Safe-using code will have to
adapt to allow  anything required as pragmas in deparsed code.

For typical code this means ought to pass all opcodes used by and I'm not sure if's default ruleset
should be adjusted to add caller() or if this is something to expect
users to do. caller() in blead returns something %^H-like too. I don't
recall whether that is writeable or not or whether there are
information leaks.


Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About