develooper Front page | perl.perl5.porters | Postings from September 2014

Re: fix for CVE-2014-4330 present in blead

Thread Previous | Thread Next
From:
Karl Williamson
Date:
September 18, 2014 23:46
Subject:
Re: fix for CVE-2014-4330 present in blead
Message ID:
541B6ED5.3090005@khwilliamson.com
On 09/18/2014 12:29 PM, Father Chrysostomos wrote:
> Yves Orton wrote:
>> On 18 September 2014 15:30, Father Chrysostomos <sprout cpan.org> wrote:
>>> Instead of changing the behaviour and setting the default to 1000
>>> whether the user asked for it or not, shouldn't we instead have the
>>> XS implementation fall back to the Perl implementation if it reaches
>>> this limit?
>>>
>>>
>> Personally I would say no. If someone wanted to use the Pure Perl version
>> they would. Falling back to it IMO could make the use case worse.
>
> How could it make it worse?  If I'm already dumping structures 2000
> levels deep (a Mac has no problem with that; 1000 is a joke), then
> my code is going to break.  I would rather have it continue working,
> albeit slowly, than simply croak.
>
> We have introduced a backward-incompatible change here.
>

Not knowing much about this, I tend to agree with FC

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About