develooper Front page | perl.perl5.porters | Postings from September 2014

Re: fix for CVE-2014-4330 present in blead

Thread Previous | Thread Next
Karl Williamson
September 18, 2014 23:46
Re: fix for CVE-2014-4330 present in blead
Message ID:
On 09/18/2014 12:29 PM, Father Chrysostomos wrote:
> Yves Orton wrote:
>> On 18 September 2014 15:30, Father Chrysostomos <sprout> wrote:
>>> Instead of changing the behaviour and setting the default to 1000
>>> whether the user asked for it or not, shouldn't we instead have the
>>> XS implementation fall back to the Perl implementation if it reaches
>>> this limit?
>> Personally I would say no. If someone wanted to use the Pure Perl version
>> they would. Falling back to it IMO could make the use case worse.
> How could it make it worse?  If I'm already dumping structures 2000
> levels deep (a Mac has no problem with that; 1000 is a joke), then
> my code is going to break.  I would rather have it continue working,
> albeit slowly, than simply croak.
> We have introduced a backward-incompatible change here.

Not knowing much about this, I tend to agree with FC

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About