develooper Front page | perl.perl5.porters | Postings from September 2014

Re: fix for CVE-2014-4330 present in blead

Thread Previous | Thread Next
Tony Cook
September 22, 2014 00:02
Re: fix for CVE-2014-4330 present in blead
Message ID:
On Thu, Sep 18, 2014 at 06:29:11PM -0000, Father Chrysostomos wrote:
> How could it make it worse?  If I'm already dumping structures 2000
> levels deep (a Mac has no problem with that; 1000 is a joke), then
> my code is going to break.  I would rather have it continue working,
> albeit slowly, than simply croak.

In a thread darwin crashes well before 2000 levels:

pallas:perl tony$ ./perl -Ilib -MData::Dumper -Mthreads -e 'threads->create(sub { my $s = {}; $s = { s => $s } for 1 .. 1000; print Dumper($s) })->join'
Bus error: 10

which means that limit should probably have been lower.

A trivial change to your code will return to the pre-patch behaviour:

  $Data::Dumper::Maxrecurse = 0;


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About