develooper Front page | perl.perl5.porters | Postings from September 2014

Re: fix for CVE-2014-4330 present in blead

Thread Previous | Thread Next
From:
Tony Cook
Date:
September 22, 2014 00:02
Subject:
Re: fix for CVE-2014-4330 present in blead
Message ID:
20140922000218.GC32160@mars.tony.develop-help.com
On Thu, Sep 18, 2014 at 06:29:11PM -0000, Father Chrysostomos wrote:
> How could it make it worse?  If I'm already dumping structures 2000
> levels deep (a Mac has no problem with that; 1000 is a joke), then
> my code is going to break.  I would rather have it continue working,
> albeit slowly, than simply croak.

In a thread darwin crashes well before 2000 levels:

pallas:perl tony$ ./perl -Ilib -MData::Dumper -Mthreads -e 'threads->create(sub { my $s = {}; $s = { s => $s } for 1 .. 1000; print Dumper($s) })->join'
Bus error: 10

which means that limit should probably have been lower.

A trivial change to your code will return to the pre-patch behaviour:

  $Data::Dumper::Maxrecurse = 0;

Tony

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About