develooper Front page | perl.perl5.porters | Postings from December 2015

Corrupt UTF8 Package names

Thread Next
From:
demerphq
Date:
December 22, 2015 15:49
Subject:
Corrupt UTF8 Package names
Message ID:
CANgJU+Viz4=HUaC90XZosLbTZWQLcyompreQKJvZBtj04YHFGg@mail.gmail.com
There are some internal API's related to globnames and package names
that will cause Perl to segfault if you feed them broken utf8 marked
as utf8.

This was discovered by AFL fuzzing of Sereal. Since these are internal
API's it is arguable its the callers responsibility to ensure the utf8
is valid. But its also arguable that perl should choke/refuse such
strings anyway.

I dont care either way, I am just curious if people think this is
bug-report worthy. If so I will file a more detailed ticket. If not
maybe ill file a doc patch for the functions I know about.

Anybody care to express an opinion?

Yves

-- 
perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About