develooper Front page | perl.perl5.porters | Postings from April 2016

[perl #123562] [CVE-2015-8853] Regexp-matching "hangs" indefinitelyon illegal input using binmode :utf8 using 100%CPU

Thread Next
Dominic Hargreaves via RT
April 23, 2016 21:51
[perl #123562] [CVE-2015-8853] Regexp-matching "hangs" indefinitelyon illegal input using binmode :utf8 using 100%CPU
Message ID:
On Sat Apr 23 11:40:13 2016, wrote:
> On 04/23/2016 03:50 AM, Dominic Hargreaves wrote:
> > On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote:

> >> FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4
> >>
> >> I can do other backports if needed.
> >
> > Hi yves,
> >
> > Do you mean 5.20.x for one of these? I couldn't see any pushes to
> > either
> > maint-5.18 or maint-5.20, so wondering where these went.

> He prudently is smoking them first
> me/rt_123562_5184
> me/rt_123562_5182

Ah, great. Thanks for pointing that out!

I had a closer look, and I noticed that in blead, 22b433eff9a1ffa2454e18405a56650f07b385b5 was followed by d820a0ff34c7df39297a54193fd756bb42c5c06e which amends the change to use Perl_croak_nocontext(). That change did not make it into maint-5.22, nor is it in either of the above smoke branches. Is this important?

Anyway, I've pushed the same change to smoke-me/rt_123562_520 too.


via perlbug:  queue: perl5 status: pending release

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About