develooper Front page | perl.perl5.porters | Postings from April 2016

Re: [perl #123562] [CVE-2015-8853] Regexp-matching "hangs"indefinitely on illegal input using binmode :utf8 using 100%CPU

Thread Previous
From:
demerphq
Date:
April 24, 2016 06:15
Subject:
Re: [perl #123562] [CVE-2015-8853] Regexp-matching "hangs"indefinitely on illegal input using binmode :utf8 using 100%CPU
Message ID:
CANgJU+VHpRqO_WBwKHoxrVd9gcZB0V6iW38JhBY1x7t5EGnL3w@mail.gmail.com
On 24 April 2016 at 00:28, Karl Williamson <public@khwilliamson.com> wrote:
> On 04/23/2016 03:51 PM, Dominic Hargreaves via RT wrote:
>>
>> On Sat Apr 23 11:40:13 2016, public@khwilliamson.com wrote:
>>>
>>> On 04/23/2016 03:50 AM, Dominic Hargreaves wrote:
>>>>
>>>> On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote:
>>
>>
>>>>> FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4
>>>>>
>>>>> I can do other backports if needed.
>>>>
>>>>
>>>> Hi yves,
>>>>
>>>> Do you mean 5.20.x for one of these? I couldn't see any pushes to
>>>> either
>>>> maint-5.18 or maint-5.20, so wondering where these went.
>>
>>
>>> He prudently is smoking them first
>>>
>>> http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke-
>>> me/rt_123562_5184
>>>
>>> http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke-
>>> me/rt_123562_5182
>>
>>
>> Ah, great. Thanks for pointing that out!
>>
>> I had a closer look, and I noticed that in blead,
>> 22b433eff9a1ffa2454e18405a56650f07b385b5 was followed by
>> d820a0ff34c7df39297a54193fd756bb42c5c06e which amends the change to use
>> Perl_croak_nocontext(). That change did not make it into maint-5.22, nor is
>> it in either of the above smoke branches. Is this important?
>
>
>
> It would be slightly better to use change as amended, but I don't think it
> is 'important'

If its just a performance thing then I agree.

Yves


-- 
perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About