develooper Front page | perl.perl5.porters | Postings from May 2016

[perl #128225] substitution within (?{}) causes segmentation fault

Thread Previous | Thread Next
From:
=?UTF-8?B?RGFuaWVsIMiYdXRldQ==?= via RT
Date:
May 25, 2016 23:33
Subject:
[perl #128225] substitution within (?{}) causes segmentation fault
Message ID:
rt-4.0.18-21893-1464219230-1352.128225-15-0@perl.org
On Wed May 25 15:55:20 2016, sprout wrote:
> On Wed May 25 15:42:20 2016, trizenx@gmail.com wrote:
> > Code simplified to:
> >
> > ### BEGIN-CODE ###
> >
> > m{
> >     (?{ print "hi\n" })
> > }x;
> >
> > //;//;//;//;//;
> >
> > ### END-CODE ###
> 
> I don‘t see what the bug is here.  The empty pattern re-uses the last
> successful match.

I never heard of this behavior before. Is this officially documented?

Personally, I see it as a security issue. For example, consider the following artificial scenario:

### BEGIN-CODE ###

/(?{ print "sending money\n" })/x;

print "Insert regex: ";
chomp(my $regex = <STDIN>);        # just press ENTER
/\Q$regex/;                        # will send money again

### END-CODE ###

If a user inserts a regular expression that happens to coincide with the last regular expression that successfully matched, but also executed some code in (?{}), the same code will be executed again, which is something that I don't think it should happen.

In the above scenario, a user can take advantage of this behavior and exploit it in his favor, making it a security hole.

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=128225

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About