On Tue Sep 13 11:54:55 2016, demerphq wrote: > On 13 September 2016 at 20:28, Andy Lester <andy@petdance.com> wrote: > > > > > On Sep 13, 2016, at 1:25 PM, demerphq <demerphq@gmail.com> wrote: > > > > > I did not search for other examples. I thought it might be best to > > > open a discussion before proceeding on any work. > > > > Not sure what there is to discuss really. Wrong is wrong. ☺️ > > > > > > I took the comment to mean “For all I know, there may be other examples > > elsewhere in the codebase, and it might even be a security hole, but I > > haven’t investigated further, but someone probably should before we just > > patch this and call it done." > > > > Ah, good catch. Well, maybe there is a security hole here, I don't know. > > But there are a lot of issues with the code as written. In several places > it accesses memory it can't know that we own. > > It looks to me like if you called this function with a string which ended > in exactly one colon that we would continue reading until we hit a null or > segfaulted. > > What would /then/ happen is not clear. This is an API, function, right? So we can add a test to XS::APItest? -- Father Chrysostomos --- via perlbug: queue: perl5 status: open https://rt.perl.org/Ticket/Display.html?id=129267Thread Previous | Thread Next