develooper Front page | perl.perl5.porters | Postings from February 2018

Re: [perl #132822] Blead Breaks CPAN:JETTERO/Games-RolePlay-MapGen-1.5008.tar.gz

Thread Previous | Thread Next
From:
Zefram
Date:
February 6, 2018 20:27
Subject:
Re: [perl #132822] Blead Breaks CPAN:JETTERO/Games-RolePlay-MapGen-1.5008.tar.gz
Message ID:
20180206202726.GH1696@fysh.org
Bisects to commit a155eb055a920e456f1b3a516de544bdf104322e "(perl #131895)
fail stat on names with \0 embedded".

The underlying issue is that the Games::RolePlay::MapGen module has a
method (load_map) that takes an argument that can be either the pathname
of a file in Storable format or a string of Storable data.  The method
will interpret Storable data from either the file or the supplied string.
It decides which of these to treat the argument as by the rather poor
method of statting the argument, via -f.  If -f returns true then it
treats the argument as a pathname, otherwise as a data string.

Prior to 5.27.6, a string containing a nul (as a Storable data string
generally will) would be passed to the stat(2) syscall, with only the
part up to the first nul taking effect.  This was inconsistent with the
open() builtin, which has rejected nul-containing pathnames since 5.20.
5.27.6 made stat checks deliberately fail on nul-containing strings
in the same way as open().  This change actually makes G:RP:MG's logic
less dodgy than it previously was: it means that data strings generally
won't be mistaken for pathnames, even if a file exists with a funny name
matching the start of the string.

When a string containing nul is rejected as a pathname Perl emits
a warning.  Normally it would then go on to yield ENOENT from whatever
file-related builtin triggered this.  But G:RP:MG makes a bunch of warning
categories fatal, by the use of the terribly misnamed common::sense
pragma, and the "Invalid \0 character in pathname" warning is one of those
made fatal.  So it has electively made its dodgy logic a fatal error.

There is nothing for the core to change here.  It is for the module to
address the conflict between its use of -f on invalid pathnames and its
choice of warning pragmata.

-zefram

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About