develooper Front page | perl.perl5.porters | Postings from February 2018

Re: [perl #132828] Tricky code can bypass Carp overload protectionsand trigger exceptions

Thread Previous
From:
demerphq
Date:
February 7, 2018 21:09
Subject:
Re: [perl #132828] Tricky code can bypass Carp overload protectionsand trigger exceptions
Message ID:
CANgJU+XirJYbnsMOeewibfOgJF42tF=ogsPaMC0V14uG=0a03w@mail.gmail.com
On 7 February 2018 at 21:56, yves orton <perlbug-followup@perl.org> wrote:
> # New Ticket Created by  yves orton
> # Please include the string:  [perl #132828]
> # in the subject line of all future correspondence about this issue.
> # <URL: https://rt.perl.org/Ticket/Display.html?id=132828 >
>
>
> This produces interesting results:
>
> perl -MCarp -E 'package OverloadedInXS { my $n = \&overload::nil; my
> $p = __PACKAGE__; *{$p."::(("} = $n; *{$p.q!::(""!} = sub { return
> "<My Stringify>" };  } for (1, 2) { sub { Carp::cluck("") }->(bless
> {}, "OverloadedInXS"); require overload }'
>
>  at -e line 1.
> main::__ANON__(<My Stringify>) called at -e line 1
>  at -e line 1.
> main::__ANON__(OverloadedInXS=HASH(0xfe6ed8)) called at -e line 1
>
> So one can get around Carp's defenses against overloading. Which means...
>
> perl -MCarp -E 'package OverloadedInXS { my $n = \&overload::nil; my
> $p = __PACKAGE__; *{$p."::(("} = $n; *{$p.q!::(""!} = sub {
> Carp::cluck "<My Stringify>" };  } for (1, 2) { sub { Carp::cluck("")
> }->(bless {}, "OverloadedInXS"); require overload }'

Simplifies to:

perl -MCarp -E 'my $p = "OverloadedInXS"; *{$p."::(("} = sub{};
*{$p.q!::(""!} = sub { Carp::cluck "<My Stringify>" }; sub {
Carp::cluck("") }->(bless {}, $p);'

> This applies to the most recent perl as well. The following patch,
> against smoke-me/rt52610 version of Carp:
>
> diff --git a/dist/Carp/lib/Carp.pm b/dist/Carp/lib/Carp.pm
> index f4ae975..6d4df6e 100644
> --- a/dist/Carp/lib/Carp.pm
> +++ b/dist/Carp/lib/Carp.pm
> @@ -322,6 +322,11 @@ sub format_arg {
>          }
>          else
>          {
> +            {
> +                no strict 'refs';
> +                my $pack= ref $arg;
> +                if (*{$pack."::(("}{CODE}) { require overload; }
> +            }
>             my $sub = _fetch_sub(overload => 'StrVal');
>             return $sub ? &$sub($arg) : "$arg";
>          }
>
> fixes the segault by checking to see if overloading is enabled, and if
> it is requiring overload. Even if they had a good reason to avoid
> loading overload in the first place, surely doing so to avoid a
> possible segault in an exception is reasonable.
>
> Yves
> ps: Brian Fraser found this neat trick. Which I am unfortunately
> having to wet-blanket. :-)
>
>
> --
> perl -Mre=debug -e "/just|another|perl|hacker/"
>



-- 
perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About