This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5dcc841) | patch
Data::Dumper: handle huge inputs on 64-bit platforms
authorAaron Crane <arc@cpan.org>
Tue, 12 Jan 2016 00:05:40 +0000 (00:05 +0000)
committerAaron Crane <arc@cpan.org>
Tue, 12 Jan 2016 00:41:24 +0000 (00:41 +0000)
commit2415a0a27e4707ca7be52f2a92148dcc8d517aa1
treebc0873af7d5049b14f2792ae0a3bd4628d7598ebtree | snapshot
parent5dcc8417a3fe161282405373988b7a279bef500dcommit | diff
Data::Dumper: handle huge inputs on 64-bit platforms

Several quantities relating to string escaping were being stored in 32-bit
variables. On a 64-bit system, pathological inputs could overflow the
available space and cause incorrect output.

The test for this requires about 10 GB of memory, so it is disabled except
when PERL_TEST_MEMORY is set to at least 10.

There are other questionable-looking uses of I32 in Dumper.xs, but they
don't seem to be exploitable. (It helps, for example, that the core hash API
restricts key lengths to 2**31-1.) That said, it may be worth auditing the
code rather more carefully for potential problems.
MANIFEST diff | blob | blame | history
dist/Data-Dumper/Dumper.pm diff | blob | blame | history
dist/Data-Dumper/Dumper.xs diff | blob | blame | history
dist/Data-Dumper/t/huge.t [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.