This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Data::Dumper: handle huge inputs on 64-bit platforms
authorAaron Crane <arc@cpan.org>
Tue, 12 Jan 2016 00:05:40 +0000 (00:05 +0000)
committerAaron Crane <arc@cpan.org>
Tue, 12 Jan 2016 00:41:24 +0000 (00:41 +0000)
commit2415a0a27e4707ca7be52f2a92148dcc8d517aa1
treebc0873af7d5049b14f2792ae0a3bd4628d7598eb
parent5dcc8417a3fe161282405373988b7a279bef500d
Data::Dumper: handle huge inputs on 64-bit platforms

Several quantities relating to string escaping were being stored in 32-bit
variables. On a 64-bit system, pathological inputs could overflow the
available space and cause incorrect output.

The test for this requires about 10 GB of memory, so it is disabled except
when PERL_TEST_MEMORY is set to at least 10.

There are other questionable-looking uses of I32 in Dumper.xs, but they
don't seem to be exploitable. (It helps, for example, that the core hash API
restricts key lengths to 2**31-1.) That said, it may be worth auditing the
code rather more carefully for potential problems.
MANIFEST
dist/Data-Dumper/Dumper.pm
dist/Data-Dumper/Dumper.xs
dist/Data-Dumper/t/huge.t [new file with mode: 0644]