Skip Menu |
Report information
Id: 123562
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: torge.husfeldt [at] 1und1.de
Cc: dom <dom [at] earth.li>
AdminCc:

Operating System: Linux
PatchStatus: (no value)
Severity: low
Type: core
Perl Version: 5.18.2
Fixed In: (no value)



From: Torge Husfeldt <torge.husfeldt [...] 1und1.de>
To: perlbug [...] perl.org
Subject: Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
Date: Wed, 07 Jan 2015 16:14:59 +0100
Download (untitled) / with headers
text/plain 9.8k
This is a bug report for perl from torge.husfeldt@1und1.de, generated with the help of perlbug 1.39 running under perl 5.18.2. ----------------------------------------------------------------- [Please describe your issue here] This only gets triggered for specific regexes. I stumbled upon this while feeding utf-8-filehandles to MIME::Parser which in hindsight seems to be a bad idea. To reproduce: echo -e "a\x80" | perl -e 'binmode STDIN, ":utf8"; while (<>){/(\n\r|\r)$/ ; print "DONE\n"}' Result: 100% CPU + no progress Expected Result: some kind of error message [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=low --- Site configuration information for perl 5.18.2: Configured by Debian Project at Thu Mar 27 18:28:21 UTC 2014. Summary of my perl5 (revision 5 version 18 subversion 2) configuration: Platform: osname=linux, osvers=3.2.0-58-generic, archname=x86_64-linux-gnu-thread-multi uname='linux brownie 3.2.0-58-generic #88-ubuntu smp tue dec 3 17:37:58 utc 2013 x86_64 x86_64 x86_64 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Dldflags= -Wl,-Bsymbolic-functions -Wl,-z,relro -Dlddlflags=-shared -Wl,-Bsymbolic-functions -Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.18 -Darchlib=/usr/lib/perl/5.18 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.18.2 -Dsitearch=/usr/local/lib/perl/5.18.2 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -Ui_libutil -Uversiononly -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.18.2 -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fstack-protector -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2 -g', cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fstack-protector -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='4.8.2', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt perllibs=-ldl -lm -lpthread -lc -lcrypt libc=, so=so, useshrplib=true, libperl=libperl.so.5.18.2 gnulibc_version='2.19' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib -fstack-protector' Locally applied patches: DEBPKG:debian/cpan_definstalldirs - Provide a sensible INSTALLDIRS default for modules installed from CPAN. DEBPKG:debian/db_file_ver - http://bugs.debian.org/340047 Remove overly restrictive DB_File version check. DEBPKG:debian/doc_info - Replace generic man(1) instructions with Debian-specific information. DEBPKG:debian/enc2xs_inc - http://bugs.debian.org/290336 Tweak enc2xs to follow symlinks and ignore missing @INC directories. DEBPKG:debian/errno_ver - http://bugs.debian.org/343351 Remove Errno version check due to upgrade problems with long-running processes. DEBPKG:debian/libperl_embed_doc - http://bugs.debian.org/186778 Note that libperl-dev package is required for embedded linking DEBPKG:fixes/respect_umask - Respect umask during installation DEBPKG:debian/writable_site_dirs - Set umask approproately for site install directories DEBPKG:debian/extutils_set_libperl_path - EU:MM: Set location of libperl.a to /usr/lib DEBPKG:debian/no_packlist_perllocal - Don't install .packlist or perllocal.pod for perl or vendor DEBPKG:debian/prefix_changes - Fiddle with *PREFIX and variables written to the makefile DEBPKG:debian/fakeroot - Postpone LD_LIBRARY_PATH evaluation to the binary targets. DEBPKG:debian/instmodsh_doc - Debian policy doesn't install .packlist files for core or vendor. DEBPKG:debian/ld_run_path - Remove standard libs from LD_RUN_PATH as per Debian policy. DEBPKG:debian/libnet_config_path - Set location of libnet.cfg to /etc/perl/Net as /usr may not be writable. DEBPKG:debian/mod_paths - Tweak @INC ordering for Debian DEBPKG:debian/module_build_man_extensions - http://bugs.debian.org/479460 Adjust Module::Build manual page extensions for the Debian Perl policy DEBPKG:debian/prune_libs - http://bugs.debian.org/128355 Prune the list of libraries wanted to what we actually need. DEBPKG:fixes/net_smtp_docs - [rt.cpan.org #36038] http://bugs.debian.org/100195 Document the Net::SMTP 'Port' option DEBPKG:debian/perlivp - http://bugs.debian.org/510895 Make perlivp skip include directories in /usr/local DEBPKG:debian/cpanplus_definstalldirs - http://bugs.debian.org/533707 Configure CPANPLUS to use the site directories by default. DEBPKG:debian/cpanplus_config_path - Save local versions of CPANPLUS::Config::System into /etc/perl. DEBPKG:debian/deprecate-with-apt - http://bugs.debian.org/702096 Point users to Debian packages of deprecated core modules DEBPKG:debian/squelch-locale-warnings - http://bugs.debian.org/508764 Squelch locale warnings in Debian package maintainer scripts DEBPKG:debian/skip-upstream-git-tests - Skip tests specific to the upstream Git repository DEBPKG:debian/patchlevel - http://bugs.debian.org/567489 List packaged patches for 5.18.2-2ubuntu1 in patchlevel.h DEBPKG:debian/skip-kfreebsd-crash - http://bugs.debian.org/628493 [perl #96272] Skip a crashing test case in t/op/threads.t on GNU/kFreeBSD DEBPKG:fixes/document_makemaker_ccflags - http://bugs.debian.org/628522 [rt.cpan.org #68613] Document that CCFLAGS should include $Config{ccflags} DEBPKG:debian/find_html2text - http://bugs.debian.org/640479 Configure CPAN::Distribution with correct name of html2text DEBPKG:debian/hurd_test_skip_stack - http://bugs.debian.org/650175 Disable failing GNU/Hurd tests dist/threads/t/stack.t DEBPKG:fixes/manpage_name_Test-Harness - http://bugs.debian.org/650451 [rt.cpan.org #73399] cpan/Test-Harness: add NAME headings in modules with POD DEBPKG:debian/makemaker-pasthru - http://bugs.debian.org/660195 [rt.cpan.org #28632] Make EU::MM pass LD through to recursive Makefile.PL invocations DEBPKG:debian/perl5db-x-terminal-emulator.patch - http://bugs.debian.org/668490 Invoke x-terminal-emulator rather than xterm in perl5db.pl DEBPKG:debian/cpan-missing-site-dirs - http://bugs.debian.org/688842 Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable DEBPKG:fixes/memoize_storable_nstore - [rt.cpan.org #77790] http://bugs.debian.org/587650 Memoize::Storable: respect 'nstore' option not respected DEBPKG:fixes/net_ftp_failed_command - [rt.cpan.org #37700] http://bugs.debian.org/491062 Net::FTP: cope gracefully with a failed command DEBPKG:fixes/perlbug-patchlist - [3541c11] http://bugs.debian.org/710842 [perl #118433] Make perlbug look up the list of local patches at run time DEBPKG:fixes/module_metadata_security_doc - [68cdd4b] CVE-2013-1437 documentation fix DEBPKG:fixes/module_metadata_taint_fix - [bff978f] http://bugs.debian.org/722210 [rt.cpan.org #88576] untaint version, if needed, in Module::Metadata DEBPKG:fixes/IPC-SysV-spelling - http://bugs.debian.org/730558 [rt.cpan.org #86736] Fix spelling of IPC_CREAT in IPC-SysV documentation DEBPKG:fixes/fix-undef-source - --- @INC for perl 5.18.2: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl . --- Environment for perl 5.18.2: HOME=/home/thusfeldt LANG=de_DE.UTF-8 LANGUAGE=de_DE LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games PERL_BADLANG (unset) SHELL=/bin/bash -- Torge Husfeldt Senior Anti-Abuse Engineer Abuse-Department 1&1 International 1&1 Internet Service GmbH | Brauerstraße 50 | 76135 Karlsruhe | Germany Phone: +49 721 91374-4795 E-Mail: torge.husfeldt@1und1.de | Web: www.1und1.de Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 20141 Geschäftsführer: Frank Einhellinger, Uwe Lamnek, Jan Oetjen Member of United Internet Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that saving, distribution or use of the content of this e-mail in any way is prohibited. If you have received this e-mail in error, please notify the sender and delete the e-mail.
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 9.2k
On Wed Jan 07 07:15:24 2015, torge.husfeldt@1und1.de wrote: Show quoted text
> This is a bug report for perl from torge.husfeldt@1und1.de, > generated with the help of perlbug 1.39 running under perl 5.18.2. > > >
Confirmed with blead (3147e83bb9692573356e676668be17d48f48828c) on Ubuntu Linux 14.04 LTS. ----------------------------------------------------------------- Show quoted text
> [Please describe your issue here] > > This only gets triggered for specific regexes. I stumbled upon this > while feeding utf-8-filehandles to MIME::Parser which in hindsight > seems > to be a bad idea. > > To reproduce: > echo -e "a\x80" | perl -e 'binmode STDIN, ":utf8"; while > (<>){/(\n\r|\r)$/ ; print "DONE\n"}' > > Result: 100% CPU + no progress > > Expected Result: some kind of error message > > > > [Please do not change anything below this line] > ----------------------------------------------------------------- > --- > Flags: > category=core > severity=low > --- > Site configuration information for perl 5.18.2: > > Configured by Debian Project at Thu Mar 27 18:28:21 UTC 2014. > > Summary of my perl5 (revision 5 version 18 subversion 2) > configuration: > > Platform: > osname=linux, osvers=3.2.0-58-generic, > archname=x86_64-linux-gnu-thread-multi > uname='linux brownie 3.2.0-58-generic #88-ubuntu smp tue dec 3 > 17:37:58 utc 2013 x86_64 x86_64 x86_64 gnulinux ' > config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN > -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 > -Wformat -Werror=format-security -Dldflags= -Wl,-Bsymbolic-functions > -Wl,-z,relro -Dlddlflags=-shared -Wl,-Bsymbolic-functions -Wl,-z,relro > -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr > -Dprivlib=/usr/share/perl/5.18 -Darchlib=/usr/lib/perl/5.18 > -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 > -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local > -Dsitelib=/usr/local/share/perl/5.18.2 > -Dsitearch=/usr/local/lib/perl/5.18.2 -Dman1dir=/usr/share/man/man1 > -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 > -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 > -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh > -Ud_ualarm > -Uusesfio -Uusenm -Ui_libutil -Uversiononly -DDEBUGGING=-g > -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.18.2 -des' > hint=recommended, useposix=true, d_sigaction=define > useithreads=define, usemultiplicity=define > useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef > use64bitint=define, use64bitall=define, uselongdouble=undef > usemymalloc=n, bincompat5005=undef > Compiler: > cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN > -fstack-protector -fno-strict-aliasing -pipe -I/usr/local/include > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', > optimize='-O2 -g', > cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fstack-protector > -fno-strict-aliasing -pipe -I/usr/local/include' > ccversion='', gccversion='4.8.2', gccosandvers='' > intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 > d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 > ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', > lseeksize=8 > alignbytes=8, prototype=define > Linker and Libraries: > ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' > libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib > /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib > libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt > perllibs=-ldl -lm -lpthread -lc -lcrypt > libc=, so=so, useshrplib=true, libperl=libperl.so.5.18.2 > gnulibc_version='2.19' > Dynamic Linking: > dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' > cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib > -fstack-protector' > > Locally applied patches: > DEBPKG:debian/cpan_definstalldirs - Provide a sensible INSTALLDIRS > default for modules installed from CPAN. > DEBPKG:debian/db_file_ver - http://bugs.debian.org/340047 Remove > overly restrictive DB_File version check. > DEBPKG:debian/doc_info - Replace generic man(1) instructions with > Debian-specific information. > DEBPKG:debian/enc2xs_inc - http://bugs.debian.org/290336 Tweak > enc2xs to follow symlinks and ignore missing @INC directories. > DEBPKG:debian/errno_ver - http://bugs.debian.org/343351 Remove > Errno > version check due to upgrade problems with long-running processes. > DEBPKG:debian/libperl_embed_doc - http://bugs.debian.org/186778 > Note > that libperl-dev package is required for embedded linking > DEBPKG:fixes/respect_umask - Respect umask during installation > DEBPKG:debian/writable_site_dirs - Set umask approproately for > site > install directories > DEBPKG:debian/extutils_set_libperl_path - EU:MM: Set location of > libperl.a to /usr/lib > DEBPKG:debian/no_packlist_perllocal - Don't install .packlist or > perllocal.pod for perl or vendor > DEBPKG:debian/prefix_changes - Fiddle with *PREFIX and variables > written to the makefile > DEBPKG:debian/fakeroot - Postpone LD_LIBRARY_PATH evaluation to > the > binary targets. > DEBPKG:debian/instmodsh_doc - Debian policy doesn't install > .packlist files for core or vendor. > DEBPKG:debian/ld_run_path - Remove standard libs from LD_RUN_PATH > as > per Debian policy. > DEBPKG:debian/libnet_config_path - Set location of libnet.cfg to > /etc/perl/Net as /usr may not be writable. > DEBPKG:debian/mod_paths - Tweak @INC ordering for Debian > DEBPKG:debian/module_build_man_extensions - > http://bugs.debian.org/479460 Adjust Module::Build manual page > extensions for the Debian Perl policy > DEBPKG:debian/prune_libs - http://bugs.debian.org/128355 Prune the > list of libraries wanted to what we actually need. > DEBPKG:fixes/net_smtp_docs - [rt.cpan.org #36038] > http://bugs.debian.org/100195 Document the Net::SMTP 'Port' option > DEBPKG:debian/perlivp - http://bugs.debian.org/510895 Make perlivp > skip include directories in /usr/local > DEBPKG:debian/cpanplus_definstalldirs - > http://bugs.debian.org/533707 Configure CPANPLUS to use the site > directories by default. > DEBPKG:debian/cpanplus_config_path - Save local versions of > CPANPLUS::Config::System into /etc/perl. > DEBPKG:debian/deprecate-with-apt - http://bugs.debian.org/702096 > Point users to Debian packages of deprecated core modules > DEBPKG:debian/squelch-locale-warnings - > http://bugs.debian.org/508764 Squelch locale warnings in Debian > package > maintainer scripts > DEBPKG:debian/skip-upstream-git-tests - Skip tests specific to the > upstream Git repository > DEBPKG:debian/patchlevel - http://bugs.debian.org/567489 List > packaged patches for 5.18.2-2ubuntu1 in patchlevel.h > DEBPKG:debian/skip-kfreebsd-crash - http://bugs.debian.org/628493 > [perl #96272] Skip a crashing test case in t/op/threads.t on > GNU/kFreeBSD > DEBPKG:fixes/document_makemaker_ccflags - > http://bugs.debian.org/628522 [rt.cpan.org #68613] Document that > CCFLAGS > should include $Config{ccflags} > DEBPKG:debian/find_html2text - http://bugs.debian.org/640479 > Configure CPAN::Distribution with correct name of html2text > DEBPKG:debian/hurd_test_skip_stack - http://bugs.debian.org/650175 > Disable failing GNU/Hurd tests dist/threads/t/stack.t > DEBPKG:fixes/manpage_name_Test-Harness - > http://bugs.debian.org/650451 [rt.cpan.org #73399] cpan/Test-Harness: > add NAME headings in modules with POD > DEBPKG:debian/makemaker-pasthru - http://bugs.debian.org/660195 > [rt.cpan.org #28632] Make EU::MM pass LD through to recursive > Makefile.PL invocations > DEBPKG:debian/perl5db-x-terminal-emulator.patch - > http://bugs.debian.org/668490 Invoke x-terminal-emulator rather than > xterm in perl5db.pl > DEBPKG:debian/cpan-missing-site-dirs - > http://bugs.debian.org/688842 > Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is > writable > DEBPKG:fixes/memoize_storable_nstore - [rt.cpan.org #77790] > http://bugs.debian.org/587650 Memoize::Storable: respect 'nstore' > option > not respected > DEBPKG:fixes/net_ftp_failed_command - [rt.cpan.org #37700] > http://bugs.debian.org/491062 Net::FTP: cope gracefully with a failed > command > DEBPKG:fixes/perlbug-patchlist - [3541c11] > http://bugs.debian.org/710842 [perl #118433] Make perlbug look up the > list of local patches at run time > DEBPKG:fixes/module_metadata_security_doc - [68cdd4b] CVE-2013- > 1437 > documentation fix > DEBPKG:fixes/module_metadata_taint_fix - [bff978f] > http://bugs.debian.org/722210 [rt.cpan.org #88576] untaint version, if > needed, in Module::Metadata > DEBPKG:fixes/IPC-SysV-spelling - http://bugs.debian.org/730558 > [rt.cpan.org #86736] Fix spelling of IPC_CREAT in IPC-SysV > documentation > DEBPKG:fixes/fix-undef-source - > > --- > @INC for perl 5.18.2: > /etc/perl > /usr/local/lib/perl/5.18.2 > /usr/local/share/perl/5.18.2 > /usr/lib/perl5 > /usr/share/perl5 > /usr/lib/perl/5.18 > /usr/share/perl/5.18 > /usr/local/lib/site_perl > . > > --- > Environment for perl 5.18.2: > HOME=/home/thusfeldt > LANG=de_DE.UTF-8 > LANGUAGE=de_DE > LD_LIBRARY_PATH (unset) > LOGDIR (unset) > > PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games > PERL_BADLANG (unset) > SHELL=/bin/bash
-- James E Keenan (jkeenan@cpan.org)
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 501b
On Wed Jan 07 16:54:45 2015, jkeenan wrote: Show quoted text
> On Wed Jan 07 07:15:24 2015, torge.husfeldt@1und1.de wrote:
> > This is a bug report for perl from torge.husfeldt@1und1.de, > > generated with the help of perlbug 1.39 running under perl 5.18.2. > > > > > >
> > Confirmed with blead (3147e83bb9692573356e676668be17d48f48828c) on > Ubuntu Linux 14.04 LTS. > >
And found as far back as 5.8.9. (I tried 5.6.2, but that version did not have the ':utf8' discipline. -- James E Keenan (jkeenan@cpan.org)
To: perlbug-followup [...] perl.org
From: Torge Husfeldt <torge.husfeldt [...] 1und1.de>
Subject: Re: [perl #123562] perlbug AutoReply: Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
Date: Wed, 07 Jan 2015 16:51:02 +0100
Download (untitled) / with headers
text/plain 1.3k
Hi, the following does exactly what I expected and may be what I should have used in the first place: echo -e "a\x80" | perl -e 'binmode STDIN, ":encoding(utf8)"; while (<>){/(\n\r|\r)$/ ; print "DONE\n"}' utf8 "\x80" does not map to Unicode at -e line 1. DONE -- Torge Husfeldt Senior Anti-Abuse Engineer Abuse-Department 1&1 International 1&1 Internet Service GmbH | Brauerstraße 50 | 76135 Karlsruhe | Germany Phone: +49 721 91374-4795 E-Mail: torge.husfeldt@1und1.de | Web: www.1und1.de Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 20141 Geschäftsführer: Frank Einhellinger, Uwe Lamnek, Jan Oetjen Member of United Internet Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that saving, distribution or use of the content of this e-mail in any way is prohibited. If you have received this e-mail in error, please notify the sender and delete the e-mail.
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 313b
The reason you didn't see warnings is because you didn't enable warnings. Several are raised. But the underlying issue remains: It should not loop when confronted with malformed input. That is now fixed by commit 22b433eff9a1ffa2454e18405a56650f07b385b5 in blead Thanks for reporting this -- Karl Williamson
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 354b
This issue is being treated as a security issue by Debian; see http://www.openwall.com/lists/oss-security/2016/04/20/5 If p5p agrees that this is a correct assessment (it seems so to me) then it should be queued for 5.20.4, I presume? The Debian bug reporter has rebased the patch for 5.20, but I haven't reviewed that: https://bugs.debian.org/821848
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 462b
On Wed Apr 20 05:04:56 2016, dom wrote: Show quoted text
> This issue is being treated as a security issue by Debian; see > > http://www.openwall.com/lists/oss-security/2016/04/20/5 > > If p5p agrees that this is a correct assessment (it seems so to me) > then it should be queued for 5.20.4, I presume? > > The Debian bug reporter has rebased the patch for 5.20, but I haven't > reviewed that: > > https://bugs.debian.org/821848
This issue has been assigned CVE-2015-8853.
Date: Sat, 23 Apr 2016 08:25:04 +0200
To: Perl RT Bug Tracker <perlbug-followup [...] perl.org>
From: demerphq <demerphq [...] gmail.com>
CC: Perl5 Porteros <perl5-porters [...] perl.org>
Subject: Re: [perl #123562] Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
Download (untitled) / with headers
text/plain 728b
On 22 April 2016 at 12:19, Dominic Hargreaves via RT <perlbug-followup@perl.org> wrote: Show quoted text
> On Wed Apr 20 05:04:56 2016, dom wrote:
>> This issue is being treated as a security issue by Debian; see >> >> http://www.openwall.com/lists/oss-security/2016/04/20/5 >> >> If p5p agrees that this is a correct assessment (it seems so to me) >> then it should be queued for 5.20.4, I presume? >> >> The Debian bug reporter has rebased the patch for 5.20, but I haven't >> reviewed that: >> >> https://bugs.debian.org/821848
> > This issue has been assigned CVE-2015-8853.
FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4 I can do other backports if needed. Yves -- perl -Mre=debug -e "/just|another|perl|hacker/"
From: Dominic Hargreaves <dom [...] earth.li>
To: yves orton via RT <perlbug-followup [...] perl.org>
Date: Sat, 23 Apr 2016 10:50:28 +0100
Subject: Re: [perl #123562] Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
CC: torge.husfeldt [...] 1und1.de
Download (untitled) / with headers
text/plain 949b
On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote: Show quoted text
> On 22 April 2016 at 12:19, Dominic Hargreaves via RT > <perlbug-followup@perl.org> wrote:
> > On Wed Apr 20 05:04:56 2016, dom wrote:
> >> This issue is being treated as a security issue by Debian; see > >> > >> http://www.openwall.com/lists/oss-security/2016/04/20/5 > >> > >> If p5p agrees that this is a correct assessment (it seems so to me) > >> then it should be queued for 5.20.4, I presume? > >> > >> The Debian bug reporter has rebased the patch for 5.20, but I haven't > >> reviewed that: > >> > >> https://bugs.debian.org/821848
> > > > This issue has been assigned CVE-2015-8853.
> > FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4 > > I can do other backports if needed.
Hi yves, Do you mean 5.20.x for one of these? I couldn't see any pushes to either maint-5.18 or maint-5.20, so wondering where these went. Thanks for your work! Dominic.
From: Karl Williamson <public [...] khwilliamson.com>
To: Dominic Hargreaves <dom [...] earth.li>, yves orton via RT <perlbug-followup [...] perl.org>
Date: Sat, 23 Apr 2016 12:39:13 -0600
Subject: Re: [perl #123562] Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
CC: torge.husfeldt [...] 1und1.de
Download (untitled) / with headers
text/plain 1.1k
On 04/23/2016 03:50 AM, Dominic Hargreaves wrote: Show quoted text
> On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote:
>> On 22 April 2016 at 12:19, Dominic Hargreaves via RT >> <perlbug-followup@perl.org> wrote:
>>> On Wed Apr 20 05:04:56 2016, dom wrote:
>>>> This issue is being treated as a security issue by Debian; see >>>> >>>> http://www.openwall.com/lists/oss-security/2016/04/20/5 >>>> >>>> If p5p agrees that this is a correct assessment (it seems so to me) >>>> then it should be queued for 5.20.4, I presume? >>>> >>>> The Debian bug reporter has rebased the patch for 5.20, but I haven't >>>> reviewed that: >>>> >>>> https://bugs.debian.org/821848
>>> >>> This issue has been assigned CVE-2015-8853.
>> >> FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4 >> >> I can do other backports if needed.
> > Hi yves, > > Do you mean 5.20.x for one of these? I couldn't see any pushes to either > maint-5.18 or maint-5.20, so wondering where these went. > > Thanks for your work! > > Dominic. >
Dominic, He prudently is smoking them first http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke-me/rt_123562_5184 http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke-me/rt_123562_5182
RT-Send-CC: perl5-porters [...] perl.org
On Sat Apr 23 11:40:13 2016, public@khwilliamson.com wrote: Show quoted text
> On 04/23/2016 03:50 AM, Dominic Hargreaves wrote:
> > On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote:
Show quoted text
> >> FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4 > >> > >> I can do other backports if needed.
> > > > Hi yves, > > > > Do you mean 5.20.x for one of these? I couldn't see any pushes to > > either > > maint-5.18 or maint-5.20, so wondering where these went.
Show quoted text
> He prudently is smoking them first > > http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke- > me/rt_123562_5184 > > http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke- > me/rt_123562_5182
Ah, great. Thanks for pointing that out! I had a closer look, and I noticed that in blead, 22b433eff9a1ffa2454e18405a56650f07b385b5 was followed by d820a0ff34c7df39297a54193fd756bb42c5c06e which amends the change to use Perl_croak_nocontext(). That change did not make it into maint-5.22, nor is it in either of the above smoke branches. Is this important? Anyway, I've pushed the same change to smoke-me/rt_123562_520 too. Thanks, Dominic.
CC: perl5-porters [...] perl.org
Subject: Re: [perl #123562] [CVE-2015-8853] Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
Date: Sat, 23 Apr 2016 16:28:50 -0600
From: Karl Williamson <public [...] khwilliamson.com>
To: perlbug-followup [...] perl.org
Download (untitled) / with headers
text/plain 1.3k
On 04/23/2016 03:51 PM, Dominic Hargreaves via RT wrote: Show quoted text
> On Sat Apr 23 11:40:13 2016, public@khwilliamson.com wrote:
>> On 04/23/2016 03:50 AM, Dominic Hargreaves wrote:
>>> On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote:
>
>>>> FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4 >>>> >>>> I can do other backports if needed.
>>> >>> Hi yves, >>> >>> Do you mean 5.20.x for one of these? I couldn't see any pushes to >>> either >>> maint-5.18 or maint-5.20, so wondering where these went.
>
>> He prudently is smoking them first >> >> http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke- >> me/rt_123562_5184 >> >> http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke- >> me/rt_123562_5182
> > Ah, great. Thanks for pointing that out! > > I had a closer look, and I noticed that in blead, 22b433eff9a1ffa2454e18405a56650f07b385b5 was followed by d820a0ff34c7df39297a54193fd756bb42c5c06e which amends the change to use Perl_croak_nocontext(). That change did not make it into maint-5.22, nor is it in either of the above smoke branches. Is this important?
It would be slightly better to use change as amended, but I don't think it is 'important' Show quoted text
> > Anyway, I've pushed the same change to smoke-me/rt_123562_520 too. > > Thanks, > Dominic. > > --- > via perlbug: queue: perl5 status: pending release > https://rt.perl.org/Ticket/Display.html?id=123562 >
CC: Perl RT Bug Tracker <perlbug-followup [...] perl.org>, Perl5 Porteros <perl5-porters [...] perl.org>
Subject: Re: [perl #123562] [CVE-2015-8853] Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
Date: Sun, 24 Apr 2016 08:15:47 +0200
To: Karl Williamson <public [...] khwilliamson.com>
From: demerphq <demerphq [...] gmail.com>
Download (untitled) / with headers
text/plain 1.4k
On 24 April 2016 at 00:28, Karl Williamson <public@khwilliamson.com> wrote: Show quoted text
> On 04/23/2016 03:51 PM, Dominic Hargreaves via RT wrote:
>> >> On Sat Apr 23 11:40:13 2016, public@khwilliamson.com wrote:
>>> >>> On 04/23/2016 03:50 AM, Dominic Hargreaves wrote:
>>>> >>>> On Fri, Apr 22, 2016 at 11:25:36PM -0700, yves orton via RT wrote:
>> >>
>>>>> FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4 >>>>> >>>>> I can do other backports if needed.
>>>> >>>> >>>> Hi yves, >>>> >>>> Do you mean 5.20.x for one of these? I couldn't see any pushes to >>>> either >>>> maint-5.18 or maint-5.20, so wondering where these went.
>> >>
>>> He prudently is smoking them first >>> >>> http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke- >>> me/rt_123562_5184 >>> >>> http://perl5.git.perl.org/perl.git/shortlog/refs/heads/smoke- >>> me/rt_123562_5182
>> >> >> Ah, great. Thanks for pointing that out! >> >> I had a closer look, and I noticed that in blead, >> 22b433eff9a1ffa2454e18405a56650f07b385b5 was followed by >> d820a0ff34c7df39297a54193fd756bb42c5c06e which amends the change to use >> Perl_croak_nocontext(). That change did not make it into maint-5.22, nor is >> it in either of the above smoke branches. Is this important?
> > > > It would be slightly better to use change as amended, but I don't think it > is 'important'
If its just a performance thing then I agree. Yves -- perl -Mre=debug -e "/just|another|perl|hacker/"
Download (untitled) / with headers
text/plain 252b
Thank you for submitting this report. You have helped make Perl better. With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved. Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org