misc/162016: BSDPAN::ExtUtils::Packlist->get_dir_list can go into
an infinite loop
Michael G Schwern
schwern at pobox.com
Tue Oct 25 23:00:24 UTC 2011
>Number: 162016
>Category: misc
>Synopsis: BSDPAN::ExtUtils::Packlist->get_dir_list can go into an infinite loop
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 25 23:00:19 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Michael G Schwern
>Release: 8.2
>Organization:
>Environment:
8.2-RELEASE i386 (I can't cut & paste from my virtual machine)
>Description:
See https://rt.cpan.org/Ticket/Display.html?id=70232#txn-991950 for the upstream report.
BSDPAN::ExtUtils::Packlist can be put into an infinite loop if write() is given a packlist like "../.packlist". This happens in the ExtUtils-MakeMaker tests, specifically t/INSTALL_BASE.t, and was causing hangs.
I have worked around this in MakeMaker's tests by having them set one of the magic environment variables it recognizes to disable BSDPAN registration. It's a bit distressing that test modules were being registered. Perhaps BDSPAN should check that the module in question is being installed into an official location before registering? I don't know how the BSDPAN stuff works.
>How-To-Repeat:
cd Some-CPAN-Module (ExtUtils-MakeMaker works)
perl Makefile.PL (to generate a Makefile)
Then run the following Perl program.
use ExtUtils::Packlist;
my $packlist = ExtUtils::Packlist->new;
$packlist->{"Bar.pm"} = 1;
$packlist->write("../.packlist");
It will enter an infinite loop.
>Fix:
get_dir_list() is the problem. It's written in an unsafe fashion. Instead of hacking off bits of the filepath with a regex and breaking out of an infinite loop, it is safer and simpler to pull the filepath apart into a list with File::Spec->splitpath and iterate through it.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list