Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

With "stringify_unknown" you can create data you can't de-serialize if there were references to that data #7

Closed
avar opened this Issue · 4 comments

3 participants

@avar
Owner

When you use the stringify_unknown option to e.g. stringify coderefs
you can create a Sereal packet that Sereal can't decode if something
else held a reference to what you just stringified.

Best demonstrated with an example:

#!/usr/bin/env perl
use strict;
use warnings;
use Sereal::Encoder qw(encode_sereal);
use Sereal::Decoder qw(decode_sereal);
use Data::Dumper;

my $data = [sub {}];
$data->[1] = $data->[0]; # Makes Sereal go BOOM
print Dumper $data;

my $encode = encode_sereal($data, {stringify_unknown => 1, warn_unknown => 1});
print "ENCODE = $encode\n";
# We'll die here because $data->[1] is a ref to something that doesn't exist anymore
my $decode = decode_sereal($encode);
# We'll never get here
print "DECODE = $decode = " . Dumper($decode);

We shouldn't be producing things that'll make Sereal die, we could
e.g.:

  • When encoding: stringify all of the references to be the same
    string as the first reference we stringified. E.g. in this case
    just produce:

    [ "CODE(0x1c0c4290)", "CODE(0x1c0c4290)" ]

  • Detect this and die on serialization.

@tsee
Owner
@tsee
Owner

I just pushed a fix for this.

@tsee tsee closed this
@avar avar referenced this issue from a commit
@avar avar Add more tests for issue #7
Change the tests Steffen added in 0569e4a (derived from
#7) to also test cases where
the sub has a string overload, making sure that subsequent copies of
it stringify to the same thing, and if it returns a reference we'll
stringify that.
314be50
@avar
Owner

Nice, I added some more tests for it in 314be50

@demerphq
Owner
@andreasgudmundsson andreasgudmundsson referenced this issue from a commit in andreasgudmundsson/Sereal
@avar avar Add more tests for issue #7
Change the tests Steffen added in 0569e4a (derived from
Sereal#7) to also test cases where
the sub has a string overload, making sure that subsequent copies of
it stringify to the same thing, and if it returns a reference we'll
stringify that.
801d4a6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.