Skip to content
Commits on Apr 1, 2013
  1. no strict 'syms'; check illegal names

    committed Mar 26, 2013
    Add a new strict check syms
    Disallow illegal unparsable symbol and class names.
    Esp. interesting are embedded \0 in classnames, which were until 5.16
    silently ignored, and since 5.16 allowed. Since 5.16 names are
    internally nul-safe, but roundtrips are not supported, and
    such hidden payloads are useless for perl, are hard to detect and
    may lead to security problems.
Commits on Mar 27, 2013
  1. binary safety when dumping svs and ops

    committed Mar 21, 2013
    dump.c: print embedded control chars in names, esp. \0
  2. ExtUtils-Manifest-1.62_01: fix safesyscalls, no double \0 for open()

    committed Mar 18, 2013
    cp_if_diff used an old-style open(F,"< $from\0") to force an ending \0,
    which is not needed with 3arg open, and leads to safesyscalls errors.
  3. safesyscalls: check embedded nul in syscall args

    committed Mar 12, 2013
    Check for the nul char in pathnames and string arguments to
    syscalls, return undef and set errno to ENOENT.
    Added to the default severe warnings category syscalls.
    Strings with embedded \0 chars were prev. ignored in the syscall but
    kept in perl. The hidden payloads in these invalid string args may cause
    unnoticed security problems, as they are hard to detect, ignored by
    the syscalls but kept around in perl PVs.
    Allow an ending \0 though, as several modules add a \0 to
    such strings without adjusting the length.
    Ignored on WinCE since this uses the wide char API.
Commits on Mar 26, 2013
  1. perlapi: Document some macros

    Karl Williamson committed Mar 26, 2013
Commits on Mar 25, 2013
  1. xs_init() must pass a static char* when creating &DynaLoader::boot_Dy…

    Nicholas Clark committed Mar 25, 2013
    newXS() assumes that the passed pointer to the filename is in static storage,
    or otherwise will outlive the PVCV that it is about to create, and hence that
    it's safe to copy the pointer, not the value, to CvFILE.  Hence xs_init()
    must not use an auto array to "store" the filename, as that will be on the
    stack, and becomes invalid as soon as xs_init() returns.  The analogous bug
    fix was made in universal.c by commit 157e3fc in Feb 2006.
    Spotted by compiling for ithreads with gcc 4.8.0's ASAN and running
  2. In In S_scan_heredoc(), avoid memNE() reading beyond the end of s.

    Nicholas Clark committed Mar 25, 2013
    If the heredoc terminator we are searching for is longer than the bytes
    remaining in s, then the memNE() would read beyond initialised memory.
    Hence change the loop bounds to avoid this case, and change the failure case
    below to reflect the revised end-of-loop condition.
    It doesn't matter that the loop no longer increments shared->herelines,
    because the failure case calls S_missingterm(), which croaks.
  3. In S_scan_heredoc(), the explicit test for '\n' duplicates the strNE().

    Nicholas Clark committed Mar 25, 2013
    PL_tokenbuf always starts with '\n', so a separate test of *s against '\n'
    is duplicate work. Hence remove it, to make the code simpler and clearer.
  4. PerlIO_find_layer should not be using memEQ() off the end of the laye…

    Nicholas Clark committed Mar 25, 2013
    …r name.
    PerlIO_find_layer was using memEQ() to compare the name of the desired layer
    with each layer in the array of known layers. However, it was always using
    the length of the desired layer for the comparison, whatever the length of
    the name it was comparing it with, resulting in out-of-bounds reads.
  5. @craigberry

    Copyright update for vms/vms.c.

    craigberry committed Mar 24, 2013
    Happy 20th Anniversary, Charles.
  6. @craigberry

    Make vms.c's Perl_flex_fstat preserve errno on success.

    craigberry committed Mar 24, 2013
    The CRTL's fstat() sets errno to EVMSERR and vaxc$errno to RMS$_IOP
    when called on a proccess-permanent file (i.e., stdin, stdout, or
    stderr).  That error generally means a rewind operation on a file
    that cannot be rewound.  It's odd that fstat is doing such a thing,
    but we can at least protect ourselves from the effects of it by
    saving errno and restoring it on a successful call.
    This cures a couple of test failures and TODOs in t/io/errno.t.
  7. @craigberry

    Revert "Restore errno after VMS hack in S_sv_gets_read_record."

    craigberry committed Mar 24, 2013
    This reverts commit d46f021.
    This can be done more universally (and from the point of view of
    sv.c, less obtrusively) in Perl_flex_fstat in vms/vms.c.
Commits on Mar 24, 2013
  1. @demerphq

    improve how Devel::Peek::Dump handles iterator information

    demerphq committed Mar 24, 2013
    * If the hash is not OOK omit any iterator status information
      instead of showing -1/NULL
    * If the hash is OOK then add the RAND value from the iterator
      and if the LASTRAND is not the same show it too
    * Tweak tests to test the above.
  2. @demerphq
  3. @demerphq

    improve iterator randomization

    demerphq committed Mar 24, 2013
  4. Add epigraph for 5.17.10

    Max Maischein committed Mar 24, 2013
Commits on Mar 23, 2013
  1. @iabyn

    fix Peek.t to work with NEW COW

    iabyn committed Mar 23, 2013
  2. @iabyn

    Revert "fix Peek.t to work with NEW COW"

    iabyn committed Mar 23, 2013
    This reverts commit 2b656fc.
    I accidentally included the changes I was reviewing from a patch of
  3. @iabyn

    regcomp.c: silence compiler warning

    iabyn committed Mar 23, 2013
    add a cast before doing a printf "%x" on a pointer
  4. @iabyn

    add descriptions to require.t test output

    iabyn committed Mar 23, 2013
    This is particularly important as in several places, the ok or not ok
    message is generated in different ways depending on whether a require
    successfully executed and printed "ok" for example.
  5. @iabyn

    fix Peek.t to work with NEW COW

    iabyn committed Mar 23, 2013
  6. @rjbs
  7. @craigberry

    Restore errno after VMS hack in S_sv_gets_read_record.

    craigberry committed Mar 22, 2013
    In 596a6cb I added a somewhat desperate hack to detect
    if a file is record-oriented so that we preserve record semantics
    when PL_rs has beeen set.  I did it by calling fstat(), which is
    already a pretty icky thing to be doing on every record read, but
    it turns out things are even worse becaseu fstat() sets errno in
    some conditions where it's successful, specifically when the file
    is a Process-Permanent File (PPF), i.e., standard input or output.
    So save errno before the fstat and restore it before doing the
    read so if the read fails we get a proper errno.  This gets
    t/io/errno.t passing.
    Side note: instead of fstat() here, we probably need to store a
    pointer to the FAB (File Access Block) in the PerlIO struct so all
    the metadata about the file is always accessible.  This would
    require setting up completion routines in PerlIOUnix_open and
Commits on Mar 22, 2013
  1. @bingos

    constant is 1.27 on CPAN

    bingos committed Mar 22, 2013
  2. @bingos

    Module-CoreList is 2.85 on CPAN

    bingos committed Mar 22, 2013
  3. Bump version to5.17.11

    Max Maischein committed Mar 22, 2013
  4. New perldelta

    Max Maischein committed Mar 22, 2013
  5. Merge branch 'release-5.17.10' into blead

    Max Maischein committed Mar 22, 2013
Commits on Mar 21, 2013
  1. Remove empty POD sections, fix link in pod

    Max Maischein committed Mar 21, 2013
  2. add new release to perlhist

    Max Maischein committed Mar 21, 2013
  3. Update corelist for 5.17.10

    Max Maischein committed Mar 21, 2013
  4. Update perldelta for 5.17.10

    Max Maischein committed Mar 21, 2013
  5. Bump version number in INSTALL

    Max Maischein committed Mar 21, 2013
  6. Update Net::Ping from 2.40 to 2.41

    Max Maischein committed Mar 21, 2013
    This is necessary to make tests pass on Windows (XP and onward).
Something went wrong with that request. Please try again.