Bug#825378: perl: freeze on parsing (broken) code

[Dominic Hargreaves]

On Thu, May 26, 2016 at 04:47:07PM +0100, Dominic Hargreaves wrote:
> On Thu, May 26, 2016 at 04:22:45PM +0300, Yuriy M. Kaminskiy wrote:
> > Dear Maintainer,
> > 
> > I've made typo in code, and found that it freezes perl on attempt to parse:
> >             perl -ce 's{foo}{$h->X({->aaa=>"b"},$d)}ge'
> > ( it was meant to be 's{foo}{$h->X({-aaa=>"b"},$d)}ge' )
> 
> Thanks for the report!
> 
> [snip backtrace]
> 
> > (Theoretically, this can be called "potential DoS on parsing untrusted
> > code", but I'm pretty sure parsing untrusted perl code is not safe anyway).
> > 
> > It seems only jessie version affected, perl binaries extracted from
> > perl-base packages from wheezy and squeeze seems correctly report error:
> 
> Just to note that I can confirm that it we get a syntax error on
> wheezy (so this is a regression for jessie).
> 
> > $ ./perl5.22.2 -ce 's{foo}{$h->X({->aaa=>"b"},$d)}ge'
> > syntax error at -e line 1, near "{->aaa"
> > syntax error at -e line 1, near ")}"
> > -e had compilation errors.
> > 
> > It seems no changes in 5.20.2-3+deb8u5 (from jessie-proposed-updates) (also
> > freezes).
> 
> Thanks for the report!
> 
> I bisected this using something like:
> 
> cat ../test_prog.sh 
> #!/bin/sh
> 
> ./perl -e 's{foo}{$h->X({->aaa=>"b"},$d)}ge;'
> 
> if [ $? = 255 ]; then
>     exit 0
> fi
> 
> ../perl/Porting/bisect.pl --expect-fail --start v5.20.0 --end v5.22.0 --timeout 2 -- ../test_prog.sh
> 
> This was fixed upstream by f8a7ccebba5637bf0cf5a23cea563b2ccd62312d[1],
> which as you observed was first included in 5.22.0. It may be a candidate
> for backporting to jessie / maint-5.20 upstream, but the patch doesn't
> apply as-is.

Just to add to this: since perl 5.20 is out of support upstream, and
this isn't a critical issue, I suspect not much more will happen on
this bug from me. If someone else wants to backport the patch, I'd
happily consider it for inclusion in a future stable update.

Cheers,
Dominic.