shellwords.pl - certain string makes it gobble up all ram!

Discussion in 'Perl Misc' started by Anthony Rumble, Mar 5, 2004.

  1. After a lot of tearing hair out finding this.. I have found a rather nasty
    little bug in a piece of perl that has been hanging around since perl4 days..

    shellwords.pl

    Basically, if you give it a string where the last character is a backslack,
    it goes off and gobbles all available ram (quite quickly too mind you).

    Here is an example.

    !! WARNING !! Be warned.. this will gobble up all ram and possibly
    kill your machine... You have been warned..

    #!/usr/bin/perl

    require "shellwords.pl";

    my(@words) = shellwords("This is a test\\");

    Im just surprised that such a bug has been left around!
    I can't really even work out where or how it's even doing it..

    Any ideas?

    --
    Anthony Rumble
     
    Anthony Rumble, Mar 5, 2004
    #1
    1. Advertising

  2. Anthony Rumble wrote:

    > After a lot of tearing hair out finding this.. I have found a rather nasty
    > little bug in a piece of perl that has been hanging around since perl4
    > days..
    >
    > shellwords.pl
    >
    > Basically, if you give it a string where the last character is a
    > backslack, it goes off and gobbles all available ram (quite quickly too
    > mind you).
    >
    > Here is an example.
    >
    > !! WARNING !! Be warned.. this will gobble up all ram and possibly
    > kill your machine... You have been warned..
    >
    > #!/usr/bin/perl
    >
    > require "shellwords.pl";
    >
    > my(@words) = shellwords("This is a test\\");
    >
    > Im just surprised that such a bug has been left around!
    > I can't really even work out where or how it's even doing it..
    >
    > Any ideas?


    Yeah - don't put a backslash in there. ;-)

    Patch:

    --- /share/perl5/lib/5.8.3/shellwords.pl 2004-01-31
    21:17:07.000000000 -0700
    +++ ./shellwords.pl 2004-03-05 08:49:37.000000000 -0700
    @@ -36,6 +36,9 @@
    elsif (s/^([^\s\\'"]+)//) {
    $snippet = $1;
    }
    + elsif (m/^\\$/) {
    + die "Escape character found without anything to escape";
    + }
    else {
    s/^\s+//;
    last;


    Output:

    $ perl -e 'require "./shellwords.pl"; shellwords("this\\")'
    Escape character found without anything to escape at ./shellwords.pl line
    40.
     
    Darin McBride, Mar 5, 2004
    #2
    1. Advertising

  3. Anthony Rumble

    Ben Morrow Guest

    Anthony Rumble <> wrote:
    > After a lot of tearing hair out finding this.. I have found a rather nasty
    > little bug in a piece of perl that has been hanging around since perl4 days..
    >
    > shellwords.pl
    >
    > Basically, if you give it a string where the last character is a backslack,
    > it goes off and gobbles all available ram (quite quickly too mind you).

    <snip>
    > Any ideas?


    Use Text::parseWords or Text::Balanced instead.

    Ben

    --
    For the last month, a large number of PSNs in the Arpa[Inter-]net have been
    reporting symptoms of congestion ... These reports have been accompanied by an
    increasing number of user complaints ... As of June,... the Arpanet contained
    47 nodes and 63 links. [ftp://rtfm.mit.edu/pub/arpaprob.txt] *
     
    Ben Morrow, Mar 5, 2004
    #3
  4. Anthony Rumble

    Anno Siegel Guest

    Anthony Rumble <> wrote in comp.lang.perl.misc:
    > After a lot of tearing hair out finding this.. I have found a rather nasty
    > little bug in a piece of perl that has been hanging around since perl4 days..
    >
    > shellwords.pl


    [snip bug demo]

    > Im just surprised that such a bug has been left around!


    That's because shellwords.pl is ancient history. You don't fix history,
    do you? :) Like all *.pl libraries, it is only around in case some legacy
    code relies on it (which will have learned to live with the bug, some way
    or other). Don't use *.pl for new development, there is more or less direct
    replacement for all of them. I think, Text::parsewords has been recommended
    for shellwords.pl.

    Anno
     
    Anno Siegel, Mar 6, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert Posey
    Replies:
    0
    Views:
    686
    Robert Posey
    Nov 26, 2003
  2. ashu
    Replies:
    1
    Views:
    478
  3. ashu
    Replies:
    2
    Views:
    626
    mysticlol
    Nov 6, 2006
  4. Xin Xiao

    Block RAM Distributed RAM

    Xin Xiao, Jan 7, 2008, in forum: VHDL
    Replies:
    8
    Views:
    1,487
    Duane Clark
    Jan 7, 2008
  5. -j b-
    Replies:
    2
    Views:
    122
    -j b-
    Sep 9, 2009
Loading...

Share This Page