shellwords.pl - certain string makes it gobble up all ram!

[Anthony Rumble]

After a lot of tearing hair out finding this.. I have found a rather nasty
little bug in a piece of perl that has been hanging around since perl4 days..

shellwords.pl

Basically, if you give it a string where the last character is a backslack,
it goes off and gobbles all available ram (quite quickly too mind you).

Here is an example.

!! WARNING !! Be warned.. this will gobble up all ram and possibly
kill your machine... You have been warned..

#!/usr/bin/perl

require "shellwords.pl";

my(@words) = shellwords("This is a test\\");

Im just surprised that such a bug has been left around!
I can't really even work out where or how it's even doing it..

Any ideas?

 

[Darin McBride]

After a lot of tearing hair out finding this.. I have found a rather nasty
little bug in a piece of perl that has been hanging around since perl4
days..

shellwords.pl

Basically, if you give it a string where the last character is a
backslack, it goes off and gobbles all available ram (quite quickly too
mind you).

Here is an example.

!! WARNING !! Be warned.. this will gobble up all ram and possibly
kill your machine... You have been warned..

#!/usr/bin/perl

require "shellwords.pl";

my(@words) = shellwords("This is a test\\");

Im just surprised that such a bug has been left around!
I can't really even work out where or how it's even doing it..

Any ideas?

Yeah - don't put a backslash in there. ;-)

Patch:

--- /share/perl5/lib/5.8.3/shellwords.pl 2004-01-31
21:17:07.000000000 -0700
+++ ./shellwords.pl 2004-03-05 08:49:37.000000000 -0700
@@ -36,6 +36,9 @@
elsif (s/^([^\s\\'"]+)//) {
$snippet = $1;
}
+ elsif (m/^\\$/) {
+ die "Escape character found without anything to escape";
+ }
else {
s/^\s+//;
last;


Output:

$ perl -e 'require "./shellwords.pl"; shellwords("this\\")'
Escape character found without anything to escape at ./shellwords.pl line
40.

 

[Ben Morrow]

After a lot of tearing hair out finding this.. I have found a rather nasty
little bug in a piece of perl that has been hanging around since perl4 days..

shellwords.pl

Basically, if you give it a string where the last character is a backslack,
it goes off and gobbles all available ram (quite quickly too mind you).

Any ideas?

Use Text:arseWords or Text::Balanced instead.

Ben

 

[Anno Siegel]

After a lot of tearing hair out finding this.. I have found a rather nasty
little bug in a piece of perl that has been hanging around since perl4 days..

shellwords.pl

[snip bug demo]

Im just surprised that such a bug has been left around!

That's because shellwords.pl is ancient history. You don't fix history,
do you? Like all *.pl libraries, it is only around in case some legacy
code relies on it (which will have learned to live with the bug, some way
or other). Don't use *.pl for new development, there is more or less direct
replacement for all of them. I think, Text:arsewords has been recommended
for shellwords.pl.

Anno