[Bps-public-commit] r14133 - in Data-Plist: . lib/Data/Plist

alexmv at bestpractical.com alexmv at bestpractical.com
Tue Jul 15 20:12:11 EDT 2008 

Author: alexmv
Date: Tue Jul 15 20:12:11 2008
New Revision: 14133

Modified:
   Data-Plist/   (props changed)
   Data-Plist/lib/Data/Plist/BinaryReader.pm
   Data-Plist/t/binary-load.t

Log:
 r34202 at kohr-ah:  chmrr | 2008-07-15 20:12:04 -0400
  * Work around in-memory string explosions


Modified: Data-Plist/lib/Data/Plist/BinaryReader.pm
==============================================================================
--- Data-Plist/lib/Data/Plist/BinaryReader.pm	(original)
+++ Data-Plist/lib/Data/Plist/BinaryReader.pm	Tue Jul 15 20:12:11 2008
@@ -208,6 +208,23 @@
     return $self->$method($size);
 }
 
+sub open_string {
+    my $self = shift;
+    my ($str) = @_;
+
+    # Seeking in in-memory filehandles can cause perl 5.8.8 to explode
+    # with "Out of memory" or "panic: memory wrap"; Do some
+    # error-proofing here.
+    die "Not a binary plist file\n"
+      unless length $str >= 8 and substr($str, 0, 8) eq "bplist00";
+    die "Read of plist trailer failed\n"
+      unless length $str >= 40;
+    die "Invalid top object identifier\n"
+      unless length $str > 40;
+
+    return $self->SUPER::open_string($str);
+}
+
 sub open_fh {
     my $self = shift;
     $self = $self->new() unless ref $self;

Modified: Data-Plist/t/binary-load.t
==============================================================================
--- Data-Plist/t/binary-load.t	(original)
+++ Data-Plist/t/binary-load.t	Tue Jul 15 20:12:11 2008
@@ -1,4 +1,4 @@
-use Test::More tests => 40;
+use Test::More tests => 44;
 
 use strict;
 use warnings;
@@ -23,8 +23,18 @@
 ok( not($ret), "No trailer doesn't load" );
 like( "$@", qr/trailer/i, "Threw an error" );
 
-# Trailer overlaps with header
-$ret = eval {$read->open_string("bplist00" . ("!"x (32 - 8)))};
+# Trailer overlaps with header; file is < 32 bytes long
+$ret = eval {$read->open_string("bplist00" . ("!"x 20))};
+ok( not($ret), "Trailer too short doesn't load" );
+like( "$@", qr/trailer/i, "Threw an error" );
+
+# Trailer overlaps with header; file is 32 bytes long
+$ret = eval {$read->open_string("bplist00" . ("!"x 24))};
+ok( not($ret), "Trailer too short doesn't load" );
+like( "$@", qr/trailer/i, "Threw an error" );
+
+# Slightly less overlap, but still some
+$ret = eval {$read->open_string("bplist00" . ("!"x 28))};
 ok( not($ret), "Trailer too short doesn't load" );
 like( "$@", qr/trailer/i, "Threw an error" );

More information about the Bps-public-commit mailing list