Skip Menu |

This queue is for tickets about the Net-ICAP CPAN distribution.

Report information
The Basics
Id: 118672
Status: resolved
Priority: 0/
Queue: Net-ICAP
People
Owner: corliss [...] digitalmages.com
Requestors: mark [...] carnildo.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Nov 08 04:04:50 2016 mark [...] carnildo.com - Ticket created
Subject: Use of the pdebug function causes crashes
Date: Tue, 8 Nov 2016 01:04:33 -0800
To: bug-Net-ICAP [...] rt.cpan.org
From: Mark Wagner <mark [...] carnildo.com>
The Net::ICAP modules use the pdebug() function from Paranoid::Debug in the form pdebug("message", level). Frequently, the message includes user-supplied data. The documentation of the pdebug() function in Paranoid::Debug 2.04 states, in part: Show quoted text
> As an added benefit you can pass a printf template along with their > values and they will be handled appropriately.
The heuristic that the pdebug() function uses to decide if a printf template has been passed is the presence of a percent sign followed by any character in the \w character class. This occurs frequently in real-world data; if the string in question is "%n", the result is a crash with the error message "Modification of a read-only value attempted". The correct way to use pdebug() with data not under the program's control is in the form of pdebug("%s", level, "message"). This prevents the message from being interpreted as a format string.
  Wed Apr 26 05:36:32 2017 corliss [...] digitalmages.com - Correspondence added
This module has been updated to use the updated APIs of the modules it depends on. This is now fixed in v0.04, which is being uploaded to CPAN now.
  Wed Apr 26 05:36:33 2017 The RT System itself - Status changed from 'new' to 'open'
  Wed Apr 26 05:36:38 2017 corliss [...] digitalmages.com - Status changed from 'open' to 'resolved'
  Wed Apr 26 05:36:38 2017 corliss [...] digitalmages.com - Taken