Skip Menu |

This queue is for tickets about the Chart-Math-Axis CPAN distribution.

Report information
The Basics
Id: 22061
Status: open
Priority: 0/
Queue: Chart-Math-Axis

People
Owner: adamk [...] cpan.org
Requestors: roy [...] colibase.bham.ac.uk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



CC: bug-Chart-Math-Axis [...] rt.cpan.org
Subject: Chart::Math::Axis bug with -T switch
Date: Thu, 12 Oct 2006 19:43:44 +0100
To: cpan [...] ali.as
From: Roy Chaudhuri <roy [...] colibase.bham.ac.uk>
Hi. I'm using your Chart::Math::Axis module from CPAN, which I find quite incredibly useful (thanks). However, when I use it in a script with the -T switch it causes a segmentation fault when I call new with untainted data. Here's a simple test case on the command line: Show quoted text
cmd> perl -T -MChart::Math::Axis -e 'Chart::Math::Axis->new(1, 0.5);
print "Works\n"' Works Show quoted text
cmd> perl -MChart::Math::Axis -e 'Chart::Math::Axis->new(@ARGV); print
"Works\n"' 1 0.5 Works Show quoted text
cmd> perl -T -MChart::Math::Axis -e 'Chart::Math::Axis->new(@ARGV);
print "Works\n"' 1 0.5 Segmentation fault (core dumped) This seems odd to me, since I can't imagine that Chart::Math::Axis is doing any interaction with the system that might be considered dangerous. Even if it was, a segmentation fault (although preferable to continuing with untainted data) is never the right thing to do. I tried the above command on two different systems (one Fedora core 3, one Gentoo) and got the same problem. The perl version is 5.8.6. I ran through with the debugger, and the problem seems to be caused by line 284 in the _order_of_magnitude sub, which I think at the time of the problem calls Math::BigFloat->new(1). However running: Show quoted text
cmd> perl -T -MMath::BigFloat -e 'Math::BigFloat->new($ARGV[0])' 1
works without problems, so it doesn't seem to be a problem with that module. It'd be great if you can shed any light on what's going on. I guess a simple 'fix' that you could apply would be to throw an error if anyone supplies tainted data. Cheers. Roy. -- Dr. Roy Chaudhuri Bioinformatics Research Fellow Division of Immunity and Infection University of Birmingham, U.K. http://xbase.bham.ac.uk
Thanks for the bug report. Math::BigFloat is an exceedingly strange module internally. I've previously found some very very unusual behaviour in it. What I'd suggest is that when you run the debugging session, save the EXACT values that cause Math::BigFloat to segfault. Even better would be if you could produce a self-contained unit test script that exhibits the segfaulting behaviour. I can than check for the specifics of what is causing the problem, and hand the bug upwards to the Math::BigFloat author. I note that in the past one bug I found ONLY occured if you had a specific number that had seven decimal places, because it trigger some edge condition inside of Math::BigFloat. But if you can set up the test so I can replicate your problem, I'll look into it further.
Impossibly for me to debug this until I get the specific values causing the problem. Marking stalled
I missed the actual values you were using earlier. I've now created a test script and I can replicate the problem.