Skip Menu |

This queue is for tickets about the AnyEvent-MPRPC CPAN distribution.

Report information
The Basics
Id: 75906
Status: resolved
Priority: 0/
Queue: AnyEvent-MPRPC
People
Owner: Nobody in particular
Requestors: MAXS [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: 0.13
Fixed in: (no value)

History Show all quoted text
  Tue Mar 20 07:07:36 2012 MAXS [...] cpan.org - Ticket created
There is a problem when handling bogus serialized MessagePack data. $unpacker->execute is not protected by an eval. So when an exception occurs in Data::MessagePack, the program dies (except with EV that catches it) instead of calling the on_error callback. The attached patch corrects this behavior. The attached test allows to validate it. Best regards, Max.
Subject: 01_handle_error.t
use strict; use warnings; BEGIN { # To avoid EV that catches exceptions... $ENV{PERL_ANYEVENT_MODEL} = 'Perl'; } use AE; use AnyEvent::MessagePack; use AnyEvent::Handle; # will load Errno for us use File::Temp qw(tempfile); use Test::More tests => 1; my ($fh, $fname) = tempfile(UNLINK => 0); my $cv = AE::cv; { my $hdl = AnyEvent::Handle->new(fh => $fh, on_error => sub { die 'wtf' }); $hdl->push_write("\xc1"); close $fh; } my $hdl = do { open my $fh, '<', $fname or die $!; my $hdl = AnyEvent::Handle->new(fh => $fh, on_error => sub { $cv->send($_[2]) }); $hdl->push_read(msgpack => sub { $cv->send(0); }); $hdl; }; is($cv->recv(), do { local $! = Errno::EBADMSG; "$!" }); unlink $fname;
Subject: AnyEvent-MessagePack.patch
--- lib/AnyEvent/MessagePack.pm.orig 2011-11-20 23:30:36.000000000 +0100 +++ lib/AnyEvent/MessagePack.pm 2012-03-20 11:46:27.000000000 +0100 @@ -23,7 +23,10 @@ my $complete = 0; my $nread = 0; while(1) { - $nread = $unpacker->execute($buffer, $nread); + unless (eval { $nread = $unpacker->execute($buffer, $nread); 1 }) { + $self->_error(Errno::EBADMSG); + return; + } if ($unpacker->is_finished) { my $ret = $unpacker->data; $cb->( $_[0], $ret );
  Tue Mar 20 07:54:49 2012 MAXS [...] cpan.org - Correspondence added
Subject: AnyEvent::MessagePack and bogus MessagePack data
Forgot to set the title... Sorry. Max.
  Tue Mar 20 07:54:50 2012 MAXS [...] cpan.org - Status changed from 'new' to 'open'
  Tue Mar 20 08:15:51 2012 MAXS [...] cpan.org - Subject changed from (no value) to 'AnyEvent::MessagePack and bogus MessagePack data'
  Wed Mar 21 23:55:00 2012 tokuhirom [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #75906]
Date: Thu, 22 Mar 2012 12:54:46 +0900
To: bug-AnyEvent-MPRPC [...] rt.cpan.org
From: Tokuhiro Matsuno <tokuhirom [...] gmail.com>
send me pull-req on github.https://github.com/tokuhirom/p5-anyevent-mprpc -- Tokuhiro Matsuno 日付:2012年3月20日火曜日、時刻:20:07、差出人:Maxime Soulé via RT: Show quoted text
> Tue Mar 20 07:07:36 2012: Request 75906 was acted upon. > Transaction: Ticket created by MAXS > Queue: AnyEvent-MPRPC > Subject: (No subject given) > Broken in: 0.13 > Severity: Critical > Owner: Nobody > Requestors: MAXS@cpan.org (mailto:MAXS@cpan.org) > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=75906 > > > > There is a problem when handling bogus serialized MessagePack data. > > $unpacker->execute is not protected by an eval. So when an exception > occurs in Data::MessagePack, the program dies (except with EV that > catches it) instead of calling the on_error callback. > > The attached patch corrects this behavior. > > The attached test allows to validate it. > > Best regards, > > Max. > > > 添付ファイル: > - 01_handle_error.t > > - AnyEvent-MessagePack.patch >
  Fri Mar 23 11:13:16 2012 MAXS [...] cpan.org - Correspondence added
Fixed in 0.14. Thanks, Max.
  Fri Mar 23 11:13:17 2012 MAXS [...] cpan.org - Status changed from 'open' to 'resolved'