Skip Menu |
 

This queue is for tickets about the Data-MessagePack-Stream CPAN distribution.

Report information
The Basics
Id: 125557
Status: new
Priority: 0/
Queue: Data-MessagePack-Stream

People
Owner: Nobody in particular
Requestors: m.sigor [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Partial MessagePack can cause a memory leak via Data::MessagePack::Stream
Date: Mon, 11 Jun 2018 22:37:42 +0300
To: bug-Data-MessagePack-Stream [...] rt.cpan.org
From: msigurko <m.sigor [...] gmail.com>
Download (untitled) / with headers
text/plain 1.3k
Hello, Please consider the short script below, that demonstrates a memory leak possibility, in a long lived process. ----------------------------------------- #!/usr/bin/perl use warnings; use strict; use Data::Dumper; use Data::MessagePack; use Data::MessagePack::Stream; my $mp = Data::MessagePack->new; my $packed_junk = $mp->encode(pack('a*', 'a' x 1024 )); my $stream = Data::MessagePack::Stream->new; $stream->feed( $mp->encode('foo') ); $stream->feed( substr($packed_junk, 0, 512) ); $stream->feed( $mp->encode('bar') ); # this prints only 'foo' while ($stream->next) { print Dumper($stream->data); } print "Nothing more to stream!!\n"; # or is there? ----------------------------------------- '$stream' hangs on to the partial MP (where we 'feed' a 'substr' of an MP) it also hangs on to any MP that we 'feed' after that '$stream->next' returns nothing, thus one may decide that it's empty - while it is clearly not While not a bug in MP, however, it is very easy, for an unsuspecting user, to leak memory via MP, as can be seen above. For the case where MP is created elsewhere and is then delivered via unsafe means (socket, file, etc, which may get corrupted along the way) to the Stream(er) - it is very difficult to diagnose the memory leak caused by that. Please consider providing some kind of protection against this use case. Best, Matthew.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.