Skip Menu |

This queue is for tickets about the Data-MessagePack-Stream CPAN distribution.

Report information
The Basics
Id: 125558
Status: new
Priority: 0/
Queue: Data-MessagePack-Stream

Owner: Nobody in particular
Requestors: m.sigor [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: Several partial MessagePack(s) may be fused into one MessagePack by 'Data::MessagePack::Stream'
Date: Tue, 12 Jun 2018 01:02:37 +0300
To: bug-Data-MessagePack-Stream [...]
From: msigurko <m.sigor [...]>
Download (untitled) / with headers
text/plain 1.5k
Hello, Several partial MessagePack(s) may be fused into one MessagePack by 'Data::MessagePack::Stream'. Please consider the short script below, that demonstrates the behavior: ------------------------------------------ #!/usr/bin/perl use warnings; use strict; use Data::Dumper; use Data::MessagePack; use Data::MessagePack::Stream; my $mp = Data::MessagePack->new; my $packed_junk = $mp->encode(pack('a*', 'a' x 20 )); my $stream = Data::MessagePack::Stream->new; $stream->feed( $mp->encode('foo') ); $stream->feed( substr($packed_junk, 0, 7) ); $stream->feed( 'bar' ); $stream->feed( substr($packed_junk, -7) ); $stream->feed( $mp->encode('baz') ); while ($stream->next) { print Dumper($stream->data); } ------------------------------------------ The surprising output is: ------------------------------------------ $VAR1 = 'foo'; $VAR1 = 'aaaaabaraaaaaaa▒baz'; ------------------------------------------ If executed as follows: # perl > test.out 2>&1 Then one can clearly see, by examining the contents of 'test.out' (vim test.out) that there is a control character there: ------------------------------------------ $VAR1 = 'foo'; $VAR1 = 'aaaaabaraaaaaaa▒^Cbaz'; ------------------------------------------ For the case where MP is created elsewhere and is then delivered via unsafe means (socket, file, etc, which may get corrupted along the way) to the Stream(er) - it is very difficult to diagnose the behavior caused by that. Please consider providing some kind of protection against this use case. Best, Matthew.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to