Skip Menu |
 

This queue is for tickets about the Scalar-List-Utils CPAN distribution.

Report information
The Basics
Id: 81316
Status: resolved
Priority: 0/
Queue: Scalar-List-Utils

People
Owner: Nobody in particular
Requestors: yves [...] cpan.org
Cc: perl5-porters [...] perl.org
AdminCc:

Bug Information
Severity: Important
Broken in:
  • 1.01
  • 1.02
  • 1.03
  • 1.04
  • 1.05
  • 1.06
  • 1.07
  • 1.0701
  • 1.08
  • 1.09
  • 1.10
  • 1.11
  • 1.12
  • 1.13
  • 1.14
  • 1.16
  • 1.17
  • 1.18
  • 1.19
  • 1.20
  • 1.21
  • 1.22
  • 1.23
  • 1.23_01
  • 1.23_02
  • 1.23_03
  • 1.23_04
  • 1.24
  • 1.25
Fixed in: 1.26



CC: perl5-porters [...] perl.org
Subject: [Patch] Fix hash order dependency bug revealed by 5.17.6 hash randomization
Download (untitled) / with headers
text/plain 3.2k
I have just applied the following patch to the perl core version of this distribution to fix an edge case bug in List-Util testing that was revealed by hash order randomization introduced in 5.17.6. I personally think my test is only a work around as the test will fail if the environment is empty. I think it would be better to set an environment variable and then launch a child Perl process to check if it is tainted. Anyway, this should fix the intermittent failures we are seeing with Perl smokes. It bumps the version to 1.25_01. Please let me know when this or equivalent changes are applied upstream and please be aware that there is now a "1.25_01" out in the wild that is not on CPAN. Ive marked the ticket as "important" as until it is fixed perl core and CPAN are out of sync. Thanks a lot and cheers, Yves commit 2a5bd8731bfdd9308c12fac06faa637e38b5eeb5 Author: Yves Orton <demerphq@gmail.com> Date: Wed Nov 21 09:45:06 2012 +0100 fix a hash order dependency in cpan/List-Util tests cpan/List-Util/t/tainted.t fails if the environment variable it access is PERL5LIB as that is set inside the process. We filter out env vars starting with PERL and bump the version numbers to 1.25_01. diff --git a/cpan/List-Util/Changes b/cpan/List-Util/Changes index f737c1d..1fcd9f6 100644 @@ -1,3 +1,8 @@ +1.25_01 -- Wed Nov 21 09:47 + + * Fix a hash order dependency bug t/tainted.t + (Currently this is a core only version to fix perl5 smokes) + 1.25 -- Sat Mar 24 13:10:13 UTC 2012 * Restore back-compat. to perl 5.6 (thanks to Zefram) diff --git a/cpan/List-Util/lib/List/Util.pm b/cpan/List- Util/lib/List/Util.pm index 033ef50..c07e2d8 100644 --- a/cpan/List-Util/lib/List/Util.pm +++ b/cpan/List-Util/lib/List/Util.pm @@ -13,7 +13,7 @@ require Exporter; our @ISA = qw(Exporter); our @EXPORT_OK = qw(first min max minstr maxstr reduce sum shuffle); -our $VERSION = "1.25"; +our $VERSION = "1.25_01"; our $XS_VERSION = $VERSION; $VERSION = eval $VERSION; diff --git a/cpan/List-Util/lib/List/Util/XS.pm b/cpan/List- Util/lib/List/Util/XS.pm index d46853c..b196e7d 100644 --- a/cpan/List-Util/lib/List/Util/XS.pm +++ b/cpan/List-Util/lib/List/Util/XS.pm @@ -2,7 +2,7 @@ package List::Util::XS; use strict; use List::Util; -our $VERSION = "1.25"; # FIXUP +our $VERSION = "1.25_01"; # FIXUP $VERSION = eval $VERSION; # FIXUP 1; diff --git a/cpan/List-Util/lib/Scalar/Util.pm b/cpan/List- Util/lib/Scalar/Util.pm index ab97fe5..4d034fc 100644 --- a/cpan/List-Util/lib/Scalar/Util.pm +++ b/cpan/List-Util/lib/Scalar/Util.pm @@ -12,7 +12,7 @@ require List::Util; # List::Util loads the XS our @ISA = qw(Exporter); our @EXPORT_OK = qw(blessed dualvar reftype weaken isweak tainted readonly openhandle refaddr isvstring looks_like_number set_prototype); -our $VERSION = "1.25"; +our $VERSION = "1.25_01"; $VERSION = eval $VERSION; our @EXPORT_FAIL; diff --git a/cpan/List-Util/t/tainted.t b/cpan/List-Util/t/tainted.t index ab40aa6..8666117 100644 --- a/cpan/List-Util/t/tainted.t +++ b/cpan/List-Util/t/tainted.t @@ -26,7 +26,7 @@ my $var = 2; ok( !tainted($var), 'known variable'); -my $key = (keys %ENV)[0]; +my $key = (grep { !/^PERL/ } keys %ENV)[0]; ok( tainted($ENV{$key}), 'environment variable');
Download (untitled) / with headers
text/plain 241b
I'm not entirely sure what this patch is doing. It appears not to be altering anything to do with ordering of hash keys, simply making a choice from a narrower selection (namely, the keys minus the ones with PERL_ prefixes). -- Paul Evans
Download (untitled) / with headers
text/plain 465b
On Wed Dec 05 14:27:42 2012, PEVANS wrote: Show quoted text
> I'm not entirely sure what this patch is doing. It appears not to be > altering anything to do with ordering of hash keys, simply making a > choice from a narrower selection (namely, the keys minus the ones with > PERL_ prefixes).
The test needs a tainted environment variable. Since PERL5LIB is set by the script itself, it won’t be tainted. Skipping variables we know won’t be tainted will make the test pass.
Subject: Re: [rt.cpan.org #81316] [Patch] Fix hash order dependency bug revealed by 5.17.6 hash randomization
Date: Wed, 5 Dec 2012 21:49:18 +0100
To: bug-Scalar-List-Utils [...] rt.cpan.org
From: demerphq <demerphq [...] gmail.com>
On 5 December 2012 20:27, Paul Evans via RT <bug-Scalar-List-Utils@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=81316 > > > I'm not entirely sure what this patch is doing. It appears not to be > altering anything to do with ordering of hash keys, simply making a > choice from a narrower selection (namely, the keys minus the ones with > PERL_ prefixes).
Correct. The test framework expects to get a tainted value from the environment, and expects: a) all keys %ENV to have tainted values b) %ENV to contain values. Neither of these are valid expectations. The test framework itself populates %ENV with untainted values, and there is nothing to say that the %ENV should contain anything at all. So to solve a) the patch filters out PERL env vars, in an attempt to eliminate any vars set by the test framework. It does not attempt to solve b). A really correct test would be to populate the env yourself, spawn a subprocess to read the value you populated and test that it is tainted. Yves -- perl -Mre=debug -e "/just|another|perl|hacker/"
Fixed in repo. Will be in next version -- Paul Evans


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.