Problem with UL followed by OL

Tomas Doran bobtfish at bobtfish.net
Mon Jan 28 12:55:19 EST 2008



On 25 Jan 2008, at 17:20, Kazutaka Matsuda wrote:


>>

>> The patch attached to this mail also produces coredump when I use

>> Perl

>> 5.8.8 on cygwin,

>> while it runs without any run-time errors when I use Perl 5.10.0

>> on cygwin.

>

> I think, regex-substitutions might not get along with recursive

> functions and foreach in Perl 5.8.8.

> I expands maps and a foreach of two pattern matches,

> and I checked that the changed code doesn't produces coredump for

> many cases.

> ...only for many cases, some cases it produces a core.


I don't think that I can sanely push a module up which is known to
make perl core dump on input. That's a pretty serious security
problem - imagine if someone loads this into a mod_perl app -
straight away you've made a denial of service.

So to take the patch I'd have to bump the version of perl required in
the module to 5.10, which I don't think is acceptable. I think that
insisting on perl > 5.8.6 would be a bad plan as it'd cut out a lot
of the potential user community...

I'm planning to re-write all the block level handling to be more sane
(hopefully removing the horrible md5 stuff as I go), but in the short
term, I'm probably going to try and 'hack' this, so that we don't
have to insist on 5.10..

I've already tried doing so with md5 so that you don't recurse from
within the regex in _DoLists, but this still doesn't play for me :(

Cheers
Tom


More information about the Markdown-Discuss mailing list