Bug#1033796: Regexp::Pattern::License test code uses feature with undefined behavior
demerphq
demerphq at gmail.com
Sat Apr 1 15:07:30 BST 2023
Package: libregexp-pattern-license-perl
Version: v3.10.0
This package (as distributed on CPAN) will fail tests on Perl 5.37.10. The
code exploits historically undefined behavior which has become defined in
5.37.10.
Historically perl would "accumulate" capture buffer data in a quantified
subgroup in a regular expression, eg, "abc"=~/(?:(a)|(b)|(c))+/ would leave
$1, $2, $3 defined as "a", "b", "c". This behavior is problematic and has
been changed in Perl 5.37.10 so that after such an expression only one of
the three capture buffers will be defined, that which was matched in the
last iteration of the quantified group.
The test code for Regexp::Pattern::License exploits this undefined behavior
to accumulate the results of multiple iterations of a quantified group.
Replacing that code with a while (/.../g) loop fixes the problem. The
attached patch fixes it so that the code should work on older and newer
perls regardless as to the status of this undefined behavior.
Note this perl package uses the debian bug tracker, however this bug is
visible on any platform using Perl 5.37.10 or later. I am not filing this
bug report from a debian install, so I cannot provide any of the debian
specific data you request on your bug tracker page.
Also please note that https://metacpan.org/pod/Regexp::Pattern::License
specifies that the source code repository for this package is
https://salsa.debian.org/build-common-team/regexp-pattern-license.git
however that code does not build as it has incomplete Dist::Zilla
configuration. Thus I was not able to produce a patch against your repo,
the attached patch is against the released code on CPAN.
See also the "BBC" (Blead Breaks CPAN) Perl5 bug report ticket for this:
https://github.com/Perl/perl5/issues/21001
cheers,
Yves
--
perl -Mre=debug -e "/just|another|perl|hacker/"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20230401/13640013/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: while_g.patch
Type: text/x-patch
Size: 2734 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20230401/13640013/attachment.bin>
More information about the pkg-perl-maintainers
mailing list