Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question: 

#!perl -T
use File::Temp qw();
use Pod::Spell qw();
my $checker = Pod::Spell->new;
$checker->parse_from_file('foo.pm', File::Temp->new->filename);

[download]

foo.pm is

=head1 NAME

foo

[download]

Running the program takes Pod::Spell into and endless loop between lines 188 and 202. I stepped through with the debugger. When Pod::Spell::_treat_words is entered for the first time, $_[0] is the parser instance, $_[1] is "NAME\n\n". However, I cannot dump any other values with the x command because then the debugger aborts with »Insecure dependency in sprintf while running with -T switch at .../lib/perl5/5.10.0/overload.pm line 99«. (Just great, a core pragma is not taint-safe... groan.)

Switching taint mode off makes the listed program run normal. Can you reproduce this bug?

Replies are listed 'Best First'.
Re: endless loop in Pod::Spell?
by ww (Archbishop) on Mar 16, 2009 at 23:19 UTC

    Your "bug" is in your code; the pragma is not the problem; it's the way you are failing to use it.

    When you use -T you are telling your script that some of your input (in this case, the file you're spellchecking, foo.pm) or other external datum is not necessarily trustworthy; read "input" VERY broadly.

    So you must untaint (generally, done with a regex that passes only chars you determine to be "safe" for your purposes. perldoc -q taint offers one minimal pointer, but you should consider reading Tutorials and/or Ovid's CGI course, which planetscape is restoring/has restored to this site.)

[reply]
[d/l]
[select]
[reply]
[d/l]
        Wow, a real perl bug, huh!

        Anyway, thanks for investigating and confirming, Anonymonk.

[reply]

Back to Seekers of Perl Wisdom