in reply to PDF::API2 & PDF::Textblock problems

This looks baffling but as per the Diagnostic messages, it suggests that you are have tried to do something that the tainting mechanism didn't like. The tainting mechanism is turned on when you're running setuid or setgid, or when you specify -T to turn it on explicitly. The tainting mechanism labels all data that's derived directly or indirectly from the user, who is considered to be unworthy of your trust. If any such data is used in a "dangerous" operation, you get this error.

Do you have the same version of perl in both the servers ? Also if you google insecure dependency in sprintf you will get some results.

  • Comment on Re: PDF::API2 & PDF::Textblock problems

Replies are listed 'Best First'.
Re^2: PDF::API2 & PDF::Textblock problems
by ksublondie (Friar) on Jun 09, 2012 at 00:02 UTC
    Well, after spending an entire day on this, I've finally tracked down the offending code as line #144 in PDF::API2::Util 

    my $value = sprintf('%.'.abs($ad).'f',$f);

    [download]

    After making the following changes it worked: 

    my $temp='%.'.abs($ad).'f';
$temp=~/^(.*)$/;
$temp=$1;
my $value = sprintf($temp,$f);

    [download]

    For some reason, the working server had the modified code already in it. Don't have a clue how that happened. I'm the only one messing with the perl on these servers and even though I'm forgetful, I didn't think I was THAT bad!

[reply]
[d/l]
[select]
Re^2: PDF::API2 & PDF::Textblock problems
by ksublondie (Friar) on Jun 08, 2012 at 19:22 UTC
    Now that I've calmed down a *little*, I'm doing a little more thorough research here. I already tried googling last night, but it wasn't sinking in much at that point. Fresh eyes help.

    Running perl -V produces the exact same output on both servers. Server #1: 

    Summary of my perl5 (revision 5 version 10 subversion 0) configuration
+:
  Platform:
    osname=linux, osvers=2.6.32-5-686, archname=i486-linux-gnu-thread-
+multi
    uname='linux callisto 2.6.32-5-686 #1 smp mon jun 13 04:13:06 utc 
+2011 i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dccc
+dlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/
+share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dve
+ndorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/us
+r/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/
+lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/ma
+n/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man
+/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Ua
+fs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2
+ -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=und
+ef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict
+-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFS
+ET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing
+ -pipe -I/usr/local/include'
    ccversion='', gccversion='4.3.2', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=1
+2
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
+ lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.
+5.10.0
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'


Characteristics of this binary (from libperl):
  Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV
                        PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP USE_ITH
+READS
                        USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
  Built under linux
  Compiled at Jun 30 2011 20:15:14
  @INC:
    /etc/perl
    /usr/local/lib/perl/5.10.0
    /usr/local/share/perl/5.10.0
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.10
    /usr/share/perl/5.10
    /usr/local/lib/site_perl
    .

    [download]

    server #2: 

    Summary of my perl5 (revision 5 version 10 subversion 0) configuration
+:
  Platform:
    osname=linux, osvers=2.6.32-5-686, archname=i486-linux-gnu-thread-
+multi
    uname='linux callisto 2.6.32-5-686 #1 smp mon jun 13 04:13:06 utc 
+2011 i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dccc
+dlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/
+share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dve
+ndorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/us
+r/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/
+lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/ma
+n/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man
+/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Ua
+fs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2
+ -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=und
+ef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict
+-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFS
+ET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing
+ -pipe -I/usr/local/include'
    ccversion='', gccversion='4.3.2', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=1
+2
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
+ lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.
+5.10.0
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'


Characteristics of this binary (from libperl):
  Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV
                        PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP USE_ITH
+READS
                        USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
  Built under linux
  Compiled at Jun 30 2011 20:15:14
  @INC:
    /etc/perl
    /usr/local/lib/perl/5.10.0
    /usr/local/share/perl/5.10.0
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.10
    /usr/share/perl/5.10
    /usr/local/lib/site_perl
    .

    [download]

    I'm doing more detailed troubleshooting and figured out that if my input text contains font tags (as specified in the PDF::TextBlock documentation) AND spaces, then I get the stated error when I $tb->apply;...even if the $t1 is hard-coded instead of a variable. 

    $t1=($two->{OwnerName});                #works
$t1='<b>'.($two->{OwnerName}).'</b>';   #doesn't work
$t1="longer font that uses spaces but should still wrap in the small b
+ox";#works
$t1="<b>longer font that uses spaces but should still wrap in the smal
+l box<b>";#doesn't work
$t1='test test';                        #works
$t1='<b>test test</b>';                 #doesn't work
$t1="<b>test test</b>";                 #doesn't work
$t1='test';                             #works
$t1='<b>test<b>';                       #works

$tb->text($t1);
($endw1, $ypos1, $overflow1)=$tb->apply;

    [download]

    I suspect this may be related to this PDF::TextBlock reported bug??? I already figured out that \n within font tags break the tag so the font isn't used.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom