/ 
perl-5.17.10
⭐ Starred 2013
/ ExtUtils::ParseXS::Utilities
Security Advisories (17)
CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

NAME

ExtUtils::ParseXS::Utilities - Subroutines used with ExtUtils::ParseXS

SYNOPSIS

use ExtUtils::ParseXS::Utilities qw(
  standard_typemap_locations
  trim_whitespace
  tidy_type
  C_string
  valid_proto_string
  process_typemaps
  make_targetable
  map_type
  standard_XS_defs
  assign_func_args
  analyze_preprocessor_statements
  set_cond
  Warn
  blurt
  death
  check_conditional_preprocessor_statements
  escape_file_for_line_directive
  report_typemap_failure
);

SUBROUTINES

The following functions are not considered to be part of the public interface. They are documented here for the benefit of future maintainers of this module.

standard_typemap_locations()

  • Purpose

    Provide a list of filepaths where typemap files may be found. The filepaths -- relative paths to files (not just directory paths) -- appear in this list in lowest-to-highest priority.

    The highest priority is to look in the current directory.

    'typemap'

    The second and third highest priorities are to look in the parent of the current directory and a directory called lib/ExtUtils underneath the parent directory.

    '../typemap',
'../lib/ExtUtils/typemap',

    The fourth through ninth highest priorities are to look in the corresponding grandparent, great-grandparent and great-great-grandparent directories.

    '../../typemap',
'../../lib/ExtUtils/typemap',
'../../../typemap',
'../../../lib/ExtUtils/typemap',
'../../../../typemap',
'../../../../lib/ExtUtils/typemap',

    The tenth and subsequent priorities are to look in directories named ExtUtils which are subdirectories of directories found in @INC -- provided a file named typemap actually exists in such a directory. Example:

    '/usr/local/lib/perl5/5.10.1/ExtUtils/typemap',

    However, these filepaths appear in the list returned by standard_typemap_locations() in reverse order, i.e., lowest-to-highest.

    '/usr/local/lib/perl5/5.10.1/ExtUtils/typemap',
'../../../../lib/ExtUtils/typemap',
'../../../../typemap',
'../../../lib/ExtUtils/typemap',
'../../../typemap',
'../../lib/ExtUtils/typemap',
'../../typemap',
'../lib/ExtUtils/typemap',
'../typemap',
'typemap'

  • Arguments

    my @stl = standard_typemap_locations( \@INC );

    Reference to @INC.

  • Return Value

    Array holding list of directories to be searched for typemap files.

trim_whitespace()

  • Purpose

    Perform an in-place trimming of leading and trailing whitespace from the first argument provided to the function.

  • Argument

    trim_whitespace($arg);

  • Return Value

    None. Remember: this is an in-place modification of the argument.

tidy_type()

  • Purpose

    Rationalize any asterisks (*) by joining them into bunches, removing interior whitespace, then trimming leading and trailing whitespace.

  • Arguments

    ($ret_type) = tidy_type($_);

    String to be cleaned up.

  • Return Value

    String cleaned up.

C_string()

  • Purpose

    Escape backslashes (\) in prototype strings.

  • Arguments

    $ProtoThisXSUB = C_string($_);

    String needing escaping.

  • Return Value

    Properly escaped string.

valid_proto_string()

  • Purpose

    Validate prototype string.

  • Arguments

    String needing checking.

  • Return Value

    Upon success, returns the same string passed as argument.

    Upon failure, returns 0.

process_typemaps()

  • Purpose

    Process all typemap files.

  • Arguments

    my $typemaps_object = process_typemaps( $args{typemap}, $pwd );

    List of two elements: typemap element from %args; current working directory.

  • Return Value

    Upon success, returns an ExtUtils::Typemaps object.

make_targetable()

  • Purpose

    Populate %targetable. This constitutes a refinement of the output of process_typemaps() with respect to its fourth output, $output_expr_ref.

  • Arguments

    %targetable = make_targetable($output_expr_ref);

    Single hash reference: the fourth such ref returned by process_typemaps().

  • Return Value

    Hash.

map_type()

  • Purpose

    Performs a mapping at several places inside PARAGRAPH loop.

  • Arguments

    $type = map_type($self, $type, $varname);

    List of three arguments.

  • Return Value

    String holding augmented version of second argument.

standard_XS_defs()

  • Purpose

    Writes to the .c output file certain preprocessor directives and function headers needed in all such files.

  • Arguments

    None.

  • Return Value

    Returns true.

assign_func_args()

  • Purpose

    Perform assignment to the func_args attribute.

  • Arguments

    $string = assign_func_args($self, $argsref, $class);

    List of three elements. Second is an array reference; third is a string.

  • Return Value

    String.

analyze_preprocessor_statements()

  • Purpose

    Within each function inside each Xsub, print to the .c output file certain preprocessor statements.

  • Arguments

    ( $self, $XSS_work_idx, $BootCode_ref ) =
  analyze_preprocessor_statements(
    $self, $statement, $XSS_work_idx, $BootCode_ref
  );

    List of four elements.

  • Return Value

    Modifed values of three of the arguments passed to the function. In particular, the XSStack and InitFileCode attributes are modified.

set_cond()

  • Purpose

  • Arguments

  • Return Value

current_line_number()

  • Purpose

    Figures out the current line number in the XS file.

  • Arguments

    $self

  • Return Value

    The current line number.

Warn()

  • Purpose

  • Arguments

  • Return Value

blurt()

  • Purpose

  • Arguments

  • Return Value

death()

  • Purpose

  • Arguments

  • Return Value

check_conditional_preprocessor_statements()

  • Purpose

  • Arguments

  • Return Value

escape_file_for_line_directive()

  • Purpose

    Escapes a given code source name (typically a file name but can also be a command that was read from) so that double-quotes and backslashes are escaped.

  • Arguments

    A string.

  • Return Value

    A string with escapes for double-quotes and backslashes.

report_typemap_failure

  • Purpose

    Do error reporting for missing typemaps.

  • Arguments

    The ExtUtils::ParseXS object.

    An ExtUtils::Typemaps object.

    The string that represents the C type that was not found in the typemap.

    Optionally, the string death or blurt to choose whether the error is immediately fatal or not. Default: blurt

  • Return Value

    Returns nothing. Depending on the arguments, this may call death or blurt, the former of which is fatal.