/ 
XML-Parser-2.44_01
River stage four • 161 direct dependents • 2677 total dependents
⭐ Starred 8 GitHub stars
/ XML::Parser::Style::Subs
Security Advisories (2)
CVE-2006-10002 (2026-03-19)

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

CVE-2006-10003 (2026-03-19)

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

NAME

XML::Parser::Style::Subs - glue for handling element callbacks

SYNOPSIS

use XML::Parser;
my $p = XML::Parser->new(Style => 'Subs', Pkg => 'MySubs');
$p->parsefile('foo.xml');

{
  package MySubs;
  
  sub foo {
    # start of foo tag
  }
  
  sub foo_ {
    # end of foo tag
  }
}

DESCRIPTION

Each time an element starts, a sub by that name in the package specified by the Pkg option is called with the same parameters that the Start handler gets called with.

Each time an element ends, a sub with that name appended with an underscore ("_"), is called with the same parameters that the End handler gets called with.

Nothing special is returned by parse.