/ 
perl-5.27.11
⭐ Starred 2013 / poderrors.t
Security Advisories (7)
CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2018-6798 (2018-04-17)

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

This should cause a warning

NAME

poderrors.t - test Pod::Checker on some pod syntax errors

GASP! A verbatim paragraph in NAME

This is some paragraph text with some unknown interior sequences, such as unknown2, unknown3, and unknown4 unknown5.

Now try some unterminated sequences like hello mudda! hello fadda!

Here I am at camp granada!

Camps is very, entertaining. And they say we'll have some fun if it stops raining!

Okay, now use a non-empty blank line to terminate a paragraph and make sure we get a warning.

The above blank line contains tabs and spaces only

Many fcodes inside other fcodes inside many many more

A link to "$/" in perlvar

Additional tests

item without over

oops

back without over

over without back

aaps

end without begin

begin and begin

begin w/o formatter

for w/o formatter

something...

Nested sequences of the same type

code italic code again!

Garbled entities

E<alea iacta est> E<auml> E<abcbla> Ā ࿿ Ĭ E<unknown_entity>

"begin or begin" "end with begin" "OoPs"

"abc def" L<> " aha" "oho " " weehee " "Warnings" this one is ok "unescaped" ok too, this POD has an X of the same name

lead trail neither both

<<<>>>

>>>>

>>>>

Warnings

passwd(5) some text with / in it should give warnings as hell

bla

the 200 is evil

see these unescaped < and > in the text?

Misc

should be empty

should not be empty

should not generate a warning about being empty

E<> should not be empty

This paragrapgh is misplaced - it ought to be an item.

four should be numeric!

  • blah

  • previous is all empty!!!

This verbatim paragraph should not be here. Spaces are on the line below this

*

bullet

1

number, uh oh

  • first bullet

  • 1

    then number

  • finally definition

  1. first number

  2. bad numbering

  3. then definition

  4. *

    finally bullet

first defintion
*

then bullet

1

finally number

second definition
This should not generate an empty =item warning,
because it has verbatim text.

Empty over/back:

item w/o name

bla is evil

reoccurence

Misc

we already have a head Misc

some heading

another one

previous section is empty!

LINK TESTS

"I/O Operators" in perlop don't trigger a warning because node is quoted

"O Operators"" in "I incorrectly interpreted as 'O Operators in I', but this is deprecated syntax, as per perlpodspec. no warning due to quotes

Empty head above and unclosed over/begins below

test test

What?

33 POD Errors

The following errors were encountered while parsing the POD:

Around line 28:

Unknown directive: =unknown1

Around line 31:

Deleting unknown formatting code Q<>

Deleting unknown formatting code A<>

Deleting unknown formatting code Y<>

Deleting unknown formatting code V<>

Around line 36:

Unterminated I<B<...>> sequence

Around line 40:

Unterminated C<...> sequence

Around line 59:

'=item' outside of any '=over'

Around line 61:

You forgot a '=back' before '=head2'

Around line 63:

=back without =over

Around line 71:

You forgot a '=back' before '=head2'

Around line 73:

'=end' without a target?

Around line 75:

=end something without matching =begin. (Stack: [empty])

Around line 89:

=begin without a target?

Around line 91:

'=end' without a target?

Around line 95:

=for without a target?

Around line 105:

Unknown E content in E<alea iacta est>

An E<...> surrounding strange content

An E<...> surrounding strange content

Unknown E content in E<unknown_entity>

Around line 121:

An empty L<>

L<> starts or ends with whitespace

L<> starts or ends with whitespace

L<> starts or ends with whitespace

Around line 137:

Unterminated L<<< ... >>> sequence

Around line 139:

Unterminated L<<< ... >>> sequence

Around line 143:

alternative text 'some text with / in it' contains non-escaped | or /

Around line 150:

=back doesn't take any parameters, but you said =back 200

Around line 158:

A non-empty Z<>

Around line 164:

An empty E<>

Around line 166:

=over should be: '=over' or '=over positive_number'

You can't have =items (as at line 170) unless the first thing after the =over is an =item

Around line 178:

Expected '=item *'

Around line 180:

Expected '=item *'

Around line 184:

You can't have =items (as at line 188) unless the first thing after the =over is an =item

Around line 204:

Expected '=item *'

Around line 208:

Expected '=item *'

Around line 218:

You have '=item 3' instead of the expected '=item 2'

Around line 222:

Expected '=item 3'

Around line 224:

Expected '=item 4'

Around line 234:

Expected text after =item, not a bullet

Around line 238:

Expected text after =item, not a number

Around line 311:

=over without closing =back