On Tue, Apr 10, 2012 at 04:52:16PM +0200, Horvath, Akos wrote:
> Hallo,
>
> I didn't found any place where I can say you, there is a problem.
>
> First I tried to contact the module author
> ([email protected]<mailto:[email protected]>) but the mail address
> doesn't exist any more.
>
> The font init code (line 271) starts with this:
>
> my $self = shift;
> my $fh = $self->get_file_handle();
> my $buf = "";
>
> eval { read( $fh, $buf, 12 ) };
>
> This seems... a little bit problematic.
How so? That's a block eval, not a string eval - it's effectively a
try {} with no catch block - see http://p3rl.org/Try::Tiny for a nicer
implementation of that.
An untrapped exception is potentially a bug - and I'd recommend seeing
if it is, and if so fixing it - but I don't see it as a security hole.
--
Matt S Trout - Shadowcat Systems - Perl consulting with a commit bit and a clue
http://shadowcat.co.uk/blog/matt-s-trout/ http://twitter.com/shadowcat_mst/
Email me now on mst (at) shadowcat.co.uk and let's chat about how our Catalyst
commercial support, training and consultancy packages could help your team.
