I don't have a windoze box. On Linux with 5.8.8 I do see the warn "Insecure dependency in kill while running with -T switch at /usr/lib/perl5/site_perl/5.8.8/WWW/Mechanize.pm line 2446." I do not see a crash, but valgrind (which is a utility that interprets machine code and checks all memory accesses carefully) says that there just after that warn, there are some reads of memory that was free()ed, which is a bug that could easily cause a crash.
On Linux with 5.16.0 that warn is not there and valgrind's report is clean. So you'll probably find it's fixed if you upgrade. (I remember this valgrind-complains-under-taint symptom coming up on perl5-porters, in fact, and it was fixed.)
I set my tool to look for the message and it was confused by the fact that either "warn;" can cause the message to appear. This causes the message under 5.8.8:
#!/usr/bin/env perl -T
use strict;
use WWW::Mechanize;
my $ua = WWW::Mechanize->new();
my $url = shift;
$ua->get($url);
warn;
But this code does not cause valgrind to complain. So I made the tool use valgrind (much slower) and it says the invalid memory access has this shortest script:
#!/usr/bin/env perl -T
use strict;
use WWW::Mechanize;
my $ua = WWW::Mechanize->new();
my $url = shift;
$ua->get($url);
my $pager = parsepage($ua);
sub parsepage {
my $so = join "\n", $ua->content =~/(so\.addVariable\(\s*'.+?'\s*,
+\s*'.+?'\s*\)\s*;)/mg;
while($so =~/so\.addVariable\('([^']+)','([^']+)'\);/mg) { }
}
And, interestingly enough, whether it shows the bug depends on the name of the script! So it's very sensitive to memory layout.
Anyway, thanks, now I've figured out how to add valgrind and taint, and hopefully I'll release this script to the public in a few days.
|