summaryrefslogtreecommitdiff
path: root/cpan/CGI
diff options
context:
space:
mode:
authorFather Chrysostomos <sprout@cpan.org>2012-10-11 18:01:40 -0700
committerFather Chrysostomos <sprout@cpan.org>2012-10-11 23:07:36 -0700
commit52c47e1631d20f2f6b5ebaf188f61d5470d887f3 (patch)
tree1fd71eb5f4c551594089260918a72be2816c93cb /cpan/CGI
parent266d9182a2c7501b6d5686442b9273ed85be5e6f (diff)
downloadperl-52c47e1631d20f2f6b5ebaf188f61d5470d887f3.tar.gz
Don’t taint return value of s///e based on replacement
According to the comments about how taint works above pp_subst in pp_hot.c, the return value of s/// should not be tainted based on the taintedness of the replacement. That makes sense, because the replacement does not affect how many iterations there were. (The return value is the number of iterations). It only applies, however, to the cases where the ‘constant replace- ment’ optimisation applies. That means /e taints its return value: $ perl5.16.0 -MDevel::Peek -Te '$_ = "abcd"; $x = s//$^X/; Dump $x' SV = PVMG(0x822ff4) at 0x824dc0 REFCNT = 1 FLAGS = (pIOK) IV = 1 NV = 0 PV = 0 $ perl5.16.0 -MDevel::Peek -Te '$_ = "abcd"; $x = s//$^X/e; Dump $x' SV = PVMG(0x823010) at 0x824dc0 REFCNT = 1 FLAGS = (GMG,SMG,pIOK) IV = 1 NV = 0 PV = 0 MAGIC = 0x201940 MG_VIRTUAL = &PL_vtbl_taint MG_TYPE = PERL_MAGIC_taint(t) MG_LEN = 1 The number pushed on to the stack was becoming tainted due to the set- ting of PL_tainted. PL_tainted is assigned to and the return value explicitly tainted if appropriate shortly after the mPUSHi (which implies sv_setiv, which taints when PL_tainted is true), so setting PL_tainted to 0 just before the mPUSHi is safe.
Diffstat (limited to 'cpan/CGI')
0 files changed, 0 insertions, 0 deletions