diff options
| author | Father Chrysostomos <sprout@cpan.org> | 2012-10-11 18:01:40 -0700 |
|---|---|---|
| committer | Father Chrysostomos <sprout@cpan.org> | 2012-10-11 23:07:36 -0700 |
| commit | 52c47e1631d20f2f6b5ebaf188f61d5470d887f3 (patch) | |
| tree | 1fd71eb5f4c551594089260918a72be2816c93cb /pp_ctl.c | |
| parent | 266d9182a2c7501b6d5686442b9273ed85be5e6f (diff) | |
| download | perl-52c47e1631d20f2f6b5ebaf188f61d5470d887f3.tar.gz | |
Don’t taint return value of s///e based on replacement
According to the comments about how taint works above pp_subst in
pp_hot.c, the return value of s/// should not be tainted based on
the taintedness of the replacement. That makes sense, because the
replacement does not affect how many iterations there were. (The
return value is the number of iterations).
It only applies, however, to the cases where the ‘constant replace-
ment’ optimisation applies.
That means /e taints its return value:
$ perl5.16.0 -MDevel::Peek -Te '$_ = "abcd"; $x = s//$^X/; Dump $x'
SV = PVMG(0x822ff4) at 0x824dc0
REFCNT = 1
FLAGS = (pIOK)
IV = 1
NV = 0
PV = 0
$ perl5.16.0 -MDevel::Peek -Te '$_ = "abcd"; $x = s//$^X/e; Dump $x'
SV = PVMG(0x823010) at 0x824dc0
REFCNT = 1
FLAGS = (GMG,SMG,pIOK)
IV = 1
NV = 0
PV = 0
MAGIC = 0x201940
MG_VIRTUAL = &PL_vtbl_taint
MG_TYPE = PERL_MAGIC_taint(t)
MG_LEN = 1
The number pushed on to the stack was becoming tainted due to the set-
ting of PL_tainted. PL_tainted is assigned to and the return value
explicitly tainted if appropriate shortly after the mPUSHi (which
implies sv_setiv, which taints when PL_tainted is true), so setting
PL_tainted to 0 just before the mPUSHi is safe.
Diffstat (limited to 'pp_ctl.c')
| -rw-r--r-- | pp_ctl.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -250,6 +250,7 @@ PP(pp_substcont) SvUTF8_on(targ); SvPV_set(dstr, NULL); + PL_tainted = 0; mPUSHi(saviters - 1); (void)SvPOK_only_UTF8(targ); |