Front page | perl.perl5.porters |
Postings from December 2000
On Tue, Dec 19, 2000 at 04:39:32PM +0000, Nick Ing-Simmons wrote: > Jarkko Hietaniemi <jhi@iki.fi> writes: > >> >As long as we don't mind losing locale based number grouping (whatever > >> >that is, but it's compiled in in my copy of strtol - I disassembled it > >> >and can see the pattern of code that's doing it) > >> > >> We only loose "locale based number grouping" for things that "look > >> like numbers" in perl's view - so do we really loose anything? > > > >We gain more warnings if the system's strtoul() didn't use to complain > >about things like "1,234,567" and nicely returned 1234567. Search > >perllocale for 'grouping', and see localeconv(3). > > But I don't see where looks_like_number() lets things with ',' in through > to be converted ... Hmm. But right now what's stopping the string "123.456" looking like a number that is assessed as "can be correctly converted by strtol() to the nearest integer 123, but is actually not an integer" So sv_2iv passes it to strtol, which then honours the locale settings, where "," is the decimal separator and "." the grouping character, and the answer 123456 comes back. Now it becomes very clear why locales are considered tainted, and carry a health warning on 20% of the packet and adverts. Does this mean that SVs should become tainted if the undergo string to numeric conversion while locales are in effect? Is that enough? Should we go the whole hog and advise people that near total security can be obtained by only running programs with the power turned off and all cables disconnected from the machine. Seriously, I take it "123.456" becoming 123456 is a nasty gotcha we might do well to stamp on, rather than a desirable feature? Nicholas ClarkThread Previous | Thread Next