develooper Front page | perl.perl5.porters | Postings from July 2001

[ID 20010705.001] tainted data and /\G/

Thread Next
From:
js
Date:
July 5, 2001 23:19
Subject:
[ID 20010705.001] tainted data and /\G/
Message ID:
20010705141900.ED4BC1896F@delphi.kpnqwest.fi
This is a bug report for perl from js@kpnqwest.fi,
generated with the help of perlbug 1.32 running under perl v5.7.0.


-----------------------------------------------------------------
[Please enter your report here]

It seems that \G doesn't work properly if a variable has contained
tainted data.

Here the first example shows the bug. The second and third example
show the expected output.

% perl -Twe 'use strict; 
    sub bar { for(1..30) { print $_[0] =~ m/\G(\S)/g ? $1 : "-" } } 
    my $y = shift; my $x = $y; $x = "foo"; bar($x); print "\n"' foo
ffffffffffffffffffffffffffffff

% perl -Twe 'use strict; 
    sub bar { for(1..30) { print $_[0] =~ m/\G(\S)/g ? $1 : "-" } } 
    my $y = shift; my $x = "foo"; $x = "foo"; bar($x); print "\n"' foo
foo-foo-foo-foo-foo-foo-foo-fo

% perl -we 'use strict; 
    sub bar { for(1..30) { print $_[0] =~ m/\G(\S)/g ? $1 : "-" } } 
    my $y = shift; my $x = $y; $x = "foo"; bar($x); print "\n"' foo    
foo-foo-foo-foo-foo-foo-foo-fo


Tried it on perl-5.7.0 and perl-5.005_03, both seem to have the bug.

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl v5.7.0:

Configured by js at Fri Jan 26 20:09:22 EET 2001.

Summary of my perl5 (revision 5.0 version 7 subversion 0) configuration:
  Platform:
    osname=solaris, osvers=2.7, archname=sun4-solaris
    uname='sunos delphi 5.7 generic_106541-10 sun4u sparc sunw,ultra-250 '
    config_args=''
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=undef d_sfio=undef uselargefiles=undef usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
  Compiler:
    cc='cc', ccflags ='-I/usr/local/include', optimize='-xO4', cppflags='-I/usr/local/include'
    ccversion='WorkShop Compilers 5.0 98/12/15 C 5.0', gccversion='', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=4
    alignbytes=8, usemymalloc=y, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib -L/opt/SUNWspro/SC5.0/lib'
    libpth=/usr/local/lib /opt/SUNWspro/SC5.0/lib /lib /usr/lib /usr/ccs/lib
    libs=-lsocket -lnsl -ldl -lm -lc -lcrypt -lsec
    libc=/lib/libc.so, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-KPIC', lddlflags='-G -L/usr/local/lib -L/opt/SUNWspro/SC5.0/lib'

Locally applied patches:
    

---
@INC for perl v5.7.0:
    /home/js
    /usr/local/perl-5.7.0/lib/5.7.0/sun4-solaris
    /usr/local/perl-5.7.0/lib/5.7.0
    /usr/local/perl-5.7.0/lib/site_perl/5.7.0/sun4-solaris
    /usr/local/perl-5.7.0/lib/site_perl/5.7.0
    /usr/local/perl-5.7.0/lib/site_perl
    .

---
Environment for perl v5.7.0:
    HOME=/home/js
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH=/oracle/app/product/8.0.6/lib:/usr/openwin/lib
    LOGDIR (unset)
    PATH=/home/js/bin:/oracle/app/product/8.0.6/bin:/opt/SUNWspro/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/X/bin
    PERL5LIB=/home/js
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/zsh


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About