develooper Front page | perl.perl5.porters | Postings from January 2005

[perl #33689] no warning that variables names cannot contain NUL bytes

Thread Next
Nicholas Clark
January 5, 2005 14:00
[perl #33689] no warning that variables names cannot contain NUL bytes
Message ID:
# New Ticket Created by  Nicholas Clark 
# Please include the string:  [perl #33689]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from,
generated with the help of perlbug 1.26 running under perl 5.008004.

[Please enter your report here]

Perl is consistently very proud that it can handle NUL bytes within data
without flinching. However, variable names can't have NUL bytes in them.
There's no underlying reason why they couldn't, because the hashes used to
store variables names can store embedded NUL byes. However, it seems that
variable names are always passed around internally as NUL terminated
C strings (eg Perl_gv_fetchpv).

The upshot of this is that a symbolic reference containing a NUL doesn't
work as might be expected. This doesn't seem to be mentioned in the docs, and
certainly doesn't generate any warning:

$ cat 0names
#!perl -wl

$a = "\0chalk";
$b = "\0cheese";

print "Values ", $a eq $b ? "Same" : "Different";

print "Point to ", \($$a) == \($$b) ? "Same" : "Different";

print \($$a), ", ", \($$b);

$$a = 4;

print $$b;

print ${""};

$ ./perl 0names 
Values Different
Point to Same
SCALAR(0x180118c), SCALAR(0x180118c)

My gut feeling is that the ability to make two (or more) different strings
soft reference to the same location could be used for malice, although
probably only on badly written perl 4 era CGI scripts. [that's the vast
majority of the installed base of perl, isn't it? :-(]

Presumably this should be documented. Should it also warn? Should it be
fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an
obfuscation yet?

Nicholas Clark

[Please do not change anything below this line]

This perlbug was built using Perl 5.00503 - Fri Jan  2 21:35:26 GMT 2004
It is being executed now by  Perl 5.008004 - Fri Apr 16 10:16:08 BST 2004.

Site configuration information for perl 5.008004:

Configured by nwc10 at Fri Apr 16 10:16:08 BST 2004.

Summary of my perl5 (revision 5 version 8 subversion 4) configuration:
    osname=freebsd, osvers=4.9-stable, archname=i386-freebsd
    uname='freebsd 4.9-stable freebsd 4.9-stable #5: fri feb 
20 16:12:05 gmt 2004 i386 '
    config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005 -Uinstall
usrbinperl -Dinc_version_list
=  -Dinc_version_list_init=0 -Doptimize=-g -O2 -Dusethreads=n -Uuse64bitint -Uus
emymalloc -Dprefix=~/Install/perl584 -Dinstallman1dir=none -Dinstallman3dir=none
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=unde
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
 -fno-strict-aliasing -I/usr/local/include',
    optimize='-g -O2',
sing -I/usr/local/include'
    ccversion='', gccversion='2.95.4 20020320 [FreeBSD]', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags ='-Wl,-E  -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lcrypt -lutil -lc
    perllibs=-lm -lcrypt -lutil -lc
    libc=, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib'

Locally applied patches:

@INC for perl 5.008004:

@INC for perl 5.008004:

Environment for perl 5.008004:
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About