develooper Front page | perl.perl5.porters | Postings from January 2005

Re: [perl #33689] no warning that variables names cannot containNUL bytes

Thread Previous | Thread Next
From:
perl5-porters
Date:
January 6, 2005 00:42
Subject:
Re: [perl #33689] no warning that variables names cannot containNUL bytes
Message ID:
critkv$g2a$1@post.home.lunix
In article <20050106092738.06e464_8@r2d2>,
	Marcus Holland-Moritz <mhx-perl@gmx.net> writes:
> On 2005-01-05, at 22:00:18 -0000, Nicholas Clark (via RT) wrote:
> 
---snip--
>> My gut feeling is that the ability to make two (or more) different strings
>> soft reference to the same location could be used for malice, although
>> probably only on badly written perl 4 era CGI scripts. [that's the vast
>> majority of the installed base of perl, isn't it? :-(]
>> 
>> Presumably this should be documented. Should it also warn? Should it be
>> fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an
>> obfuscation yet?
> 
> I'd guess it wouldn't be a big difference in effort to make it emit
> a warning or to fix it. But emitting a warning would require to scan
> a string for a NUL byte (which it won't contain in most cases) each
> time, so this might slow things down.
> 
> Marcus
> 
If it's passed as a char* string internally, it also means it can't
properly handle utf8 since it misses the bit to tell if it's utf8 or
not. My preference is definitely for fixing.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About