develooper Front page | perl.perl5.porters | Postings from January 2005

Re: [perl #33689] no warning that variables names cannot containNUL bytes

Thread Previous | Thread Next
From:
Marcus Holland-Moritz
Date:
January 6, 2005 00:46
Subject:
Re: [perl #33689] no warning that variables names cannot containNUL bytes
Message ID:
20050106094613.1ba5ef79@r2d2
On 2005-01-06, at 08:42:07 +0000, Ton Hospel wrote:

> In article <20050106092738.06e464_8@r2d2>,
> 	Marcus Holland-Moritz <mhx-perl@gmx.net> writes:
> > On 2005-01-05, at 22:00:18 -0000, Nicholas Clark (via RT) wrote:
> > 
> ---snip--
> >> My gut feeling is that the ability to make two (or more) different strings
> >> soft reference to the same location could be used for malice, although
> >> probably only on badly written perl 4 era CGI scripts. [that's the vast
> >> majority of the installed base of perl, isn't it? :-(]
> >> 
> >> Presumably this should be documented. Should it also warn? Should it be
> >> fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an
> >> obfuscation yet?
> > 
> > I'd guess it wouldn't be a big difference in effort to make it emit
> > a warning or to fix it. But emitting a warning would require to scan
> > a string for a NUL byte (which it won't contain in most cases) each
> > time, so this might slow things down.
> > 
> > Marcus
> > 
> If it's passed as a char* string internally, it also means it can't
> properly handle utf8 since it misses the bit to tell if it's utf8 or
> not. My preference is definitely for fixing.

Agreed.

-- 
In theory, there is no difference between theory and practice.  In practice,
there is.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About