On 2005-01-06, at 08:42:07 +0000, Ton Hospel wrote: > In article <20050106092738.06e464_8@r2d2>, > Marcus Holland-Moritz <mhx-perl@gmx.net> writes: > > On 2005-01-05, at 22:00:18 -0000, Nicholas Clark (via RT) wrote: > > > ---snip-- > >> My gut feeling is that the ability to make two (or more) different strings > >> soft reference to the same location could be used for malice, although > >> probably only on badly written perl 4 era CGI scripts. [that's the vast > >> majority of the installed base of perl, isn't it? :-(] > >> > >> Presumably this should be documented. Should it also warn? Should it be > >> fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an > >> obfuscation yet? > > > > I'd guess it wouldn't be a big difference in effort to make it emit > > a warning or to fix it. But emitting a warning would require to scan > > a string for a NUL byte (which it won't contain in most cases) each > > time, so this might slow things down. > > > > Marcus > > > If it's passed as a char* string internally, it also means it can't > properly handle utf8 since it misses the bit to tell if it's utf8 or > not. My preference is definitely for fixing. Agreed. -- In theory, there is no difference between theory and practice. In practice, there is.Thread Previous | Thread Next