Re: [perl #81028] Taintedness of the first operand of a ternary '?:'propagate to unrelated expr in the same list

On Mon, Dec 20, 2010 at 11:00:00AM -0800, Mark Martinec wrote:
> #!/usr/bin/perl -T
> use Scalar::Util qw(tainted);
> my $clean = "ccc";  # not tainted
> my $t = "ttt" . substr($0,0,0);  # tainted
> sub a { print join(", ", map {tainted($_)?"Y":"n"} @_), "\n" };
> a($t, $t?1:0, $clean, substr($clean,0,1), 0+$clean, $clean);
> 
> Y, n, n, Y, Y, n
[snip]
> What is surprising is that substr($clean,0,1) and 0+$clean
> are tainted, even though the $clean is not.
> 
> Can this be considered a bug? Can something be done
> to restrict this case of a taintedness propagation?

No, its behaving as documented: from perlsec:

For efficiency reasons, Perl takes a conservative view of
whether data is tainted.  If an expression contains tainted data,
any subexpression may be considered tainted, even if the value
of the subexpression is not itself affected by the tainted data.


-- 
"Strange women lying in ponds distributing swords is no basis for a system
of government. Supreme executive power derives from a mandate from the
masses, not from some farcical aquatic ceremony."
    -- Dennis, "Monty Python and the Holy Grail"

• [perl #81028] Taintedness of the first operand of a ternary '?:' propagate to unrelated expr in the same list by Mark Martinec
• Re: [perl #81028] Taintedness of the first operand of a ternary '?:'propagate to unrelated expr in the same list by Dave Mitchell