develooper Front page | perl.perl5.porters | Postings from March 2011

[perl #86784] $_[0]=~/str/g does not move pos and is true forever when $_[0] is tainted

Thread Next
Mark Martinec
March 22, 2011 13:08
[perl #86784] $_[0]=~/str/g does not move pos and is true forever when $_[0] is tainted
Message ID:
# New Ticket Created by  Mark Martinec 
# Please include the string:  [perl #86784]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from,
generated with the help of perlbug 1.39 running under perl 5.12.3.

[Please describe your issue here]

The following test case loops forever
when given a tainted string to operate on:

perl -Te 'sub x { while ($_[0] =~ /test/g) { printf("str=%s, pos=%s\n", $_[0], pos $_[0]) } }; x("atested".substr($0,0,0))'
str=atested, pos=
str=atested, pos=
str=atested, pos=
str=atested, pos=
str=atested, pos=
str=atested, pos=
str=atested, pos=
str=atested, pos=

The same code works correctly without -T or with untainted argument of x():

$ perl -e 'sub x { while ($_[0] =~ /test/g) { printf("str=%s, pos=%s\n", $_[0], pos $_[0]) } }; $t = "atested test".$0; x($t)'
str=atested test-e, pos=5
str=atested test-e, pos=12

Copying $_[0] to a temporary variable and letting the '=~' operate
on a copy avoids the problem. Similarly, working through
a ref: $s=\$_[0]; while ($$s =~ /test/g)... avoids the problem.

At least the following versions of perl seem to be affected:
  5.8.8, 5.10.1  5.12.3;
the version 5.13.10 works correctly.

The code above has been distilled from SpamAssassin's
plugin, which falls into a loop
under certain circumstances. Thanks to Matt Elson for
the initial investigation.
[Please do not change anything below this line]
Site configuration information for perl 5.12.3:

Configured by mark at Wed Mar 16 18:52:51 CET 2011.

Summary of my perl5 (revision 5 version 12 subversion 3) configuration:
    osname=freebsd, osvers=8.2-release, archname=amd64-freebsd
    uname='freebsd 8.2-release freebsd 8.2-release #0: fri feb 25 17:19:30 cet 2011 amd64 '
    config_args='-sde -Dprefix=/usr/local -Darchlib=/usr/local/lib/perl5/5.12.3/mach -Dprivlib=/usr/local/lib/perl5/5.12.3 -Dman3dir=/usr/local/lib/perl5/5.12.3/perl/man/man3 -Dman1dir=/usr/local/man/man1 -Dsitearch=/usr/local/lib/perl5/site_perl/5.12.3/mach -Dsitelib=/usr/local/lib/perl5/site_perl/5.12.3 -Dscriptdir=/usr/local/bin -Dsiteman3dir=/usr/local/lib/perl5/5.12.3/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Ui_malloc -Ui_iconv -Uinstallusrbinperl -Dcc=cc -Duseshrplib -Dinc_version_list=none -Dccflags=-DAPPLLIB_EXP="/usr/local/lib/perl5/5.12.3/BSDPAN" -Doptimize=-O2 -pipe -fno-strict-aliasing -Ui_gdbm -Dusethreads=n -Dusemymalloc=n -Duse64bitint'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    cc='cc', ccflags ='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.12.3/BSDPAN" -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include',
    optimize='-O2 -pipe -fno-strict-aliasing',
    cppflags='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.12.3/BSDPAN" -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.2.1 20070719  [FreeBSD]', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -Wl,-E  -fstack-protector -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lcrypt -lutil
    perllibs=-lm -lcrypt -lutil
    libc=, so=so, useshrplib=true,
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='  -Wl,-R/usr/local/lib/perl5/5.12.3/mach/CORE'
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib -fstack-protector'

Locally applied patches:

@INC for perl 5.12.3:

Environment for perl 5.12.3:
    LANG (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About