develooper Front page | perl.perl5.porters | Postings from August 2012

[perl #114622] Taint makes a floating point scalar behave like an integer

Thread Next
Mark Martinec
August 27, 2012 15:35
[perl #114622] Taint makes a floating point scalar behave like an integer
Message ID:
# New Ticket Created by  Mark Martinec 
# Please include the string:  [perl #114622]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from,
generated with the help of perlbug 1.39 running under perl 5.17.2.

[Please describe your issue here]

A tainted floating point value loses its fraction part
as seen in the following example. Looks like an IV is
used instead of a NV in certain case:

$ perl -Te '
  $tainted = 0 + substr($ENV{PATH},0,0);
  sub pr {printf(shift,@_)};
  my $x=8/3 + $tainted;
  pr("%d\n",$x); pr("%.3f %.3f\n",-$x,$x)'
-2.000 2.667

Without the -T option the result is correct:
-2.667 2.667

This is with 5.17.2,
but *not* with 5.17.3 nor with 5.16.0.

As the problem seems to have been fixed with 5.17.3,
I'm only reporting this because the 5.17.3 perldelta
does not mention any such fix, so it would be good
to know whether the problem was really and consciously
fixed, or just happens not to show up in my code sample.

[Please do not change anything below this line]
Site configuration information for perl 5.17.2:

Configured by mark at Tue Jul 24 18:27:12 CEST 2012.

Summary of my perl5 (revision 5 version 17 subversion 2) configuration:
    osname=freebsd, osvers=7.2-release-p2, archname=amd64-freebsd
    uname='freebsd 7.2-release-p2 freebsd 7.2-release-p2 #0: wed jul 15 15:45:26 cest 2009 amd64 '
    config_args='-Dusedevel -sde -Dprefix=/usr/local -Darchlib=/usr/local/lib/perl5/5.17.2/mach -Dprivlib=/usr/local/lib/perl5/5.17.2 -Dman3dir=/usr/local/lib/perl5/5.17.2/perl/man/man3 -Dman1dir=/usr/local/man/man1 -Dsitearch=/usr/local/lib/perl5/site_perl/5.17.2/mach -Dsitelib=/usr/local/lib/perl5/site_perl/5.17.2 -Dscriptdir=/usr/local/bin -Dsiteman3dir=/usr/local/lib/perl5/5.17.2/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Ui_malloc -Ui_iconv -Uinstallusrbinperl -Dcc=cc -Duseshrplib -Dinc_version_list=none -Dccflags=-DAPPLLIB_EXP="/usr/local/lib/perl5/5.17.2/BSDPAN" -Doptimize=-O2 -fno-strict-aliasing -pipe -Ui_gdbm -Dusethreads=n -Dusemymalloc=n -Duse64bitint'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    cc='cc', ccflags ='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.17.2/BSDPAN" -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include',
    optimize='-O2 -fno-strict-aliasing -pipe',
    cppflags='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.17.2/BSDPAN" -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.2.1 20070719  [FreeBSD]', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-pthread -Wl,-E  -fstack-protector -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lcrypt -lutil
    perllibs=-lm -lcrypt -lutil
    libc=, so=so, useshrplib=true,
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='  -Wl,-R/usr/local/lib/perl5/5.17.2/mach/CORE'
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib -fstack-protector'

Locally applied patches:

@INC for perl 5.17.2:

Environment for perl 5.17.2:
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About