develooper Front page | perl.perl5.porters | Postings from May 2016

[perl #128225] substitution within (?{}) causes segmentation fault

Thread Previous | Thread Next
From:
Father Chrysostomos via RT
Date:
May 26, 2016 01:03
Subject:
[perl #128225] substitution within (?{}) causes segmentation fault
Message ID:
rt-4.0.18-20979-1464224582-1015.128225-15-0@perl.org
On Wed May 25 16:33:50 2016, trizenx@gmail.com wrote:
> On Wed May 25 15:55:20 2016, sprout wrote:
> > On Wed May 25 15:42:20 2016, trizenx@gmail.com wrote:
> > > Code simplified to:
> > >
> > > ### BEGIN-CODE ###
> > >
> > > m{
> > >     (?{ print "hi\n" })
> > > }x;
> > >
> > > //;//;//;//;//;
> > >
> > > ### END-CODE ###
> >
> > I don‘t see what the bug is here.  The empty pattern re-uses the last
> > successful match.
> 
> I never heard of this behavior before. Is this officially documented?

perl.git$ ack 'last successful' pod
pod/perlfunc.pod
7436:interpretation as the last successful match.

pod/perlop.pod
2078:evaluates to the empty string, the last successfully executed regular

pod/perlretut.pod
1559:the regexp in the I<last successful match> is used instead.  So we have

> 
> Personally, I see it as a security issue. For example, consider the
> following artificial scenario:
> 
> ### BEGIN-CODE ###
> 
> /(?{ print "sending money\n" })/x;
> 
> print "Insert regex: ";
> chomp(my $regex = <STDIN>);        # just press ENTER
> /\Q$regex/;                        # will send money again
> 
> ### END-CODE ###

You have to use (?:) in cases like that:

/(?{ print "sending money\n" })/x;

print "Insert regex: ";
chomp(my $regex = <STDIN>);        # just press ENTER
/(?:\Q$regex\E)/;                  # will send money again

> If a user inserts a regular expression that happens to coincide with
> the last regular expression that successfully matched, but also
> executed some code in (?{}), the same code will be executed again,
> which is something that I don't think it should happen.

Neither do I (at least with /$foo/; with // it should stay as it is), but it is hard to change this because of backward compatibility.

That’s a separate issue from your original post.  If you want to continue discussing this particular point, please open a new ticket.

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=128225

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About