Thank you for the patch, Colin! It is possible to attach it as a patch file? I've tried applying it with no success. This would also make sure your name is provided in. On 01/03/2017 09:09 PM, Colin Newell wrote: > --- > sv.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/sv.c b/sv.c > index 83d82fc..bb158bf 100644 > --- a/sv.c > +++ b/sv.c > @@ -9323,7 +9323,16 @@ SV is set to 1. If C<len> is zero, Perl will > compute the length using > C<strlen()>, (which means if you use this option, that C<s> can't have embedded > C<NUL> characters and has to have a terminating C<NUL> byte). > > -For efficiency, consider using C<newSVpvn> instead. > +This function can cause reliability issues if you are likely to pass in > +empty strings that are not null terminated because it will run > +strlen on the string and potentially run past valid memory. > + > +Using C<newSVpvn> is safer and more efficient regardless of the type > +of string passed in. > + > +Safer for non C<NUL> terminated strings, and more efficient for both > +strings as it will not have to make an additional comparison to determine > +whether or not to run strlen. This seems somewhat repetitive for me, as well as explicitly referring to strlen() which is an implementation detail. What do you think about the following? This function requires all strings to be C<NUL> terminated. For safety and performance, consider using C<newSVpvn> instead.Thread Previous | Thread Next