develooper Front page | perl.perl5.porters | Postings from February 2020

Re: Backporting ac3afc4b35 (regcomp.c: make \K+ and \K* illegal.)

Thread Previous | Thread Next
February 9, 2020 02:07
Re: Backporting ac3afc4b35 (regcomp.c: make \K+ and \K* illegal.)
Message ID:
On Sun, 9 Feb 2020, 05:38 Ricardo Signes, <> wrote:

> On Fri, Feb 7, 2020, at 1:08 PM, Steve Hay via perl5-porters wrote:
> Unless there is some overriding (security-based) need to have it then I
> think we should not, at least in its current form.
> If it really is an essential fix to include then is there some way to
> rework it that retains the fix itself but without introducing the new error?
> perlpolicy:
>     The following types of change are NOT acceptable:
>     *   Patches that add new warnings or errors or deprecate features.
> I think it would be a mistake to introduce a new error unless there is a
> grave, pressing reason.  A large part of the purpose of the strictness of
> maintenance releases is to make upgrading within one version of perl5 as
> close to guaranteed safe as possible.  Security and crashing fixes are
> eliminated, no other behavior is changed.  Introducing a new fatal error is
> a loaded gun.
> This will not affect only programs that would already be broken.
> $ perl5.30.1 -E 'if (0) { /\K+/ } say "ok 1"'
> ok 1
> ~/code/perl5$ ./perl -I lib -E 'if (0) { /\K+/ }'
> \K+ is forbidden - matches null string many times in regex; marked by <--
> HERE in m/\K+ <-- HERE / at -e line 1.
> -1 on applying this to maint.

Shrug. I think this is a toy example and the test cases produce a far more
dangerous outcome than this.


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About