develooper Front page | perl.perl5.porters | Postings from February 2020

Re: Backporting ac3afc4b35 (regcomp.c: make \K+ and \K* illegal.)

Thread Previous | Thread Next
From:
demerphq
Date:
February 9, 2020 02:07
Subject:
Re: Backporting ac3afc4b35 (regcomp.c: make \K+ and \K* illegal.)
Message ID:
CANgJU+VFP5gx=Kx=9zDyANGTj1Oza4KXuSTSfi8exhaoL9QWzg@mail.gmail.com
On Sun, 9 Feb 2020, 05:38 Ricardo Signes, <perl.p5p@rjbs.manxome.org> wrote:

> On Fri, Feb 7, 2020, at 1:08 PM, Steve Hay via perl5-porters wrote:
>
> Unless there is some overriding (security-based) need to have it then I
> think we should not, at least in its current form.
>
> If it really is an essential fix to include then is there some way to
> rework it that retains the fix itself but without introducing the new error?
>
>
> perlpolicy:
>
>     The following types of change are NOT acceptable:
>     *   Patches that add new warnings or errors or deprecate features.
>
> I think it would be a mistake to introduce a new error unless there is a
> grave, pressing reason.  A large part of the purpose of the strictness of
> maintenance releases is to make upgrading within one version of perl5 as
> close to guaranteed safe as possible.  Security and crashing fixes are
> eliminated, no other behavior is changed.  Introducing a new fatal error is
> a loaded gun.
>
> This will not affect only programs that would already be broken.
>
> $ perl5.30.1 -E 'if (0) { /\K+/ } say "ok 1"'
> ok 1
>
> ~/code/perl5$ ./perl -I lib -E 'if (0) { /\K+/ }'
> \K+ is forbidden - matches null string many times in regex; marked by <--
> HERE in m/\K+ <-- HERE / at -e line 1.
>
> -1 on applying this to maint.
>

Shrug. I think this is a toy example and the test cases produce a far more
dangerous outcome than this.

Yves

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About