develooper Front page | perl.perl5.porters | Postings from April 2021

Re: Perl 7: Fix string leaks?

Thread Previous | Thread Next
From:
Ben Bullock
Date:
April 1, 2021 11:56
Subject:
Re: Perl 7: Fix string leaks?
Message ID:
CAN5Y6m9pFPiu7jbgNxy-tyj35-P3o=9_RFeF2A9RqLRZAEpSqg@mail.gmail.com
On Thu, 1 Apr 2021 at 20:15, Felipe Gasper <felipe@felipegasper.com> wrote:

> Also, this isn’t quite true. It’s entirely possible for Perl or
> some XS module to upgrade a string that contains a PNG.

It's possible for an XS module to do that but it's not relevant, since
the content is not text data, and it is still possible to do that no
matter how the bytes are obtained, using SvPVbyte or whatever:

XS code (sorry but gmail hates tabs so the indentation is missing):

SV * disaster (gd)
SV * gd
PREINIT:
char * c;
STRLEN l;
CODE:
c = SvPVbyte (gd, l);
RETVAL = newSVpv (c, l);
SvUTF8_on (RETVAL);
OUTPUT:
RETVAL

Script to run it:

no utf8;
my $input = 'かきくけこ';
my $output = g::disaster ($input);
binmode STDOUT, ":encoding(utf8)";
print "$output\n";

I'm not sure under what circumstances Perl would arbitrarily
up/downgrade a binary string, do you have a code example which doesn't
involve directly calling utf8::utt8_down/upgrade? It seems not
possible to me unless the user does some kind of broken string
manipulation onto the data.

> If Perl could distinguish binary from text we could prevent
> that. (See my proposal earlier in this thread.)

I only subscribed to this mailing list a short while ago and the web
server for the mailing list is out of action at the moment, was this
your proposal to add more bit flags? I really thought that was a very
good idea, in terms of solving the problem of dealing with the
utf8_downgrade problem, but I can't find the original post now.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About