[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]
[perl #60378] pos() does not get stored for tainted variables
# New Ticket Created by Martin H. Sluka
# Please include the string: [perl #60378]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=60378 >
This is a bug report for perl from martin@sluka.de,
generated with the help of perlbug 1.36 running under perl 5.10.0.
-----------------------------------------------------------------
[Please enter your report here]
pos() and regex matching with \G does not work if a tainted value
is passed to a sub routine:
$ perl -Tle '$_=shift; /\G(.*)/g; print pos || "-"' foo
3
$ perl -le 'x(shift); sub x { $_[0] =~ /\G(.*)/g; print pos $_[0] || "-" }' foo
3
$ perl -Tle 'x(shift); sub x { $_[0] =~ /\G(.*)/g; print pos $_[0] || "-" }' foo
-
This e.g. causes infinite loops in Locale::Maketext::Guts::_compile().
It works, however, if the value is assigned to a variable first
and then this variable is used for the matching operation:
$ perl -Tle 'x(shift); sub x { my $s = shift; $s =~ /\G(.*)/g; print pos $s || "-" }' foo
3
The issue not only affects the perl version mentioned below but
also the standard perl v5.8.8 interpreter built for
i486-linux-gnu-thread-multi on Debian/Etch and thus probably
other versions, too.
Regards,
fany
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=medium
---
Site configuration information for perl 5.10.0:
Configured by fany at Wed Dec 19 22:11:44 CET 2007.
Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
Platform:
osname=linux, osvers=2.6.22.12-0.1-default, archname=i686-linux-64int
uname='linux bigblue 2.6.22.12-0.1-default #1 smp 20071106 23:05:18 utc i686 i686 i386 gnulinux '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2 -march=pentium4',
cppflags='-fno-strict-aliasing -pipe -I/usr/local/include'
ccversion='', gccversion='4.2.1 (SUSE Linux)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.6.1.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.6.1'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -O2 -march=pentium4 -L/usr/local/lib'
Locally applied patches:
---
@INC for perl 5.10.0:
/usr/local/lib/perl5/5.10.0/i686-linux-64int
/usr/local/lib/perl5/5.10.0
/usr/local/lib/perl5/site_perl/5.10.0/i686-linux-64int
/usr/local/lib/perl5/site_perl/5.10.0
.
---
Environment for perl 5.10.0:
HOME=/home/fany
LANG=de_DE.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/opt/kde3/bin:/home/fany/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/NX/bin:/usr/lib/qt3/bin
PERL_BADLANG (unset)
SHELL=/bin/bash
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]