You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the value being assigned into an lvalue vec() is tainted, it sometimes does and sometimes doesn't propagate that tainting to the modified scalar.
In the (unlikely) cornercase that vec() itself has to create/upgrade the scalar from NULL, then the newly-created scalar does have tainting:
$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x, 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
TAINTED
However, if the SV was already at least an SVt_PV and vec() is just modifying it in place (possibly by extending the PV buffer) then no tainting is propagated:
$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x = "", 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x = "X", 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
The text was updated successfully, but these errors were encountered:
On Fri, May 03, 2024 at 09:43:25AM -0700, Paul Evans wrote:
If the value being assigned into an lvalue `vec()` is tainted, it
sometimes does and sometimes doesn't propagate that tainting to the
modified scalar.
I agree that this inconsistency is a bug, and I think that it should
always taint.
If the value being assigned into an lvalue
vec()
is tainted, it sometimes does and sometimes doesn't propagate that tainting to the modified scalar.In the (unlikely) cornercase that
vec()
itself has to create/upgrade the scalar from NULL, then the newly-created scalar does have tainting:However, if the SV was already at least an
SVt_PV
andvec()
is just modifying it in place (possibly by extending the PV buffer) then no tainting is propagated:The text was updated successfully, but these errors were encountered: