Lvalue vec() unreliably propagates tainting

[leonerd]

If the value being assigned into an lvalue vec() is tainted, it sometimes does and sometimes doesn't propagate that tainting to the modified scalar.

In the (unlikely) cornercase that vec() itself has to create/upgrade the scalar from NULL, then the newly-created scalar does have tainting:

$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x, 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
TAINTED

However, if the SV was already at least an SVt_PV and vec() is just modifying it in place (possibly by extending the PV buffer) then no tainting is propagated:

$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x = "", 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__

$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x = "X", 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__

[iabyn]

On Fri, May 03, 2024 at 09:43:25AM -0700, Paul Evans wrote: If the value being assigned into an lvalue `vec()` is tainted, it sometimes does and sometimes doesn't propagate that tainting to the modified scalar.

I agree that this inconsistency is a bug, and I think that it should always taint.

…

-- This is a great day for France! -- Nixon at Charles De Gaulle's funeral