In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Ton Hospel) writes:
> Am I always supposed to clean up that kind of unwanted state if I
> get an sv from a TARG ?
> Shouldn't perl itself take care of that before presenting a TARG ?
> If not so, what's the way you're supposed to get a "clean slate" before
> starting to use the value ?
>
> Is maybe perl riddled with variations of this bug ?
Mm, this same problem is easy to trigger in other operators.
Just opening pp.c and scanning for dTARGET for an operator
that may set utf8 on it, leads as first candidate to chop.
And indeed, it's an immediate hit:
perl -wle 'use Devel::Peek; my $a=$b="\xff"; utf8::upgrade($a); Dump(chop) for
$a,$b'
SV = PV(0x816244c) at 0x81734dc
REFCNT = 1
FLAGS = (PADTMP,POK,pPOK,UTF8)
PV = 0x8163acc "\303\277"\0 [UTF8 "\x{ff}"]
CUR = 2
LEN = 3
SV = PVMG(0x81966fc) at 0x81734dc
REFCNT = 1
FLAGS = (PADTMP,SMG,POK,pPOK,UTF8)
IV = 0
NV = 0
PV = 0x8163acc "\377"\0Malformed UTF-8 character (unexpected end of string)
at -e line 1.
Malformed UTF-8 character (byte 0xff) in subroutine entry at -e line 1.
[UTF8 "\x{0}"]
CUR = 1
LEN = 3
MAGIC = 0x817b380
MG_VIRTUAL = &PL_vtbl_utf8
MG_TYPE = PERL_MAGIC_utf8(w)
The second time around the \xff incorrectly gets the utf8 flag
Things like lc() do SvUTF8_off beforehand, but there are other forms
of state beyond utf8, for example tie magic. And the TARG result itself
can be gotten to using "for" to make an alias:
perl -wle 'sub TIESCALAR { return bless [] }; for (1..2) { for my $a (lc) { tie
$a,"main"}}'
Can't locate object method "STORE" via package "main" at -e line 1.
On the second round through this loop $a (aliased to the TARG) is still tied,
and the attempt to set the result triggers the STORE. Conceptually the tie
should have been lost on the first round and STORE never called.
Many (most ?) perl operators can be triggered with some form of
this problem, e.g. here is addition:
perl -wle 'sub TIESCALAR { return bless [] }; for (1..2) { for my $a ($_+3) {
tie $a,"main"}}'
Can't locate object method "STORE" via package "main" at -e line 1.
Tainting seems to get away lucky:
perl -Twle 'use Scalar::Util qw(tainted); use Devel::Peek; for (1..2) { for
($_+3) { print 0+tainted($_); Dump($_); $_ .= substr($0,0,0)}}'
0
SV = IV(0x81ebc98) at 0x81734b8
REFCNT = 2
FLAGS = (PADTMP,IOK,pIOK)
IV = 4
0
SV = PVMG(0x817c080) at 0x81734b8
REFCNT = 2
FLAGS = (PADTMP,GMG,SMG,pIOK)
IV = 5
NV = 0
PV = 0x8163e0c "4"\0
CUR = 1
LEN = 2
MAGIC = 0x81ee1e8
MG_VIRTUAL = &PL_vtbl_taint
MG_TYPE = PERL_MAGIC_taint(t)
So the taint magic is there, but seemingly because it misses the
MG_LEN = 1
it's not recognized as really tainted.
