On 8/31/05, via RT Thilo Girmann <[EMAIL PROTECTED]> wrote: > # New Ticket Created by Thilo Girmann > # Please include the string: [perl #37038] > # in the subject line of all future correspondence about this issue. > # <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=37038 > > > > > This is a bug report for perl from [EMAIL PROTECTED], > generated with the help of perlbug 1.35 running under perl v5.8.7. > > > ----------------------------------------------------------------- > [Please enter your report here] > > (I'm sending this message again using a mail client as it appears > to me that it wasn't delivered by sendmail) > > When: > * doing a global regular match > * using $1 $2 etc. to retrieve extracted substrings > * the original string does not exist any longer > > then $1 $2 etc. is pointing to an unallocated piece of memory. > This way it's possible to return Perl's internal data structures > if the piece of memory got re-used and possibly also cause Perl > to crash if that piece of memory has been returned to the > operating system. > > Here's a simple example to confirm the bug (tested under Windows > NT / ActivePerl 5.8.7 and Linux 2.4 / Perl 5.8.0): > > use strict; > use warnings; > my $s = "abcd"; > $s =~ /(..)(..)/g; > $s = $1; > $s = $2; > print "$s\n"; > > > The statement "$s = $1" causes Perl to re-use the string "abcd" > for storing the first half ("ab") and add a terminating zero. > $2 still points to the original second half but the character > "c" got overwritten neanwhile. > > So if the bug is present you will get " c" or just "c" printed > out instead of the expected "cd".
I can confirm this behaviour is in 5.8.6 and 5.6.1 on Win32. yves -- perl -Mre=debug -e "/just|another|perl|hacker/"