Nicholas Clark writes: : On Fri, Nov 09, 2001 at 09:14:10AM -0800, Larry Wall wrote: : > NaN is merely the floating-point representation of undef when your : > variable is stored in a bare num. And if you declare a variable as : > int, there may well be no representation for undef at all! Similarly, : > it may be impossible to taint an int or a num, unless we can figure : > out a way to stuff such information into 0 bits. But I'd like an : > array of int or num to be compact. : : Probably this is rather late, and possibly this is an internals issue, but : isn't squeezing it in 0 bits as simple as having a parallel bit array for : storing the taint bit for each array of int or array of num? : (when tainting is enabled)
We could certainly do that. But it's possible we could simply deem numbers not to be a large security threat. Numbers don't generally contain a lot of shell metacharacters, for instance. And most numeric algorithms are pretty sensible about dealing with out-of-range numbers. I expect troublesome numbers like SSNs and telephone numbers would mostly remain stored as strings. It's possible that a maliciously large number could cause excessive memory allocation, but tainting doesn't check for that now... Larry
