Perl
Lvalue `vec()` unreliably propagates tainting
If the value being assigned into an lvalue vec() is tainted, it sometimes does and sometimes doesn't propagate that tainting to the modified scalar.
In the (unlikely) cornercase that vec() itself has to create/upgrade the scalar from NULL, then the newly-created scalar does have tainting:
$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x, 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
TAINTED
However, if the SV was already at least an SVt_PV and vec() is just modifying it in place (possibly by extending the PV buffer) then no tainting is propagated:
$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x = "", 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
$ perl -T -MTaint::Util
use v5.36;
taint( my $y = 123 );
vec( my $x = "X", 0, 8 ) = $y;
say "TAINTED" if tainted $x;
__END__
On Fri, May 03, 2024 at 09:43:25AM -0700, Paul Evans wrote:
If the value being assigned into an lvalue
vec()is tainted, it sometimes does and sometimes doesn't propagate that tainting to the modified scalar.
I agree that this inconsistency is a bug, and I think that it should always taint.
-- This is a great day for France! -- Nixon at Charles De Gaulle's funeral
