Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^4: hex numbers

by shmem (Chancellor)
on Jan 14, 2021 at 18:36 UTC ( [id://11126924]=note: print w/replies, xml ) Need Help??


in reply to Re^3: hex numbers
in thread hex numbers

davido didn't say that: "This works but is NOT recommended, and can be unsafe", and at least to me it's obvious that this refers to what you said

Using string eval on a proper hex string constant can not be unsafe. While warning aubout string eval composed of user input or some such is appropriate, it is not for this construct. Warnings should be correct. Saying to a girl "if you kiss that boy you'll get pregnant!" is, albeit often turning out true in the long run, incorrect and misleading. Hence my comment.

perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'

Replies are listed 'Best First'.
Re^5: hex numbers
by dave_the_m (Monsignor) on Jan 14, 2021 at 19:06 UTC
    And of course code which assumes that the string can only ever contain hex digits is an exploit waiting to happen.

    Dave.

      That is what regular expressions are for:

      local $_ = <STDIN>; chomp; my $hexnum = undef; $hexnum = eval "0x$1" if (m/^(?:0[xX])?([[:xdigit:]]+)$/); die "bad input" unless defined $hexnum;

      Do not assume that the input meets your constraints — verify that the input meets your constraints! :-)

      And of course code which assumes that the string can only ever contain hex digits is an exploit waiting to happen.

      Code which doesn't assume the type of content of a variable but contains a string constant is only exploitable by editing the source file and munging the constant.

      See my answer to davido below.

      perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
Re^5: hex numbers
by haukex (Archbishop) on Jan 14, 2021 at 19:04 UTC
    Using string eval on a proper hex string constant can not be unsafe.

    Of course not, but again, it is a matter of how likely it is the OP is doing that vs. the string coming from outside the program.

    While warning aubout string eval composed of user input or some such is appropriate, it is not for this construct.

    Your interpretation of "This works but is NOT recommended, and can be unsafe" is very different from mine, but I've already explained myself.

    Warnings should be correct. Saying to a girl "if you kiss that boy you'll get pregnant!" is, albeit often turning out true in the long run, incorrect and misleading.

    I don't agree with that comparison; I personally think stringy eval is dangerous enough to compare it to unprotected sex instead of kissing, in which case your post is the one that is misleading. But this moving into the area of opinions, which we could argue about all day. I did say that your clarification of the warning is a good thing, I just personally wouldn't have worded it as strongly as you did.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11126924]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2024-03-29 15:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found