The code below illustrates the issue. If there's a match in the regex, that should leave the pos() value set to 1. That's exactly what it DOES do if you uncomment the 'blind untainting' line below so that $var is not tainted.
However, if $var IS tainted, then continuation matching doesn't work, and pos() doesn't get set. There are no errors or warnings, the documented /gc behaviour just silently stops working.
Can any of you experts on the gory details explain why this happens? Is it a feature or a bug?
I'm using Perl 5.12.3. I get the same behaviour on both Windows and FreeBSD.
#!/usr/bin/perl -T use strict; use warnings; use Scalar::Util qw(tainted); # Run this as "perl -T test.pl hello" or similar, so $var is "from out +side" my $var = shift; # Uncomment the following line to untaint $var and see 'normal' behavi +our of pos() # $var =~ /(.*)/; $var = $1; # Untaint blindly, don't do this in re +al code # Report whether $var is tainted or not print "Var is " . (tainted($var) ? "tainted" : "not tainted") . "\n"; # Odd behaviour only arises when tainted $var is in an array my @array = ($var); # If this matches, then pos() should be set to 1 $array[0] =~ /./gc and print "Match found"; # Check what pos() actually IS set to... my $pos = pos($array[0]) // 'UNDEF'; print "Pos is now $pos\n";
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |