I'm having a "feature or bug?" moment where /gc "continuation matching" seems to behave strangely if the variable in question is tainted AND is within a data structure like an array.

The code below illustrates the issue. If there's a match in the regex, that should leave the pos() value set to 1. That's exactly what it DOES do if you uncomment the 'blind untainting' line below so that $var is not tainted.

However, if $var IS tainted, then continuation matching doesn't work, and pos() doesn't get set. There are no errors or warnings, the documented /gc behaviour just silently stops working.

Can any of you experts on the gory details explain why this happens? Is it a feature or a bug?

I'm using Perl 5.12.3. I get the same behaviour on both Windows and FreeBSD.

#!/usr/bin/perl -T

use strict;
use warnings;

use Scalar::Util qw(tainted);

# Run this as "perl -T test.pl hello" or similar, so $var is "from out
+side"
my $var = shift;

# Uncomment the following line to untaint $var and see 'normal' behavi
+our of pos()
# $var =~ /(.*)/; $var = $1;    # Untaint blindly, don't do this in re
+al code

# Report whether $var is tainted or not
print "Var is " . (tainted($var) ? "tainted" : "not tainted") . "\n";

# Odd behaviour only arises when tainted $var is in an array
my @array = ($var);

# If this matches, then pos() should be set to 1
$array[0] =~ /./gc    and print "Match found";

# Check what pos() actually IS set to... 
my $pos = pos($array[0]) // 'UNDEF';
print "Pos is now $pos\n";
[download]