It doesn't seem dangerously subtle to me, but that's a very subjective thing; certainly there'd be nothing wrong with putting a comment explaining why this code does the right thing.

As for elegance, I'd prefer to avoid a loop for this knowing that all but the last iteration of the loop will push a constant 0xff; I'd be inclined to write it more like:

  my @bytes = (0xff) x int($mask / 8);
  $off = $mask % 8;
  # to get a value with the top $off bits set, take lots of 1-bits and
+ shift in (8 - $off) zero bits
  push @bytes, (0xff << (8 - $off)) & 0xff if $off;
[download]

Another point: it seems a bit dangerous to return an empty list for invalid arguments, and I notice that you don't include any invalid arguments in your test cases. Since the 'invalid' return is indistinguishable from the valid return for output(0) there is no way for the caller to test for errors.

The simplest way to avoid that would be to die with a useful error message in that case: the caller can still trap errors with eval() if necessary, and it gives a clear distinction between valid and invalid usage.

Finally, it might be unwise to use the variable name $off in the same line as several 0xff constants - they are similar enough that it takes a bit of extra effort to distinguish them when reading the code.

Hugo