| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
They are almost identical. This gives the compiler less code
to digest.
|
|
|
|
| |
These ops considered typeglobs read-only, even if they weren’t.
|
|
|
|
|
|
| |
$[ remains as a variable. It no longer has compile-time magic.
At runtime, it always reads as zero, accepts a write of zero, but dies
on writing any other value.
|
|
|
|
|
|
|
|
|
|
|
| |
There are so many cases that use this incantation to get around
gv_fetchsv’s calling of get-magic--
STRLEN len;
const char *name = SvPV_nomg_const(sv,len);
gv = gv_fetchpvn_flags(name, len, flags | SvUTF8(sv), type);
--that it’s about time we had a shorthand.
|
|
|
|
|
|
|
| |
pp_rv2gv has already called get-magic, so pp_sassign should not do
it at all.
This is a regression from 5.8.8.
|
|
|
|
|
|
|
|
| |
8ca8a454f60a417f optimised the implementation of s///r by avoiding an
unconditional copy of the original value. However, it introduced a behaviour
regression where if original value happened to be one of a few particular
types, it could be modified by being forced to a string using SvPV_force().
The substitution was (correctly) performed on a copy of this string.
|
|
|
|
|
|
|
| |
This commit allows the subs in the CORE package for close, getc and
readline to be called through references and via ampersand syntax. The
pp functions are modified to take into account the nulls that coreargs
pushes on to the stack to indicate that there is no argument.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit allows the CORE subroutines for functions with @
and $@ prototypes to be called through references and via amper-
sand syntax.
unlink is not included in this commit, as it requires special casing
due to its use of implicit $_.
Since these functions require a pushmark, and since it has to come
between two things that pp_coreargs does, it’s easiest to flag the
coreargs op (with the OPpCOREARGS_PUSHMARK flag added in the previous
commit) and call pp_pushmark directly from pp_coreargs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This little script:
sub TIESCALAR{bless[]}
sub FETCH{warn "fetching"; "main"}
sub bolgy { warn 'bolgy' }
tie my $a, "";
$a->bolgy;
Gives these outputs with various versions of perl:
$ pbpaste|perl5.6.2
fetching at - line 2.
fetching at - line 2.
bolgy at - line 3.
$ pbpaste|perl5.8.8
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
Can't call method "bolgy" without a package or object reference at - line 5.
$ pbpaste|perl5.8.9
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
bolgy at - line 3.
$ pbpaste|perl5.10.0
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
Can't call method "bolgy" without a package or object reference at - line 5.
$ pbpaste|perl5.10.1 # also 5.12.x
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
bolgy at - line 3.
$ pbpaste|perl5.14.0
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
fetching at - line 2.
Can't locate object method "bolgy" via package "main" (perhaps you forgot to load "main"?) at - line 5.
It’s worse than ever in 5.14.
What’s happening is that S_method_common is hanging on to the pointer
returned by SvPV, while continuing to call get-magic again and again.
So the pointer becomes invalid. I think it’s only by accident that
it worked in some versions.
This commit stops S_method_common from calling get-magic so many
times, solving both problems.
I’m afraid this conflicts with ongoing work to make method lookup
UTF8-clean, but I wanted to make a patch that could be backported.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch prevents get-magic from executing twice during autovivifi-
cation when the op doing the autovivification is not directly nested
inside the dereferencing op.
This can happen in cases like this:
${ (), $a } = 1;
Previously (as of 5.13.something), the outer op was marked with the
OPpDEREFed flag, which indicated that get-magic had already been
called by the vivifying op (calling get-magic during vivification is
inevitable):
$ perl5.14.0 -MO=Concise -e '${ $a } = 1'
8 <@> leave[1 ref] vKP/REFC ->(end)
1 <0> enter ->2
2 <;> nextstate(main 2 -e:1) v:{ ->3
7 <2> sassign vKS/2 ->8
3 <$> const[IV 1] s ->4
6 <1> rv2sv sKRM*/DREFed,1 ->7 <-- right here
- <@> scope sK ->6
- <0> ex-nextstate v ->4
5 <1> rv2sv sKM/DREFSV,1 ->6
4 <#> gv[*a] s ->5
-e syntax OK
But in the ${()...} example above, there is a list op in the way that
prevents the flag from being set inside the peephole optimizer. It’s
not even possible to set it correctly in all cases, as in this exam-
ple, which would need it both set and not set depending on which
branch of the ternary operator is executed:
${ $x ? delete $a[0] : $a[0] } = 1
Instead of setting the OPpDEREFed flag, we now make a non-magic copy
of the SV in vivify_ref (the first time get-magic is executed).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract most of the body of pp_ncmp() (numeric compare) into a separate
function, do_ncmp(), then make the following ops use it:
pp_ncmp
pp_lt
pp_le
pp_eq
pp_ne
pp_ge
pp_gt
This removes a lot of similar or duplicated code, most of which is
dedicated to handling the various combinations of IV verses UV verses NV
verses NaN.
The various ops first check for, and directly process, the simple and common
case of both args being SvIOK_notUV(), and pass the processing on to
do_ncmp() otherwise. Benchmarking seems to indicate (but with a lot of
noise) that the SvIOK_notUV case is slightly faster than before, and the
do_ncmp() branch slightly slower.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All the compare ops (such as pp_le), have an initial:
tryAMAGICbin_MG(le_amg, AMGf_numeric);
The effect of the AMGf_numeric flag is that, if the le overloading fails,
but either of the args on the stack is a reference, then that arg is
replaced with a temporary non-ref arg that is either the result of
'0+' overloading, or is a UV with the numerical value of the ref's
address. So by the time the main body of the op is called, neither arg
can be a ref.
Thus a whole bunch of nearly identical blocks can be removed, which *used*
to handle comparing refs:
if (SvROK(TOPs) && !SvAMAGIC(TOPs) && SvROK(TOPm1s) && !SvAMAGIC(TOPm1s)) {
SP--;
SETs(boolSV(SvRV(TOPs) <= SvRV(TOPp1s)));
RETURN;
}
|
|
|
|
|
|
| |
Instead, take advantage of the "can't edit in place" code path of pp_subst
which writes to a new scalar, and that pp_substcont always leaves the original
intact, writing to a new scalar.
|
|
|
|
|
|
| |
This is so that it can share code with pp_return. I was going to move
pp_return into pp_hot.c, but it uses static functions that other pp_
functions in pp_ctl.c use.
|
|
|
|
| |
As of bb3abb0, this can no longer happen.
|
|
|
|
|
|
|
|
|
| |
Creation of the mortal can be done with newSVpvn_flags(), saving 1 function
call. Also, the mortal stack uses 1 pointer, whereas the save stack will use 2.
It doesn't matter that dstr is now marked SVs_TEMP, as both code paths already
gut it, stealing its SvPVX(). The SV head will happen to last a bit longer now,
to the next FREETMPS, instead of the the scope pop at the end of pp_subst or
pp_substcont.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
return and leavesub see if they can cheat by not copying anything
marked TEMP, since presumably nothing else is using it. That means
the return values of delete() and shift() are not copied. Since @_
aliases to the caller’s variables, sometimes what is returned *is*
used elsewhere and still marked TEMP. So cases like sub { return
delete $_[0] } ->($x) end up returning $x unchanged, instead of
copying it.
As mentioned in the ticket, the solution is to copy only if the refer-
ence count is 1.
This also allows me to simplify the lvalue-returning code without
spreading this bug further. (pp_leavesublv currently avoids calling
sv_2mortal, in order not to set the TEMP flag.)
|
|
|
|
|
|
|
|
| |
They were only doing so in reference context (subroutine args,
for(...)).
Explicit return already worked, but only because I didn’t write it
well. I’m in the process of trying to merge the two.
|
|
|
|
|
|
| |
The previous slightly contorted logic had an if() block that ended in a goto,
where the target was only 6 lines later, and could not be reached directly.
It dates back to (at least) 5.000, with no structural changes since then.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
6a077020aea1c5f0 extended the OP_AELEMFAST optimisation to lexical arrays.
Previously OP_AELEMFAST was only used as an optimisation for OP_GV, which is a
PADOP/SVOP.
However, by reusing the same opcode, and signalling (pad) lexical vs package,
it introduced a myriad of special cases, because OP_PADAV is a BASEOP (not a
PADOP), whilst OP_AELEMFAST is a PADOP/SVOP (which is larger).
Using two OP numbers allows each variant to have the correct OP flags in
PL_opargs. Both can continue to share the same C code.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a recent (post-5.14.0) regression.
Commit bf8fb5e (the fix for #62498) introduced it for lvalue subs with
no return statement [perl #92406].
Commit fa1e92c (the fix for #72724) introduced it for lvalue subs that
do have an explicit return [perl #92290].
Simply returning a scalar itself from an lvalue sub does not work if
it is a pad variable with a reference count of 1. In that circum-
stance, the sub-popping code sees that the SV can be re-used the next
time the sub is called, so it undefines it and hangs on to it. So
the scalar returned gets emptied before the calling code can see it.
The reference count has to be increased temporarily, which sv_2mortal
and SvREFCNT_inc combined accomplish.
|
|
|
|
|
|
|
|
|
|
|
| |
(That’s ‘reference’ as in ‘pass by reference’. It applies to
foo(lvalue_func()) and for(lvalue_func()).)
Commit f71f472 took care of scalar context.
Commit a0aa607 came and long and took care of list context, but,
unfortunately, missed reference context.
This commit takes care of that.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This finishes fixing bug #23790.
When called in reference context (for(...) or map $_, ...), lvalue
subs returning arrays or hashes would return the AV or HV itself, as
though it were lvalue context.
The result was that $_ would be bound to an AV or HV, which is not
supposed to happen, as it’s a scalar (that’s when you start getting
‘Bizarre copy’ errors).
Commit 91e34d82 fixed this in pp_leavesublv, but the if condition it
added was placed outside the loop, so it only applied when the array
was the first thing returned. It also did not take hashes into account.
By changing the lvalue-context check in pp_padav, pp_padhv and
pp_rv2av (which also serves as pp_rv2hv), I was able to apply a more
general fix, which also fix another bug: Those array and hash ops were
croaking when called in scalar reference context (...->$method).
Because it is no longer part of the sub-leaving code, explicitly
returning an array in reference context works now, too.
This commit also eliminates the code added by 91e34d82, as it’s no
longer necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit makes autovivification work with lvalue subs. It follows
the same technique used by other autovivifiable ops (aelem, helem,
tc.), except that, due to flag constraints, it uses a single flag and
instead checks the op tree at run time to find out what sort of thing
to vivify.
The flag constraints are that these two flags:
#define OPpENTERSUB_HASTARG 32 /* Called from OP tree. */
#define OPpENTERSUB_NOMOD 64 /* Immune to op_lvalue() for :attrlist. */
conflict with these:
#define OPpDEREF (32|64) /* autovivify: Want ref to something: */
#define OPpDEREF_AV 32 /* Want ref to AV. */
#define OPpDEREF_HV 64 /* Want ref to HV. */
#define OPpDEREF_SV (32|64) /* Want ref to SV. */
Renumbering HASTARG and NOMOD is problematic, as there are places in
op.c that change entersubs into rv2cvs, and the entersub and rv2cv
flags would conflict. Setting the flags correctly when changing the
type is hard and would result in subtle bugs if not done perfectly.
Ops like ${...} don’t actually autovivify; it’s the op inside that
does it. In those cases, the parent op is flagged with OPpDEREFed, and
it skips get-magic, as it has already been called by the inner op.
Since entersub is now marked as being an autovivifying op, ${...} in
lvalue context ends up skipping get-magic if there is a foo() inside.
And this affects even regular subs. So pp_leavesub and pp_return have
to call get-magic; hence the new tests in gmagic.t.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
That RT ticket reported that a $ prototype puts an implicit scalar()
on its argument, and that scalar(lvalue()) causes the function to
return a temporary value. In particular:
${\scalar($_)} = 1; # ok
${\scalar f()} = 1; # no effect
(where f is an lvalue sub that returns $_).
It turns out that this does not only affect scalar(), but also
|| and &&:
${\($_ && undef)} = 3; # ok
${\(f() && undef)} = 3; # no effect
Also, that comment in pp_leavesublv about f()->meth() not being lvalue
context is wrong, as
$o->${\sub { $_[0] = "whatever" }};
assigns to $o, and
sub UNIVERSAL::undef { undef $_[0] }
allows calls like
$x->undef
to undefine $x, if it contains an object or package name.
Since copying values in rvalue context is wasteful anyway, since the
definition of rvalue context is that the value is going to be copied
(resulting in *two* copies), the easiest solution is not to copy val-
ues in rvalue context.
This ends up applying to what I call ‘reference’ context (semi-lvalue,
or potential lvalue) as well.
This works already with explicit return.
As a bonus, this also fixes bug #78680, for which there are already
to-do tests that were added before the bug was reported. See also:
http://www.nntp.perl.org/group/perl.perl5.porters/;msgid=20060118203058.GQ616@plum.flirble.org
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In perl 5.8.1 and earlier, sub{} would return @_ in list context. This
was fixed in 5.8.2 for regular subs, but not lvalue subs.
Before the syntactic restriction on return values was removed in
commit 145b2bb, there was a bug affecting compilation of empty subs
before any use statement:
$ perl5.14.0 -e 'sub foo :lvalue {}'
Can't modify stub in lvalue subroutine return at -e line 1, near "{}"
Execution of -e aborted due to compilation errors.
$ perl5.14.0 -le 'use sigtrap; sub foo :lvalue {} print "ok"'
ok
But I digress. :-)
Up to 5.14, lvalue subs were still returning @_, or, rather, the ele-
ments of @_ as separate scalars:
$ perl5.14.0 -Mre -le '(sub :lvalue {}->($a,$b))=(3,4); print "$a $b"'
Useless use of "re" pragma at -e line 0
3 4
(Not exactly useless, eh? The -Mre allows the sub to compile.)
This commit fixes that bug.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is perhaps not ideal, but it fixes (or allows to be fixed) seve-
ral bugs.
I was hoping that the cases that this perhaps erroneously allows
through would fall back to the warning I added in commit 8fe85e3, but,
unfortunately, in all these cases the refcount is greater than 1 when
pp_sassign is reached.
To be less vague: ‘foo() = 3’ warns if foo() returns a TEMP with no
set-magic and a refcount of 1 (meaning it will be freed shortly). But
truly temporary values returned by pure-Perl lvalue subs have a refer-
ence count of at least 2, and as many entries on the mortals stack.
I cannot distinguish between truly temporary values and those that
are but nominally temporary (marked TEMP because the refcount will go
down, but not to zero) by checking for a refcount <= 2 in pp_sassign,
because this example returns with a refcount of 2:
+sub :lvalue { return delete($_[0]), $x }->($x) = 3; # returns a TEMP
There’s no logical reason why that shouldn’t work, if this does:
+sub :lvalue { return foo(), $x }->($x) = 3; # not TEMP
as they are conceptually identical.
The advantages to this change:
• The delete example above will work.
• It allows XS lvalue subs that return TEMPs to work in the debugger
[perl #71172], restoring the bug fix that b724cc1 implemented but
c73030b reverted.
• It makes these three cases identical, as they should be. Note that
only two of them return TEMPs:
+sub :lvalue { return shift }->($x) = 3;
+sub :lvalue { \@_; return shift }->($x) = 3; # returns a TEMP
+sub :lvalue { return delete $_[0] }->($x) = 3; # returns a TEMP
So I think the advantages outweigh the disadvantages.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit b724cc14b25929aee44eee20bd26102cceb520b6.
Lvalue subroutines are more of a mess than I realised when I made
that commit.
I just tried removing the syntactical restriction on what the last
statement or the argument to return can be in an lvalue sub. It opened
a whole can of worms.
PADTMPs are bizarre creatures that have somewhat erratic behaviour.
Since assigning to a PADTMP is almost always a mistake (since the
value will definitely be discarded), those *should* be disallowed,
when the sub is called in lvalue context. That also avoids propagating
a whole load of bugs when referencing PADTMPs, aliasing to them, etc.
Read-only scalars end up triggering a ‘Modification of a read-only
value attempted’ message without the restrictions in pp_leavesublv,
but the message the latter was providing (which this revert restores)
is clearer (‘Can't return a readonly value from lvalue subroutine’).
Speaking of lvalue context, there are three types of context with
regard to lvalue-ness (orthogonal to the usual void/scalar/list
contexts):
• rvalue context ($x = func())
• lvalue context (func() = $x)
• semi-lvalue context (\func())
Each is handle by a separate code path in pp_leavesublv:
• rvalue context - any value can be returned; it’s copied (waste-
ful, perhaps?)
• semi-lvalue context - any value can be returned; it’s not copied
• lvalue context - stringent rules about what can and cannot be
returned (which this revert restores)
So it is perfectly fine to restrict what can be returned from an
lvalue sub *in true lvalue context*, without affected rvalue use.
Now, regarding TEMPs, although this commit restores the restriction on
returning TEMPs, a forthcoming commit will relax that restriction once
more, since it causes bugs.
|
|
|
|
| |
Commit f71f472 missed list assignment. :-(
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit removes the restriction on returning temps and read-only
scalars from lvalue subs that occurs when the sub returns implicitly
(with no ‘return’ statement; ‘return’ has never had that restriction).
It does not actually help pure-Perl lvalue subs much yet, as op.c
still enforces lvalue syntax on the last statement.
But this should fix bug #71172, allowing XS lvalue subs to work under
the debugger.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first step in downgrading a fatal error (Can't return a
temporary from lvalue subroutine) to a warning. Currently only XS
lvalue routines that return TEMPs and pure-Perl lvalue routines that
use explicit return (which don’t quite work properly yet anyway,
despite commit fa1e92c) are affected by this.
This is implemented in pp_sassign and pp_aassign, rather than
pp_leavesublv, so it will affect explicit returns and so it will
be skipped for overloaded ‘.=’, etc.
Thanks to Craig DeForest for suggesting how to do this.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This:
commit 8aacddc1ea3837f8f1a911d90c644451fc7cfc86
Author: Nick Ing-Simmons <nik@tiuk.ti.com>
Date: Tue Dec 18 15:55:22 2001 +0000
Tidied version of Jeffrey Friedl's <jfriedl@yahoo.com> restricted hashes
- added delete of READONLY value inhibit & test for same
- re-tabbed
p4raw-id: //depot/perlio@13760
essentially deprecated HvKEYS() in favor of HvUSEDKEYS(); this is
explained in line 144 (now 313) of file `hv.h':
/*
* HvKEYS gets the number of keys that actually exist(), and is provided
* for backwards compatibility with old XS code. The core uses HvUSEDKEYS
* (keys, excluding placeholdes) and HvTOTALKEYS (including placeholders)
*/
This commit simply puts that into practice, and is equivalent to running
the following (at least with a35ef416833511da752c4b5b836b7a8915712aab
checked out):
git grep -l HvKEYS | sed /hv.h/d | xargs sed -i s/HvKEYS/HvUSEDKEYS/
Notice that HvKEYS is currently just an alias for HvUSEDKEYS:
$ git show a35ef416833511da752c4b5b836b7a8915712aab:hv.h | sed -n 318p
#define HvKEYS(hv) HvUSEDKEYS(hv)
According to `make tests':
All tests successful.
|
|
|
|
|
| |
This code, added recently in 4c3ac4b and amended in 837c879, has been
unnecessary since commit 75ea7a1.
|
|
|
|
|
| |
This code, added recently in 7d779b2, has been unnecessary since com-
mit 75ea7a1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is only part of #87708.
This fixes the + operator outside of any ‘use integer’ scope when the
same tied scalar is used for both operands and returns two different
values. Before this commit, get-magic would be called only once and
the same value used. In 5.12.x it just worked.
I tried modifying pp_eq throughout to take this case into account,
but it made the most common cases slightly slower, presumably because
of the extra checks. So this follows the same temp sv method that I
used for pp_add (in 4c3ac4b and 837c879), which, though slowing down
this edge cases due to the extra allocation, leaves the most common
cases just as fast. (And, in case my benchmarks were unreliably [not
unlikely], this method is also safer, as it has less chance of getting
different code paths wrong.)
|
|
|
|
|
|
|
| |
Allocating an extra SV for rare edge cases...er...only needs to be
done in those rare edge cases.
Uninitialized warnings are only supposed to be enabled when they are.
|
|
|
|
|
|
|
|
|
| |
This is just part of #87708.
This fixes the + operator outside of any ‘use integer’ when the same
tied scalar is used for both operands and returns two different val-
ues. Before this commit, get-magic would be called only once and the
same value used. In 5.12.x it worked.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to obscure closure and goto tricks, it's sometimes possible for the
array or hash in the LHS of 'my @a = ...' and 'my %h = ...' to be
non-empty. At compile-time, these conditions are detected and the assign
op is compiled with the OPpASSIGN_COMMON, making the assignment slower.
This commit speeds it up again by adding a run-time check to pp_aassign
to only do the OPpASSIGN_COMMON code-branch if the LHS isn't an empty
array or hash.
See also #70171.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported at nntp://nntp.perl.org/1298599236.4753.72.camel@p100 (and
respaced for readability):
#!perl5.12.0
$r=q/
print __FILE__;
local *dbline = $main::{"_<".__FILE__};
print $dbline[0]
/;
eval $r;'
__END__
(eval 1)
Bus error
This only seems to happen in non-threaded perls.
It can be reduced to this:
*d = *a; print $d[0];
The $d[0] is optimised into an aelemfast op (instead of the usual aelem
with an rv2av kid). pp_aelemfast is at fault, as evidenced by the fact
that this does not crash (the ${\...} prevents the optimisation):
*d = *a; print $d[${\0}];
pp_aelemfast uses GvAV instead of GvAVn. Usually $d[0] will autovivify
@d, but the glob assignment leaves $d[0] pointing to a glob (*d) with
no array. Then pp_alemfast passes a null pointer around.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Now that REGEX is actually a first-class SV type, we can taint
the regex SV directly, as well as the RV pointing to it.
This means that this now taints:
$rr = qr/$tainted/;
$r = $$r;
/$r/;
|
|
|
|
|
|
|
|
| |
If the match fails, don't bother to execute some code that prepares the
source and replacement strings for a substitution (e.g. matching
UTF8-ness).
(This is an enhancement to ff6e92e827a143094fdf3af374056b524759194b)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a re-implementation of the tainting code in pp_subst and
pp_substcont. Although this fixes many bugs, because its a de-novo rewrite
of the tainting parts of the code in those two functions, it's quite
possible that it breaks some existing tainting behaviour. It doesn't break
any existing tests, although it turns out that this area was severely
under-tested anyway.
The main bugs that this commit fixes are as follows, where:
T = a tainted value
L = pattern tainted by locale (e.g. use locale; s/\w//)
Happens both with and without 'use re taint' unless specified.
Happens with all modifiers (/g, /r etc) unless explicitly mentioned.
$1 unexpectedly untainted:
s/T//
T =~ s/// under use re 'taint'
original string unexpectedly untainted:
s/L//, s/L//g
return value unexpectedly untainted:
T =~ s///g under no re 'taint'
s/L//g, s/L//r
return value unexpectedly tainted:
s/T//
s//T/r under no re 'taint'
T =~ s/// under use re 'taint'
s//T/ under use re 'taint'
Also, with /ge, the original string becomes tainted as soon as possible
(usually in the second entry to the /e code block) rather than only at the
end, in code like
$orig =~ s/T/...code.../ge
The rationale behind the taintedness of the return value of s/// (in the
non /r case), is that a boolean value shouldn't be tainted. This
corresponds to the general perl tainting policy that boolean ops don't
return tainted values. On the other hand, when it returns an integer
(number of matches), that should be tainted.
A couple of note about the old tainting code this replaces: firstly, several
occurrences of the following were NOOPs, since rxtainted was U8 and the bit
being ored was > 256:
rxtainted |= RX_MATCH_TAINTED(rx)
secondly, removing a whole bunch of the following didn't make any
existing tests fail:
TAINT_IF(rxtainted & 1);
|
|
|
|
|
| |
'play_it_again:' was on column 0, which meant that most diff
utilities interpreted it as a function name.
|
|
|
|
|
| |
The last few commits have been working towards making two
blocks of code identical. Now it's payback time!
|
|
|
|
|
|
| |
This should leave things functionally unchanged.
This is another step in making two branches of code more identical
|