taint REGEX SVs as well as refs to them

Now that REGEX is actually a first-class SV type, we can taint
the regex SV directly, as well as the RV pointing to it.

This means that this now taints:

    $rr = qr/$tainted/;
    $r = $$r;
    /$r/;

diff --git a/pp_ctl.c b/pp_ctl.c
index 7ff109f..f5a7a48 100644 (file)
--- a/pp_ctl.c
+++ b/pp_ctl.c
@@ -240,8 +240,10 @@ PP(pp_regcomp)
 
 #ifndef INCOMPLETE_TAINTS
     if (PL_tainting) {
-       if (PL_tainted)
+       if (PL_tainted) {
+           SvTAINTED_on((SV*)re);
            RX_EXTFLAGS(re) |= RXf_TAINTED;
+       }
        else
            RX_EXTFLAGS(re) &= ~RXf_TAINTED;
     }

diff --git a/pp_hot.c b/pp_hot.c
index 4fb5f01..e452f07 100644 (file)
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -1235,8 +1235,10 @@ PP(pp_qr)
        (void)sv_bless(rv, stash);
     }
 
-    if (RX_EXTFLAGS(rx) & RXf_TAINTED)
+    if (RX_EXTFLAGS(rx) & RXf_TAINTED) {
         SvTAINTED_on(rv);
+        SvTAINTED_on(SvRV(rv));
+    }
     XPUSHs(rv);
     RETURN;
 }

diff --git a/t/op/taint.t b/t/op/taint.t
index dcec7aa..c2ab75d 100644 (file)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ use Config;
 use File::Spec::Functions;
 
 BEGIN { require './test.pl'; }
-plan tests => 684;
+plan tests => 687;
 
 $| = 1;
 
@@ -2176,6 +2176,18 @@ end
     ok( ! tainted($z), "Constants folded value not tainted");
 }
 
+{
+    # now that regexes are first class SVs, make sure that they themselves
+    # as well as references to them are tainted
+
+    my $rr = qr/(.)$TAINT/;
+    my $r = $$rr; # bare REGEX
+    my $s ="abc";
+    ok($s =~ s/$r/x/, "match bare regex");
+    ok(tainted($s), "match bare regex taint");
+    is($s, 'xbc', "match bare regex taint value");
+}
+
 # This may bomb out with the alarm signal so keep it last
 SKIP: {
     skip "No alarm()"  unless $Config{d_alarm};