Don’t taint undef in reset

reset was tainting undef if the internal SV type happened to be SVt_PV
or higher.  This has got to have been a mistake.  Tainting undef or
what is known to be an empty string does not make sense, even in a
tainted expression.  Tainting it based on the internal type does not
make sense either, and results in inconsistencies in behaviour (taint
it if it *was* a string, even though it isn’t now, but not if it was a
number, unless that number was tied, or had pos() set, etc.).

This tainting has been here since perl 3.0 (commit a687059cb), which I
think was when tainting was introduced.

Applying the tainting based on the internal type has happened since
79072805bf6 (perl 5.0 alpha 2), which introduced different internal
SV types.

diff --git a/sv.c b/sv.c
index 3ccac3f..175940e 100644 (file)
--- a/sv.c
+++ b/sv.c
@@ -9150,9 +9150,6 @@ Perl_sv_resetpvn(pTHX_ const char *s, STRLEN len, HV * const stash)
                if (sv && !SvREADONLY(sv)) {
                    SV_CHECK_THINKFIRST_COW_DROP(sv);
                    SvOK_off(sv);
-                   if (SvTYPE(sv) >= SVt_PV) {
-                       SvTAINT(sv);
-                   }
                }
                if (GvAV(gv)) {
                    av_clear(GvAV(gv));

diff --git a/t/op/taint.t b/t/op/taint.t
index 834e664..b521408 100644 (file)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ BEGIN {
 use strict;
 use Config;
 
-plan tests => 797;
+plan tests => 798;
 
 $| = 1;
 
@@ -2351,6 +2351,11 @@ SKIP: {
     like($@, qr/Eval-group in insecure regular expression/, "tainted (?{})");
 }
 
+# reset() and tainted undef (?!)
+$::x = "foo";
+$_ = "$TAINT".reset "x";
+is eval { eval $::x.1 }, 1, 'reset does not taint undef';
+
 # This may bomb out with the alarm signal so keep it last
 SKIP: {
     skip "No alarm()"  unless $Config{d_alarm};