reset was tainting undef if the internal SV type happened to be SVt_PV
or higher. This has got to have been a mistake. Tainting undef or
what is known to be an empty string does not make sense, even in a
tainted expression. Tainting it based on the internal type does not
make sense either, and results in inconsistencies in behaviour (taint
it if it *was* a string, even though it isn’t now, but not if it was a
number, unless that number was tied, or had pos() set, etc.).
This tainting has been here since perl 3.0 (commit
a687059cb), which I
think was when tainting was introduced.
Applying the tainting based on the internal type has happened since
79072805bf6 (perl 5.0 alpha 2), which introduced different internal
SV types.
if (sv && !SvREADONLY(sv)) {
SV_CHECK_THINKFIRST_COW_DROP(sv);
SvOK_off(sv);
- if (SvTYPE(sv) >= SVt_PV) {
- SvTAINT(sv);
- }
}
if (GvAV(gv)) {
av_clear(GvAV(gv));
use strict;
use Config;
-plan tests => 797;
+plan tests => 798;
$| = 1;
like($@, qr/Eval-group in insecure regular expression/, "tainted (?{})");
}
+# reset() and tainted undef (?!)
+$::x = "foo";
+$_ = "$TAINT".reset "x";
+is eval { eval $::x.1 }, 1, 'reset does not taint undef';
+
# This may bomb out with the alarm signal so keep it last
SKIP: {
skip "No alarm()" unless $Config{d_alarm};