-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mysterious place for an insecure dependency error #14059
Comments
From @rcaputoCreated by @rcaputoI have a Perl one-liner that fails for "Insecure dependency in It mystified Matt Trout on freenode #perl, and everyone on TUNING_KNOB=0 perl -T -wle 'use warnings; The odd place is after "4" is printed and before "OK". It's as if Setting TUNING_KNOB=1 also invokes the insecure dependency. Omitting TUNING_KNOB entirely, eliminates the error. It may be a case Perl Info
|
From @cpansproutOn Sun Aug 31 11:35:47 2014, rcaputo2 wrote:
That’s not mystifying at all. :-) Taintedness is reset at the start of execution of each statement. So if we are not executing any statements, the taintedness that results when the compiler reads KNOB to fold the ‘if KNOB’ expression extends much further than it should, causing ‘use’ to fail. I don’t know why the BEGIN{ print 4 } doesn’t clean it, but I imagine it’s saving and restoring state, including taintedness. I might have it fixed today. -- Father Chrysostomos |
The RT System itself - Status changed from 'new' to 'open' |
From @cpansproutOn Sun Aug 31 13:33:38 2014, sprout wrote:
No, actually ‘use’ *does* execute a nextstate op. It’s just that the scalar containing ‘strict.pm’ is *created* when taintedness is still in the air. -- Father Chrysostomos |
From @cpansproutFixed in 64ff300. -- Father Chrysostomos |
@cpansprout - Status changed from 'open' to 'pending release' |
From @cpansproutOn Sun Aug 31 14:46:14 2014, sprout wrote:
I’ve just noticed that a fix for the test added by 64ff300 is listed in Porting/cherry-pick-votes-maint-5.20.xml on the maint-5.20-votes branch: <commit votes="steveh" id="eaff586aa6444fb20654ed863b7ff35e136737e8" ticket="" desc="Fix t/op/taint.t on Windows"/> But the commit that added the test is not. This is, however, a regression from an earlier version of perl (5.8.8), so 64ff300 could be a candidate for 5.20.2. And it’s a pretty annoying and baffling bug, too. -- Father Chrysostomos |
From [Unknown Contact. See original ticket]On Sun Aug 31 14:46:14 2014, sprout wrote:
I’ve just noticed that a fix for the test added by 64ff300 is listed in Porting/cherry-pick-votes-maint-5.20.xml on the maint-5.20-votes branch: <commit votes="steveh" id="eaff586aa6444fb20654ed863b7ff35e136737e8" ticket="" desc="Fix t/op/taint.t on Windows"/> But the commit that added the test is not. This is, however, a regression from an earlier version of perl (5.8.8), so 64ff300 could be a candidate for 5.20.2. And it’s a pretty annoying and baffling bug, too. -- Father Chrysostomos |
From @steve-m-hayOn Sat Dec 06 17:42:42 2014, sprout wrote:
Thanks, I've added 64ff300 to the list of proposed commits. |
From Mark.Martinec@ijs.siCreated by Mark.Martinec@ijs.siThe following program: use strict; yields: This is possibly related to [perl #122669], Regardless, seems prudent to localize $1, $2 and $3 Perl Info
|
From @khwilliamsonThanks for submitting this ticket The issue should be resolved with the release today of Perl v5.22. If you find that the problem persists, feel free to reopen this ticket -- |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#122669 (status was 'resolved')
Searchable as RT122669$
The text was updated successfully, but these errors were encountered: