Fix for RT #52552.

This patch only taints for pack('a'/'A') which was the original bug. I
guess the previous behaviour (pre-5.10.0) tainted on all tainted input.
That more general behaviour may be recoverable - not sure what we want.

diff --git a/pp_pack.c b/pp_pack.c
index 31cc8eb..72a9666 100644 (file)
--- a/pp_pack.c
+++ b/pp_pack.c
@@ -2798,6 +2798,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist )
            }
            memset(cur, datumtype == 'A' ? ' ' : '\0', len);
            cur += len;
+           SvTAINT(cat);
            break;
        }
        case 'B':

diff --git a/t/op/taint.t b/t/op/taint.t
index 01ab368..0ac02a6 100644 (file)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ use Config;
 use File::Spec::Functions;
 
 BEGIN { require './test.pl'; }
-plan tests => 298;
+plan tests => 301;
 
 $| = 1;
 
@@ -1303,6 +1303,19 @@ foreach my $ord (78, 163, 256) {
     }
 }
 
+# Bug RT #52552 - broken by change at git commit id f337b08
+{
+    my $x = $TAINT. q{print "Hello world\n"};
+    my $y = pack "a*", $x;
+    ok(tainted($y), "pack a* preserves tainting");
+
+    my $z = pack "A*", q{print "Hello world\n"}.$TAINT;
+    ok(tainted($z), "pack A* preserves tainting");
+
+    my $zz = pack "a*a*", q{print "Hello world\n"}, $TAINT;
+    ok(tainted($zz), "pack a*a* preserves tainting");
+}
+
 # This may bomb out with the alarm signal so keep it last
 SKIP: {
     skip "No alarm()"  unless $Config{d_alarm};