From gnat@frii.com

This program​:

  #!/usr/bin/perl -Tw

  sub test_tainted {
  my ($value, $name) = @​_;
  my $untainted = eval { ()=join("", @​_), kill 0 => 0 };
  print "$name is " . ($untainted ? "not " : "" ) . "tainted\n";
  }

  $tainted = $ENV{PATH}; # tainted
  $clean = "happy joy";

  @​foo = ($clean, $tainted, $clean);

  for ($i=0; $i < @​foo; $i++) {
  test_tainted($foo[$i], "\$foo[$i]");
  }

  $foo = {A => $clean, B => $tainted, C => $clean};
  for (keys %$foo) {
  test_tainted($foo->{$_}, "\$foo->{$_}");
  }

produces this output on 5.6.0​:

$foo[0] is not tainted
$foo[1] is tainted
$foo[2] is not tainted
$foo->{A} is not tainted
$foo->{B} is tainted
$foo->{C} is tainted

notice that the two identical lists behave differently when used as
contents of an array or as contents of a hash. On 5.005_03 it did
something differently wrong :-)

$foo[0] is tainted
$foo[1] is tainted
$foo[2] is tainted
$foo->{A} is tainted
$foo->{B} is tainted
$foo->{C} is tainted

Both seem odd :-) This came up when creating a hash as an object.
The tainting goes from the tainted value to the end of the contents,
and this wrongly tainted some innocent values. Tracking it down was
a major pain in the ass. I don't think tainting should spread like
this.

Nat

From @iabyn

this bug appears to be fixed in 5.6.1

Regards,

Dave M.

@iabyn - Status changed from 'open' to 'resolved'