don't taint $$ determined by getpid()

Reading $$ in a tainted expression was tainting the internal sv_setiv() on $$. Since the value being set came directly from getpid(), it's always safe, so override the tainting there. Fixes [perl #109688].
2026-01-27 01:44:43 +00:00 · 2012-02-25 20:32:09 +00:00 · 2012-02-25 20:32:09 +00:00 · 19db9fb721
commit 19db9fb721
parent e0f138939a
2 changed files with 12 additions and 2 deletions
--- a/mg.c
+++ b/mg.c
@ -1079,9 +1079,12 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
    case '$': /* $$ */
 	{
 	    IV const pid = (IV)PerlProc_getpid();
-	    if (isGV(mg->mg_obj) || SvIV(mg->mg_obj) != pid)
+	    if (isGV(mg->mg_obj) || SvIV(mg->mg_obj) != pid) {
 		/* never set manually, or at least not since last fork */
 		sv_setiv(sv, pid);
+		/* never unsafe, even if reading in a tainted expression */
+		SvTAINTED_off(sv);
+	    }
 	    /* else a value has been assigned manually, so do nothing */
 	}
 	break;
--- a/t/op/taint.t
+++ b/t/op/taint.t
@ -17,7 +17,7 @@ BEGIN {
 use strict;
 use Config;

-plan tests => 791;
+plan tests => 793;

 $| = 1;

@ -2176,6 +2176,13 @@ for(1,2) {
 }
 pass("no death when TARG of ref is tainted");

+# $$ should not be tainted by being read in a tainted expression.
+{
+    isnt_tainted $$, "PID not tainted initially";
+    my $x = $ENV{PATH}.$$;
+    isnt_tainted $$, "PID not tainted when read in tainted expression";
+}
+
 {
    use feature 'fc';
    use locale;