perlmeditation w-ber <p>Dear monks,</p> <p> I have been battling with annoying issues when developing a CGI script that uses C++ libraries through a <a href="http://www.swig.org">SWIG</a> layer. I am using the command-line options <code>-Tw</code> as well as <code>use strict</code> -- in other words, strictures and taint mode. </p> <p> The C++ library in question defines overloaded methods for many classes (naturally). SWIG generates a dynamic dispatch version that simulates overloading in Perl. However, frequently execution of the script would die with <code>No matching function for overloaded 'foo' at something.pm line X</code>, where 'foo' is the name of the overloaded method. This error occurs when SWIG fails to find a match for the function signature, i.e. the given parameter list. Usually this is caused by a typecasting error, such as trying to supply a floating point number instead of an integer to the function. For example, to explicitly pass an integer, one can use <code>0 + $var</code>. </p> <p> In this case, I could not fathom why things would not work. There were problems even after casting integers to integers and strings to strings (using various methods for the latter, such as <code>''.$var</code>, <code>"$var"</code>, and <code>sprintf("%s", $var)</code>). Then I finally decided to take a closer look with [cpan://Devel::Peek]. What do I find? The variable in question is magic, because it's tainted. </p> <p> The reason for this meditation is that I could not find any information about this on the Internet, nor here at PerlMonks. Searching for SWIG documentation for the C++ and Perl combination -- which I thought would be more popular -- yielded no relevant results. Searching with the error message provided links to various mailing lists and nodes that described similar, but different, issues, and contained solutions I had already tried. [cpan://Data::Dumper] and [cpan://YAML] happily print out the string in question, and give no indication it would be tainted. And [cpan://Devel::Peek] output can be opaque unless you know something about the VM. </p> <p> This is clearly an issue with SWIG and missing support -- or rather error reporting -- for tainted data, but it certainly was frustrating. </p> <p> (What was the solution? Untaint with e.g. <code>($var) = $var =~ m{(.*)}</code>, or rather with a more specific regex. Read more in [perlsec].) </p> <div class="pmsig"> <div class="pmsig-399589"> <p> -- <br> print "Just Another [href://http://prometheus.frii.com/~gnat/yapc/2000-stages/slide25.html|Perl Adept]\n"; </p> </div> </div>