Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

SWIG and tainting

by vrk (Chaplain)
on Aug 20, 2008 at 15:17 UTC ( #705531=perlmeditation: print w/replies, xml ) Need Help??

Dear monks,

I have been battling with annoying issues when developing a CGI script that uses C++ libraries through a SWIG layer. I am using the command-line options -Tw as well as use strict -- in other words, strictures and taint mode.

The C++ library in question defines overloaded methods for many classes (naturally). SWIG generates a dynamic dispatch version that simulates overloading in Perl. However, frequently execution of the script would die with No matching function for overloaded 'foo' at line X, where 'foo' is the name of the overloaded method. This error occurs when SWIG fails to find a match for the function signature, i.e. the given parameter list. Usually this is caused by a typecasting error, such as trying to supply a floating point number instead of an integer to the function. For example, to explicitly pass an integer, one can use 0 + $var.

In this case, I could not fathom why things would not work. There were problems even after casting integers to integers and strings to strings (using various methods for the latter, such as ''.$var, "$var", and sprintf("%s", $var)). Then I finally decided to take a closer look with Devel::Peek. What do I find? The variable in question is magic, because it's tainted.

The reason for this meditation is that I could not find any information about this on the Internet, nor here at PerlMonks. Searching for SWIG documentation for the C++ and Perl combination -- which I thought would be more popular -- yielded no relevant results. Searching with the error message provided links to various mailing lists and nodes that described similar, but different, issues, and contained solutions I had already tried. Data::Dumper and YAML happily print out the string in question, and give no indication it would be tainted. And Devel::Peek output can be opaque unless you know something about the VM.

This is clearly an issue with SWIG and missing support -- or rather error reporting -- for tainted data, but it certainly was frustrating.

(What was the solution? Untaint with e.g. ($var) = $var =~ m{(.*)}, or rather with a more specific regex. Read more in perlsec.)

print "Just Another Perl Adept\n";

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://705531]
Approved by Arunbear
Front-paged by Tanktalus
[LanX]: morning
marto waves
[Discipulus]: if you prepend 'good' to this mere part of the day you get a in good morning LanX
[LanX]: good
[LanX]: ;-p

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2018-02-20 10:35 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (268 votes). Check out past polls.