Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

SWIG and tainting

by w-ber (Hermit)
on Aug 20, 2008 at 15:17 UTC ( #705531=perlmeditation: print w/ replies, xml ) Need Help??

Dear monks,

I have been battling with annoying issues when developing a CGI script that uses C++ libraries through a SWIG layer. I am using the command-line options -Tw as well as use strict -- in other words, strictures and taint mode.

The C++ library in question defines overloaded methods for many classes (naturally). SWIG generates a dynamic dispatch version that simulates overloading in Perl. However, frequently execution of the script would die with No matching function for overloaded 'foo' at something.pm line X, where 'foo' is the name of the overloaded method. This error occurs when SWIG fails to find a match for the function signature, i.e. the given parameter list. Usually this is caused by a typecasting error, such as trying to supply a floating point number instead of an integer to the function. For example, to explicitly pass an integer, one can use 0 + $var.

In this case, I could not fathom why things would not work. There were problems even after casting integers to integers and strings to strings (using various methods for the latter, such as ''.$var, "$var", and sprintf("%s", $var)). Then I finally decided to take a closer look with Devel::Peek. What do I find? The variable in question is magic, because it's tainted.

The reason for this meditation is that I could not find any information about this on the Internet, nor here at PerlMonks. Searching for SWIG documentation for the C++ and Perl combination -- which I thought would be more popular -- yielded no relevant results. Searching with the error message provided links to various mailing lists and nodes that described similar, but different, issues, and contained solutions I had already tried. Data::Dumper and YAML happily print out the string in question, and give no indication it would be tainted. And Devel::Peek output can be opaque unless you know something about the VM.

This is clearly an issue with SWIG and missing support -- or rather error reporting -- for tainted data, but it certainly was frustrating.

(What was the solution? Untaint with e.g. ($var) = $var =~ m{(.*)}, or rather with a more specific regex. Read more in perlsec.)

--
print "Just Another Perl Adept\n";

Comment on SWIG and tainting
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://705531]
Approved by Arunbear
Front-paged by Tanktalus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (14)
As of 2014-07-25 14:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (172 votes), past polls