Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re^6: Hash key composition with a comma?

by choroba (Archbishop)
on Mar 18, 2018 at 09:46 UTC ( #1211179=note: print w/replies, xml ) Need Help??

in reply to Re^5: Hash key composition with a comma?
in thread Hash key composition with a comma?

Not sure if believable, but imagine
my $k1a = "a$;b"; my $k1b = 'c'; my $k2a = 'a'; my $k2b = "b$;c"; $multi{$k1a, $k1b} = 1; $multi{$k2a, $k2b} = 2; print $multi{$k1a, $k1b}; # 2!!
($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord }map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,

Replies are listed 'Best First'.
Re^7: Hash key composition with a comma?
by LanX (Cardinal) on Mar 18, 2018 at 10:16 UTC
    Yes that's pretty much the example I came up with, only after thinking hard.

    "Karl-Heinz Urban" and "Karl Heinz-Urban" would get the same entry for $age{$first,$family} if $; was "-" and consequently a Hollywood actor would change age. (This never happens normally ;)

    But you first need to construct such a collision which results in data loss.

    Intuition (and AM) says "one injected delimiter and it breaks" like $b='x"y';eval qq {$a="$b"} breaks.

    But that's not the case, you need a coincidence where both keys are polluted in a very specific way.

    And a hash with polluted entries will continue to work normally as long as Mr "Heinz-Urban" doesn't show up.

    I'd like to see a more believable scenario.

    NB: Of course I wouldn't allow polluted keys in the first way.

    Cheers Rolf
    (addicted to the Perl Programming Language and ☆☆☆☆ :)
    Wikisyntax for the Monastery

    PS : AM is thanking you for doing his "homework"! ;)

Re^7: Hash key composition with a comma?
by sauoq (Abbot) on Mar 18, 2018 at 17:17 UTC

    I haven't researched this, but a coworker just suggested to me that a credible cause of this in the wild might be some unicode pollution in input expected to be ascii.

    If she's right, perhaps it's not so far-fetched.

    "My two cents aren't worth a dime.";
      I'm not sure about other encodings, but in UTF-8, all non-ASCII characters are represented by bytes > x7F, so x1c can't occur.
      ($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord }map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1211179]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (2)
As of 2020-10-27 03:11 GMT
Find Nodes?
    Voting Booth?
    My favourite web site is:

    Results (255 votes). Check out past polls.