/ 
perl-5.40.1
⭐ Starred 2013
/ utf8::all
Security Advisories (2)
CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

NAME

utf8::all - turn on Unicode - all of it

VERSION

version 0.010

SYNOPSIS

use utf8::all; # Turn on UTF-8. All of it.

open my $in, '<', 'contains-utf8';  # UTF-8 already turned on here
print length 'føø bār';             # 7 UTF-8 characters
my $utf8_arg = shift @ARGV;         # @ARGV is UTF-8 too!

DESCRIPTION

utf8 allows you to write your Perl encoded in UTF-8. That means UTF-8 strings, variable names, and regular expressions. utf8::all goes further, and makes @ARGV encoded in UTF-8, and filehandles are opened with UTF-8 encoding turned on by default (including STDIN, STDOUT, STDERR), and charnames are imported so \N{...} sequences can be used to compile Unicode characters based on names. If you don't want UTF-8 for a particular filehandle, you'll have to set binmode $filehandle.

The pragma is lexically-scoped, so you can do the following if you had some reason to:

{
    use utf8::all;
    open my $out, '>', 'outfile';
    my $utf8_str = 'føø bār';
    print length $utf8_str, "\n"; # 7
    print $out $utf8_str;         # out as utf8
}
open my $in, '<', 'outfile';      # in as raw
my $text = do { local $/; <$in>};
print length $text, "\n";         # 10, not 7!

INTERACTION WITH AUTODIE

If you use autodie, which is a great idea, you need to use at least version 2.12, released on June 26, 2012. Otherwise, autodie obliterates the IO layers set by the open pragma. See RT #54777 and GH #7.

AVAILABILITY

The project homepage is http://metacpan.org/release/utf8-all/.

The latest version of this module is available from the Comprehensive Perl Archive Network (CPAN). Visit http://www.perl.com/CPAN/ to find a CPAN site near you, or see https://metacpan.org/module/utf8::all/.

SOURCE

The development version is on github at http://github.com/doherty/utf8-all and may be cloned from git://github.com/doherty/utf8-all.git

BUGS AND LIMITATIONS

You can make new bug reports, and view existing ones, through the web interface at https://github.com/doherty/utf8-all/issues.

AUTHORS

  • Michael Schwern <mschwern@cpan.org>

  • Mike Doherty <doherty@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2009 by Michael Schwern <mschwern@cpan.org>.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.