Ok, you convinced me. I always thought the eval I put around these constructs
took care of evil user input, but reading your post and checking teaches me
that bad expressions are indeed fatal. So I'll just stop using that particular
Which leads me to: why are they fatal ? (More out of curiosity, making them not
fatal would indeed solve ?e, since Ilya wants to make them taint checked, but
it wouldn't solve the easily written out of memory regex).
Sorry for following up to myself here.
My quick test was wrong, eval DOES of course catch bad regexes (I really had to
rerun my quick test since it was so contrary to my understanding of perl)
The "out of memory" regex argument still convinces me that I shouldn't let
user provide regexes.
So for my programs, I don't mind (?e...), but I can imagine there's people
out there that don't have an eval wrapped around it, and instead of crashing
their programs evil users can now execute arbitrary code, so an x modifier
might still be a good idea before allowing (?e..)