check-banned FAILED: Malformed UTF-8 character

Mark Martinec Mark.Martinec+amavis at
Thu Apr 5 02:19:19 CEST 2012

> A manifestation of the Perl bug #32687:
>   Encode::is_utf8 on tainted UTF8 string returns false
> [...]
> Please try the attached patch, it avoids testing Encode::is_utf8
> and just calls safe_encode() unconditionally.

While investigating this issue I became aware of another
bug in the perl module Encode, still unfixed in Encode 2.44
(and perl 5.14.2):

It gratuitously untaints a string when encoding or decoding it.
The bug report is classified as 'wish', although I'd call it
'serious' and 'security'.

I'll provide a workaround by a rewrite of my safe_encode and
safe_decode. To appear soon in a bug-fix release 2.7.1 .


More information about the amavis-users mailing list