chicken-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-hackers] Made a start with CHICKEN 5 proposal

From: Arthur Maciel
Subject: Re: [Chicken-hackers] Made a start with CHICKEN 5 proposal
Date: Fri, 29 Aug 2014 16:11:21 -0300
2014-08-29 16:01 GMT-03:00 Peter Bex <address@hidden>:
On Fri, Aug 29, 2014 at 10:50:31PM +0400, Oleg Kolosov wrote:
> On 08/23/14 19:35, Peter Bex wrote:
> > I've made a start on the wiki, at what we'd like CHICKEN 5 to be about.
>
> I've remembered one more thing: why not stick the terminating '\0' at
> the end of all strings in internal representation? This looks pretty
> harmless but could make some common FFI uses a breeze.

We should only do that when the \0 is rejected up front inside strings.
Right now, \0 is allowed in a string and if you pass it to a C function,
it is detected and an exception is raised.  Doing it with the current
system wouldn't buy us anything, and would just make potential misuse
more attractive, because a user would be tempted to just pass the
string's internal buffer directly to the C API "for performance".
This would then open up a can of worms containing plenty of potential
vulnerabilities.

Cheers,
Peter
--
http://www.more-magic.net

Peter, I remember you wrote about this on 2012, right?

http://www.more-magic.net/posts/lessons-learned-from-nul-byte-bugs.html
 
reply via email to
[Prev in Thread] Current Thread [Next in Thread]