Front page | perl.perl5.porters |
Postings from August 2017
On 08/12/2017 09:19 AM, Leon Timmermans wrote: > On Fri, Aug 11, 2017 at 3:02 AM, Father Chrysostomos <sprout@cpan.org > <mailto:sprout@cpan.org>> wrote: > > Karl Williamson wrote: > > I'm thinking we should go through embed.fnc looking for these > parameter > > types that are specifying lengths, and change them, even if these > are in > > the public API. Aren't these are segfaults and DOS attacks > waiting to > > happen? > > > > Zefram said we did something similar a while back with array indices. > > > > I'm unsure of the implications for modules that can work on > earlier perls. > > The main problem to watch out for is I32 pointers. I32* parameters > cannot be changed without really breaking things. > > Also, be aware that not every use of I32 is bad. > > > Fortunately, we have very few of those in the API. hv_iterkey is the > only one that looks problematic to me. > > Leon It was unclear to me what Leon meant, but he means there are very few I32* or U32* parameters (or returns) in the public API. Here's a complete list of ones I think might be problematical: Anp |char* |delimcpy |NN char* to|NN const char* toend|NN const char* from |NN const char* fromend|int delim|NN I32* retlen np |char* |delimcpy_no_escape|NN char* to|NN const char* toend |NN const char* from |NN const char* fromend|int delim |NN I32* retlen ApdR |char* |hv_iterkey |NN HE* entry|NN I32* retlen ApdR |SV* |hv_iternextsv |NN HV *hv|NN char **key|NN I32 *retlen Ap |I32 * |markstack_grow Apd |void |sv_pos_u2b |NULLOK SV *const sv|NN I32 *const offsetp|NULLOK I32 *const lenp Apd |void |sv_pos_b2u |NULLOK SV *const sv|NN I32 *const offsetp ApdR |CV* |find_runcv |NULLOK U32 *db_seqp pR |CV* |find_runcv_where|U8 cond|IV arg |NULLOK U32 *db_seqp ApoR |I32* |hv_riter_p |NN HV *hvThread Previous | Thread Next