develooper Front page | perl.perl5.porters | Postings from November 2017

RFC: make utf16 to/from utf8 functions private to the core

Thread Next
Karl Williamson
November 10, 2017 02:05
RFC: make utf16 to/from utf8 functions private to the core
Message ID:
These functions are not listed in the public API, though they are 
accessible from anywhere.  They are not used in CPAN.

I propose to mark them as core-only, so they can't be used (without 
skulduggery) outside it.  The reason is that I think a better API should 
be created.  The problem is that the caller now is supposed to know the 
worst case buffer size, preallocate that, and the function blindly 
assumes this has been done, so if it hasn't out-of-bounds writes are 
possible.   Worse, the documentation, until a very recent commit I made, 
specified too small a size, one which would overflow in the worst case 
(though only on EBCDIC platforms).  (That documentation, since these 
aren't in the public API) is in the form of comments at the function source.

It is a potential security hole to allow this.  That's why we use 
strlcpy() instead of strcpy(), and have changed the other Unicode 
functions to pass in a length.

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About