2014-08-29 16:01 GMT-03:00 Peter Bex <peter....@xs4all.nl>: > On Fri, Aug 29, 2014 at 10:50:31PM +0400, Oleg Kolosov wrote: > > On 08/23/14 19:35, Peter Bex wrote: > > > I've made a start on the wiki, at what we'd like CHICKEN 5 to be about. > > > > I've remembered one more thing: why not stick the terminating '\0' at > > the end of all strings in internal representation? This looks pretty > > harmless but could make some common FFI uses a breeze. > > We should only do that when the \0 is rejected up front inside strings. > Right now, \0 is allowed in a string and if you pass it to a C function, > it is detected and an exception is raised. Doing it with the current > system wouldn't buy us anything, and would just make potential misuse > more attractive, because a user would be tempted to just pass the > string's internal buffer directly to the C API "for performance". > This would then open up a can of worms containing plenty of potential > vulnerabilities. > > Cheers, > Peter > -- > http://www.more-magic.net >
Peter, I remember you wrote about this on 2012, right? http://www.more-magic.net/posts/lessons-learned-from-nul-byte-bugs.html
_______________________________________________ Chicken-hackers mailing list Chicken-hackers@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-hackers
