bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19565: Emacs vulnerable to endless-data attack (minor)

From: Lars Ingebrigtsen
Subject: bug#19565: Emacs vulnerable to endless-data attack (minor)
Date: Tue, 08 Oct 2019 18:27:15 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) 
Eli Zaretskii <eliz@gnu.org> writes:

> I think this must be in terms of bytes/sec, not just bytes.  E.g., I
> have a spell-checker active during my entire Emacs session (which
> could go on for weeks and months on end), and I don't want to get a
> prompt just because the number of bytes that went in that pipe becomes
> above the threshold.  We may also need to measure the growth of the
> Emacs memory footprint during that time, because if Emacs reads bytes
> and discards them, it isn't going to be a problem, right?

Yeah, that's true -- a counter wouldn't help at all here.

Would checking the size of the `process-buffer' of the process be more
helpful?  It might be a somewhat unnatural thing to do -- Emacs doesn't
give you a warning if you say

(dotimes (i 100000000) (insert (make-string 80 ?a)))

so perhaps that's not a good heuristic, either.

So bytes/sec, as you suggest, may be the best heuristic.  But it should
only kick in after having received a large number of bytes, probably.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
reply via email to
[Prev in Thread] Current Thread [Next in Thread]