chicken-hackers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-hackers] CHICKEN in production


From: Michele La Monaca
Subject: Re: [Chicken-hackers] CHICKEN in production
Date: Mon, 13 Oct 2014 16:22:57 +0200

On Mon, Oct 13, 2014 at 2:39 PM, Peter Bex <address@hidden> wrote:
> On Mon, Oct 13, 2014 at 02:35:54PM +0200, Michele La Monaca wrote:
>> I must confess I didn't read the entire thread. But, what exactly buys
>> us barring NUL in strings other than limiting the usefulness of the
>> type and its powerful API (while breaking a lot of things along the
>> way)? Also, NUL is a valid UTF-8 character.
>
> It is also a valid UTF-8 character.  The issue at hand is protection
> against injection of NUL characters which causes the string to be
> implemented differently by C (which uses NUL as an in-band control
> character to mark end of string).  Only bad languages stupidly pass
> on strings with embedded NUL characters straight to C.
>
> I've written extensively about such bugs on my blog.  See for example
> http://www.more-magic.net/posts/lessons-learned-from-nul-byte-bugs.html

Good one.  Anyway, I find that perpetuating C limitations/missteps in
higher level languages just because we can't be sure to handle
interactions safely, sounds like surrendering without fighting.

In case, shouldn't such a change deserve a CR?

Regards,
Michele



reply via email to

[Prev in Thread] Current Thread [Next in Thread]