Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140727180041.GA4038@brightrain.aerifal.cx>
Date: Sun, 27 Jul 2014 14:00:41 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Non-stub gettext API functions committed, ready for
 testing

On Sun, Jul 27, 2014 at 07:51:26PM +0200, Szabolcs Nagy wrote:
> > >From what I can tell, that's not so bad. Anyone feel like writing an
> > expression evaluator for it? I think recursive descent is fine as long
> > as the length of the string being evaluated is capped at a sane length
> > (or just keep a depth counter and abort the evaluation if it exceeds
> > some reasonable limit).
> > 
> 
> i can try

OK. Some thoughts on implementation: It should probably accept the
expression as a base+length rather than a C string so it can be used
in-place from within the mo file "header" (this design might help for
recursion anyway I suppose). And it should be safe against malicious
changes to the expression during evaluation (at worst give wrong
results or error out rather than risk of stack overflow, out-of-bounds
reads, etc.) since I'm aiming to make the whole system safe against
malicious translation files (assuming the caller doesn't use the
results in unsafe ways like as a format string).

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.