|
Message-ID: <20140727180041.GA4038@brightrain.aerifal.cx> Date: Sun, 27 Jul 2014 14:00:41 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: Non-stub gettext API functions committed, ready for testing On Sun, Jul 27, 2014 at 07:51:26PM +0200, Szabolcs Nagy wrote: > > >From what I can tell, that's not so bad. Anyone feel like writing an > > expression evaluator for it? I think recursive descent is fine as long > > as the length of the string being evaluated is capped at a sane length > > (or just keep a depth counter and abort the evaluation if it exceeds > > some reasonable limit). > > > > i can try OK. Some thoughts on implementation: It should probably accept the expression as a base+length rather than a C string so it can be used in-place from within the mo file "header" (this design might help for recursion anyway I suppose). And it should be safe against malicious changes to the expression during evaluation (at worst give wrong results or error out rather than risk of stack overflow, out-of-bounds reads, etc.) since I'm aiming to make the whole system safe against malicious translation files (assuming the caller doesn't use the results in unsafe ways like as a format string). Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.