From: William Lovas <wlovas@stwing.upenn.edu>
To: caml-list@inria.fr
Subject: Re: FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data)
Date: Wed, 5 Oct 2005 19:20:29 -0400 [thread overview]
Message-ID: <20051005232029.GA4975@coruscant.stwing.upenn.edu> (raw)
In-Reply-To: <20051005134552.GA1042@first.in-berlin.de>
On Wed, Oct 05, 2005 at 03:45:52PM +0200, Oliver Bandel wrote:
> So, the typical "out of bounds" and "format string" problems
> are typical security risks.
> (Btw: is OCaml's format-string stuff from the Printf-module save in
> this respect?!)
As far as i understand the "format string" bugs, they arise when a
programmer writes a call to printf whose first argument comes from
user input. In O'Caml the various *printf functions require their
first argument to have type "('a, 'b, 'c) format", for some values
of 'a, 'b, and 'c. As far as i can tell there's no way to produce
a value of this type from user input, so O'Caml should be safe.
In fact, there might even be a better reason O'Caml is safe, like
that it doesn't automatically keep looking for arguments until it
runs out of %expandos, but rather it just produces a closure that
can be applied to more arguments later. But this is just a guess,
based on a quick 5-minute perusal of the O'Caml standard library.
cheers,
William
next prev parent reply other threads:[~2005-10-05 23:20 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-05 13:45 Oliver Bandel
2005-10-05 23:20 ` William Lovas [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-10-03 20:03 Ant: Re: Ant: Re: Ant: Re: [Caml-list] Avoiding shared data Martin Chabr
2005-10-04 2:53 ` skaller
2005-10-04 16:15 ` Brian Hurt
2005-10-04 16:47 ` FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data) Oliver Bandel
2005-10-04 22:38 ` Michael Wohlwend
2005-10-05 0:31 ` Jon Harrop
2005-10-04 22:39 ` Christopher A. Watford
2005-10-04 23:14 ` Jon Harrop
2005-10-05 12:10 ` Oliver Bandel
2005-10-05 13:08 ` Jon Harrop
2005-10-05 15:28 ` skaller
2005-10-05 0:45 ` Brian Hurt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051005232029.GA4975@coruscant.stwing.upenn.edu \
--to=wlovas@stwing.upenn.edu \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).