You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucy.apache.org by Marvin Humphrey <ma...@rectangular.com> on 2013/09/13 06:12:55 UTC

[lucy-dev] Deserializing and trust

On Thu, Sep 5, 2013 at 3:11 PM,  <nw...@apache.org> wrote:
> Eliminate mutable String in Util::Freezer

> Project: http://git-wip-us.apache.org/repos/asf/lucy/repo
> Commit: http://git-wip-us.apache.org/repos/asf/lucy/commit/cfea9e61
> Tree: http://git-wip-us.apache.org/repos/asf/lucy/tree/cfea9e61
> Diff: http://git-wip-us.apache.org/repos/asf/lucy/diff/cfea9e61

>      Hash_init(hash, size);
>
>      // Read key-value pairs with String keys.
>      while (num_strings--) {
>          uint32_t len = InStream_Read_C32(instream);
> -        char *key_buf = Str_Grow(key, len);
> +        char *key_buf = (char*)MALLOCATE(len + 1);
>          InStream_Read_Bytes(instream, key_buf, len);
>          key_buf[len] = '\0';
> -        Str_Set_Size(key, len);
> +        String *key = Str_new_steal_from_trusted_str(key_buf, len, len + 1);
>          Hash_Store(hash, (Obj*)key, THAW(instream));
> +        DECREF(key);
>      }

When reading the key, we should use a constructor which validates incoming
UTF-8 rather than Str_new_steal_from_trusted_str because we don't know (and
therefore don't "trust") the origin of the bytes we're deserializing.

Marvin Humphrey

Re: [lucy-dev] Deserializing and trust

Posted by Marvin Humphrey <ma...@rectangular.com>.

On Fri, Sep 13, 2013 at 3:38 AM, Nick Wellnhofer <we...@aevum.de> wrote:
> Now that the code pattern above appears in quite a few places, we should
> also consider a new method like:
>
> incremented String*
> InStream_Read_Utf8(InStream *self, size_t len);

+1

I'd name that second parameter "size" since we use "size" to refer to memory
dimensions more often and "length"/"len" more often to refer to a count of
logical characters or code points (though not exclusively).

Marvin Humphrey

Re: [lucy-dev] Deserializing and trust

Posted by Nick Wellnhofer <we...@aevum.de>.

On 13/09/2013 06:12, Marvin Humphrey wrote:
> On Thu, Sep 5, 2013 at 3:11 PM,  <nw...@apache.org> wrote:
>>       // Read key-value pairs with String keys.
>>       while (num_strings--) {
>>           uint32_t len = InStream_Read_C32(instream);
>> -        char *key_buf = Str_Grow(key, len);
>> +        char *key_buf = (char*)MALLOCATE(len + 1);
>>           InStream_Read_Bytes(instream, key_buf, len);
>>           key_buf[len] = '\0';
>> -        Str_Set_Size(key, len);
>> +        String *key = Str_new_steal_from_trusted_str(key_buf, len, len + 1);
>>           Hash_Store(hash, (Obj*)key, THAW(instream));
>> +        DECREF(key);
>>       }
>
> When reading the key, we should use a constructor which validates incoming
> UTF-8 rather than Str_new_steal_from_trusted_str because we don't know (and
> therefore don't "trust") the origin of the bytes we're deserializing.

+1

Now that the code pattern above appears in quite a few places, we should 
also consider a new method like:

incremented String*
InStream_Read_Utf8(InStream *self, size_t len);

Nick