Version française
Home     About     Download     Resources     Contact us    

This site is updated infrequently. For up-to-date information, please visit the new OCaml website at

Browse thread
[Caml-list] Does Marshal handle malicious data?
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Xavier Leroy <xavier.leroy@i...>
Subject: Re: [Caml-list] Does Marshal handle malicious data?
> Will the standard Marshal library correctly generate an exception
> for malicious data?  Or is it possible that it will cause a core
> dump, read past end of string, etc?

No, unmarshaling is not hardened against bad data (except checking the
initial magic number).  So, corrupted data can cause all the bad
things that you mentioned (core dump, etc).

Gracefully recovering from bad data could be implemented, but at
significant run-time cost.  An alternative is to use message
authentication codes and the like to guarantee the integrity of the

- Xavier Leroy
To unsubscribe, mail Archives:
Bug reports: FAQ:
Beginner's list: