Version française
Home     About     Download     Resources     Contact us    
Browse thread
Re: FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data)
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: William Lovas <wlovas@s...>
Subject: Re: FP/IP and performance (in general) and Patterns... (Re: [Caml-list] Avoiding shared data)
On Wed, Oct 05, 2005 at 03:45:52PM +0200, Oliver Bandel wrote:
> So, the typical "out of bounds" and "format string" problems
> are typical security risks.
> (Btw: is OCaml's format-string stuff from the Printf-module save in
> this respect?!)

As far as i understand the "format string" bugs, they arise when a
programmer writes a call to printf whose first argument comes from
user input.  In O'Caml the various *printf functions require their
first argument to have type "('a, 'b, 'c) format", for some values
of 'a, 'b, and 'c.  As far as i can tell there's no way to produce
a value of this type from user input, so O'Caml should be safe.

In fact, there might even be a better reason O'Caml is safe, like
that it doesn't automatically keep looking for arguments until it
runs out of %expandos, but rather it just produces a closure that
can be applied to more arguments later.  But this is just a guess,
based on a quick 5-minute perusal of the O'Caml standard library.

cheers,
William