Version française
Home     About     Download     Resources     Contact us    

This site is updated infrequently. For up-to-date information, please visit the new OCaml website at

Browse thread
Safe marshall?
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2005-02-17 (00:11)
From: Mike Hamburg <hamburg@f...>
Subject: Re: [Caml-list] Safe marshall?
I don't know of any way to tell a C function typing information.  Maybe 
with GCaml, but I haven't seen a new version of that in a long time.  
Even to get such information from within Caml sounds dubious; it seems 
like a Haskell-type-class-esque solution would be needed.

Anyway, is the Objective-C serialization safe?  This sounds unlikely to 


On Feb 16, 2005, at 5:55 PM, Oliver Bandel wrote:

> On Wed, Feb 16, 2005 at 05:07:55PM -0500, Mike Hamburg wrote:
>> Is there any way to call Marshall in a type-safe way?  I need to use
>> marshaling for a networking program, and I'd rather not leave Marshal
>> as an arbitrary code execution vulnerability (which it is as far as I
>> can tell: switching on a Marshaled value should produce a computed
>> jump, which can be set by an attacker to point to an arbitrary place).
>> Am I stuck writing my own marshal function?
> Is it possible to say a C-function *anything* about a datastructure's 
> structure?
> Via the C-interface of OCaml?!
> If so.... at least under Mac OS-X it should be possible to solve that 
> task
> with Objective-C. It can dump objects completely.
> So this -  at least on this platform - would be possible then.
> But IMHO this may not be possible with all Objective-C implementations.
> Ciao,
>   Oliver
> _______________________________________________
> Caml-list mailing list. Subscription management:
> Archives:
> Beginner's list:
> Bug reports: