Re: large allocation with 'io.read' function

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: large allocation with 'io.read' function
From: Ahmed Charles <acharles@...>
Date: Fri, 3 Mar 2017 12:08:22 +0000

> fair enough. In that case its "unintended side-effect" ;) I`m not

> entirely sure what would be the best solution as in current state
> running code above would just DoS the system ..

None of the possible values that should be passed to io.read() should be taken from user input, especially not directly, so I fail to see how this is any different than calling malloc() with a user value. The issue isn't that malloc() allocates as much memory as you ask for, it's that you let someone else decide how much to ask for.

In that sense, this has as much potential to DoS the system as malloc does.

References:
- large allocation with 'io.read' function, op7ic \x00
- Re: large allocation with 'io.read' function, Dirk Laurie
- Re: large allocation with 'io.read' function, op7ic \x00

Prev by Date: Re: large allocation with 'io.read' function
Next by Date: Re: large allocation with 'io.read' function
Previous by thread: Re: large allocation with 'io.read' function
Next by thread: Re: large allocation with 'io.read' function
Index(es):
- Date
- Thread