• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to recognize mutability?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to recognize mutability?

  • Subject: Re: How to recognize mutability?
  • From: Jens Alfke <email@hidden>
  • Date: Thu, 21 Feb 2013 22:15:57 -0800
On Feb 21, 2013, at 8:34 PM, Gerriet M. Denkmann <email@hidden> wrote:

> Well, the opposite of: "can store all strings" is: "can store only certain strings".
> My point is that the number of unstorable strings is greater than zero. Whether it is 1 or any other number is quite beside the point.

Yes. What makes this so bad is that it’s pretty likely that some strings stored in an archive are created outside the program’s control, i.e. by a user (or worse, possibly from data received over a network.) That means you have to explicitly guard against un-archivable strings, maybe by escaping them somehow, or run the risk of crashes or corruption. And we don’t even know for sure what the full set of un-archivable strings is.

It also doesn’t matter how obscure/unlikely those illegal inputs are. Let’s say you wrote an IRC client that persists transcripts using an NSKeyedArchiver, with a data structure where every message is an NSString. Makes sense. So then all someone has to do is type the message “$null” into an IRC chat, and boom! Everyone in that chat room using your client simultaneously gets kicked out with a crash.* Instant DoS attack. In this case it wouldn’t matter if the illegal string were a specific 800 characters of gibberish; once someone found out the bug, that string would become pretty widely known.

—Jens

* I had something like this happen in one particular development build of iChat once, due to a bug in the Bonjour status-message code. There was some particular character you could put in your status message, that would instantly crash every copy of iChat running on your subnet. This was lots of fun for a few hours until I fixed the bug.
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: How to recognize mutability?
      • From: Alex Zavatone <email@hidden>
    • Re: How to recognize mutability?
      • From: Charles Srstka <email@hidden>
References: 
 >Re: How to recognize mutability? (From: "Gerriet M. Denkmann" <email@hidden>)

  • Prev by Date: Re: How to recognize mutability?
  • Next by Date: Re: How to recognize mutability?
  • Previous by thread: Re: How to recognize mutability?
  • Next by thread: Re: How to recognize mutability?
  • Index(es):
    • Date
    • Thread