[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
- From: Josh Simmons <simmons.44@...>
- Date: Sat, 31 Dec 2011 12:32:08 +1100
I was thinking more at an application level, parse n fields out of the HTTP request then die. But modifying lua to suit would work too I suppose. I don't think there's a general need for this but it might make a handy power patch.
On Dec 31, 2011 12:02 PM, "Mark Hamburg" <firstname.lastname@example.org
On Dec 30, 2011, at 1:09 PM, Josh Simmons wrote:
Why not just limit n at the parser level? Far simpler than any alternative. It's not like your application really needs to handle arbitrary numbers of fields all at once.
You have to be careful with HTTP header fields too.
That does raise an interesting alternative solution. The string interning logic could optionally detect when a chain of strings had exceeded some limit and then fail the effort to add the string. This is probably only recommended in controlled contexts where one is prepared for the error to occur, but by blocking the problem at the point where we're interning the strings we avoid needing to protect the hash table cases.