Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3)
From: William Ahern <william@...>
Date: Sat, 19 Apr 2014 08:03:28 -0700

On Sat, Apr 19, 2014 at 02:55:10AM -0400, Sean Conner wrote:
> It was thus said that the Great Dirk Laurie once stated:
> > 2014-04-18 22:28 GMT+02:00 Sean Conner <sean@conman.org>:
> > 
> > > requires a C99 compiler
> > 
> > Does POSIX.1-2001 compliance imply all of C99?
> 
>   I think POSIX only covers functions available, not langauge features.  The
> problematic part of the code is:

Off the top of my head, things POSIX requires which C99 does not:

1) conversions between void pointers and integers.
2) conversions between void pointers and function pointers.
3) CHAR_BIT == 8
4) sizeof (int) >= 4

> 	static int luametaiconv_iconv(lua_State *L)
> 	{
> 	  const char *from;
> 	  size_t      fsize;
> 	  iconv_t    *pic;
> 	 
> 	  pic  = luaL_checkudata(L,1,TYPE_ICONV);
> 	  from = luaL_checklstring(L,2,&fsize);
> 	 
> 	  size_t  rc;
> 	  size_t  tsize    = fsize * 8; /* a reasonable guess here */
> 	  char    to[tsize];

You could easily overrun the stack this way. Probably not likely with an
interface like this where the argument is always short, but it could be a
DoS vector. Other use cases might be far more susceptible to this.

Variable sized arrays really only make sense for numerical stuff. Much of
C99 was concerned with migration of code to C from Fortran, which has
variable length arrays. That's why they expanded the math library so much.

Some Fortran compilers (like gfortran) are smart enough to switch to using
the heap for very large arrays so that the stack doesn't overflow. But as
far as I know C compilers don't do this.

<snip>
>   I could hoise the variable declarations up above the two function calls,
> but I still have the variably size array to contend with, and frankly, with
> C99 being fifteen years old now, I want to use those features, damn it!  I
> don't want to be held hostage to Microsoft, so I'm not changing the code.

Visual Studio 2013 has adopted many new C99 language features. Conspicuously
absent are variable length arrays, although they've implied that C99
compliance will improve in later versions. C11 made variable length arrays
optional, though.

* http://msdn.microsoft.com/en-us/library/hh409293.aspx
* http://blogs.msdn.com/b/vcblog/archive/2013/07/19/c99-library-support-in-visual-studio-2013.aspx

References:
- Modules for iconv (Was: UTF-8 patterns in Lua 5.3), Dirk Laurie
- Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3), Sean Conner
- Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3), Dirk Laurie
- Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3), Sean Conner

Prev by Date: Re: UTF-8 patterns in Lua 5.3
Next by Date: [ANN] tableDB
Previous by thread: Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3)
Next by thread: Re: Modules for iconv (Was: UTF-8 patterns in Lua 5.3)
Index(es):
- Date
- Thread