lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


coroutines> This is one of those "I know better than you -- we should avoid the
coroutines>potential for users to screw themselves." retorts.
coroutines>
coroutines>Why do you care if I shoot my foot?  It's not yours :p

However, in that anology what you are asking is "remove all safeguards on fire weapons for everybody, because I want to be free to shoot into my leg as fast as possible, without having to alter the gun myself".

If you absolutely must have mutable buffers, you can do freely with exactly userdata, provide in c a metatable for all operations and copy it to strings for interaction with other lua API or override functions like print() yourself to directly support your mutables.

Making a general memory inspection call for luadata is also quite easy to do, you only have to understand a little C. I estimate it to be around one single screenpage of code or so. The actual function to inspect the memory return it as string, array of bytes or whatever could even be a one-liner. And sorry, you won't get around it. At most if absolutely unwilling to find someone to write a library with that c call for you can require(). But there is no need to put it in stock Lua for your special case.

javier> I think it was more like failing to sanitize an input (http://xkcd.com/1354/)

Despite of the actual bug if newly allocated memory would have been zeroed, the bug wouldn't have mattered much.

This is one of the examples, what is wrong with, "after doing coding for a few decades and experienced a lot, I concluded it is wise to generally follow these guidelines. [point because this], [point because this], [point because this]..."

Of course to every general wise guideline there is this one extreme (constructured) case where its better to break it. I won't come up with an analogy of general life, but its much the same. 

One of the things I'd say, if you write a security related software and you have already a costum allocater, for the love of security, put on zero on any new allocated memory. Even if everything would be bug free it should not be needed.