> fair enough. In that case its "unintended side-effect" ;) I`m not
> entirely sure what would be the best solution as in current state
> running code above would just DoS the system ..
None of the possible values that should be passed to io.read() should be taken from user input, especially not directly, so I fail to see how this is any different than calling malloc() with a user value. The issue isn't that malloc() allocates as much memory
as you ask for, it's that you let someone else decide how much to ask for.
In that sense, this has as much potential to DoS the system as malloc does.