Re: Lisp security
- From: Pascal Costanza <pc@xxxxxxxxx>
- Date: Mon, 31 Oct 2005 19:46:06 +0100
Cameron MacKinnon wrote:
Florian Weimer wrote:
* John Thingstad:
Obviously Lisp is not prone to buffer overfow controls. (unless optimations turn bounds checking off)
Not true, AREF is not guaranteed to check bounds even in "safe" code.
Is this true? I'm not a high-powered Lisp language lawyer, but the Hyperspec's Description for AREF says "Accesses the array element specified by the subscripts." Since out-of-bounds stuff isn't an array element, accessing it via aref would seem to be non-conforming. As well, 15.1.1.1 (Array Indices) says "An array element is referred to by a (possibly empty) series of indices. [...] Each index MUST BE [emphasis mine] a non-negative fixnum less than the corresponding array dimension.
On the other hand, AREF also says "Exceptional Situations: None."
ELT has an exceptional situation defined when an index is not valid.
Wow.
Pascal
-- My website: http://p-cos.net Closer to MOP & ContextL: http://common-lisp.net/project/closer/ .
- References:
- Lisp security
- From: John Thingstad
- Re: Lisp security
- From: Florian Weimer
- Lisp security
- Prev by Date: Re: Lisp in embedded systems?
- Previous by thread: Re: Lisp security
- Index(es):
