This site is a static rendering of the Trac instance that was used by R7RS-WG1 for its work on R7RS-small (PDF), which was ratified in 2013. For more information, see Home.
Source for ticket #529
cc
changetime
2013-07-07 03:20:44
component
WG1 - Core
description
Peter Bex writes:
I somehow overlooked the addition of "read-line", which I think might be a bad idea considering it does not support a limit of how much to read (allowing user input to cause an out of memory situation, leading to denial of service). Luckily, a limit as optional second argument is a pretty straightforward extension which my favorite Scheme [Chicken] already supports.
The very old and standard procedure `read` also does not support any kind of limit, and it would need several: a sequence length limit, a nesting depth limit, a bignum size limit, and a character name length limit. A library could easily be created with attack-safe versions of `read` and `read-line`, or as you say it could be an extension.
id
529
keywords
milestone
owner
alexshinn
priority
major
reporter
cowan
resolution
wontfix
severity
status
closed
summary
Read-line permits DoS attacks
time
2013-05-13 17:53:20
type
defect
Changes
Change at time 2013-07-07 03:20:44
author
cowan
field
comment
newvalue
The WG decided by unanimous consent to take no action on this ticket.
oldvalue
1
raw-time
1373142044410382
ticket
529
time
2013-07-07 03:20:44
Change at time 2013-07-07 03:20:44
author
cowan
field
resolution
newvalue
wontfix
oldvalue
raw-time
1373142044410382
ticket
529
time
2013-07-07 03:20:44
Change at time 2013-07-07 03:20:44
author
cowan
field
status
newvalue
closed
oldvalue
new
raw-time
1373142044410382
ticket
529
time
2013-07-07 03:20:44