> > At 14:57 29-08-01, Walter Franzini wrote:
> > > From the extension (the user of kernel services) pov I must disagree.
> >>But obviusly I'missing something :-)
> >
> > I don't see why there's a difference.
> Maybe the difference is not ZE vs. extension but internal vs. external
> data, where external means coming from the outside of PHP/Zend.
> If you try to allocate memory for data that come from the outside (the
> browser, a db) you should fail gracefully: a malicious user can send
> to your app a huge amount of data only to make it crash.

This sort of checking should be done by the extension before you make the
allocation, no?   You shoulnd't even be -trying- to allocate 2G of memory
for an object in your extension (unless you really want to be, of course).
Amongst other things allowing for this sloppiness only encourages people to
further sloppiness, like not checking the return values of their
malloc/emalloc call, which will almost certainly result in crashes when they
return null and that pointer is sloppily passed to another routine without
proper checking.  Failure to allocate should be a fatal error.


PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to