[Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci]
Dear CHICKEN users, the substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. This issue was fixed in master (25db851) and chicken-5 (63d0445) via the patch discussed at http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg0.html. Affected versions: all Fix versions: 4.9.0.2, 4.9.1, 5.0 Kind regards, The CHICKEN team signature.asc Description: PGP signature ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
Re: [Chicken-users] Parsing HTML, best practice with Chicken
Hello and happy new year to all! Peter, Hm, that's unfortunate. However, I've heard this complaint before. Do you have any tips on how we can improve the situation? First, to lighten up spirits a bit: at least for me it was easier to start with Chicken than with Clojure. That being said, I think it is hard to compete against Python in terms of documentation, number of packages, scope of usage, integrated IDE (IDLE), community size and number of stackoverflow questions/answers. What would certainly help would be -- give more examples on how one would solve problems with Chicken. This especially applies to the eggs. I think this is a very important point, since sometimes I do feel very lost when reading through the egg documentation. I understand that the fact that many eggs have their own domain specific language does not make this easy, but IMHO it is necessary to have at least two trivial and a couple of more complicated use cases for an egg. -- a guide to its package ecosystem, with some idea which packages would be recommended, and which may have been forgotten and may not be up to date. -- an instruction how to get a running IDE with a REPL. I really struggled here (Sublime Text 2, EMACS). -- provide easier access to Chicken and egg sources. -- some good pointers where to learn the SCHEME language (beginners, intermediate, experienced level). -- a restructured website. Although this is certainly a very minor point, but I think the Chicken site should really help to get going with scheme straight away, and not require a user to search the internet, this excellent mailing list or stackoverflow for possible hints. Sorry that I was not more constructive, but I hope you can see where my problems lie. Cheers, Piotr ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
Re: [Chicken-users] csc/csi man pages deficient
Hi Andrew, Of course you're right. I've created a ticket[1] to track this issue (really, a feature request for normal man pages). Best regards, Evan [1]: https://bugs.call-cc.org/ticket/1177 ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
Re: [Chicken-users] csc/csi man pages deficient
If you have chicken-doc installed, another option is to run e.g. chicken-doc csi or consult either of these links, from which the above is taken: http://api.call-cc.org/doc/csi http://wiki.call-cc.org/man/4/Using%20the%20interpreter On Jan 12, 2015, at 12:57, Evan Hanson ev...@foldling.org wrote: Hi Andrew, Of course you're right. I've created a ticket[1] to track this issue (really, a feature request for normal man pages). Best regards, Evan [1]: https://bugs.call-cc.org/ticket/1177 ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci]
Moritz Heidkamp moritz.heidk...@bevuta.com writes: the substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. Forgot to mention: As a work-around you can switch to SRFI 13's string-contains procedure which also returns the substring's index in case it is found. Moritz signature.asc Description: PGP signature ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
Re: [Chicken-users] Parsing HTML, best practice with Chicken
Hi Piotr, I don't have much to add, other than to say that I agree with most of your points and to thank you for taking the time to write up your thoughts. On 2015-01-12 11:49, m...@freeshell.de wrote: -- an instruction how to get a running IDE with a REPL. I really struggled here (Sublime Text 2, EMACS). FWIW, I believe dleslie is doing some work in this area for Emacs users at https://github.com/dleslie/geiser. -- provide easier access to Chicken and egg sources. What would be the ideal way to access sources (or to discover how to access sources) for you? Also, are you aware of `chicken-install -retrieve eggname`? Anyway, thanks again. Cheers and happy 2015, Evan ___ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
