Odd behaviour of ResizableWhateverArray PMC's
Martin D Kealey
martin at kurahaupo.gen.nz
Mon Oct 12 05:58:51 UTC 2009
On Fri, 9 Oct 2009, Geoffrey Broadwell wrote:
> Putting on my "security nut" hat, no sane VM should provide primitives
> that implicitly allow access to uninitialized data. That's just too
> easy for people to trip over.
>
> Uninitialized memory is evil in approximately the same way as the black
> cinder from Time Bandits.
Even if you think it's okay for *this* object to have "random garbage" (on a
"buyer beware" basis) what about the problem of "information leakage" -- if
initializers don't erase memory, or at least guarantee semantics that give
that appearance, then objects containing sensitive information have to be
given destructors that erase their memory instead. While that's probably a
good idea in and of itself, it doesn't happen most of the time because it
simply doesn't occur to most programmers that "out of band leakage" is even
a possibility.
As for "what's an appropriate fill value", I'm inclined to think that there
should be a "default fill" attribute, presumably protected so it can only be
set before it's used.
-Martin
More information about the parrot-dev
mailing list