Marshal format "safe"?

R

Ryan Pavlik

I experienced an error today on what appeared to be bad data fed to
Marshal. I don't have the data on hand and I'm not sure why it was
generated, but ruby crashed with a "failed to allocate memory" error.

Now, I'm using Marshalled data over the network, if there's potential
for random data to kill ruby, this is _bad_. The box in question is
using a ruby prerelease, but I'm not sure if anything has changed or
not.

Basically, I'm just asking the question: is the Marshal format "safe",
at least in 1.8.0 final?

Thanks,
 
R

Robert Klemme

Ryan Pavlik said:
I experienced an error today on what appeared to be bad data fed to
Marshal. I don't have the data on hand and I'm not sure why it was
generated, but ruby crashed with a "failed to allocate memory" error.
Click to expand...

Maybe the dataset is just too big. This can easily happen if you send a
huge chunk from the server to a smaller client.
Now, I'm using Marshalled data over the network, if there's potential
for random data to kill ruby, this is _bad_. The box in question is
using a ruby prerelease, but I'm not sure if anything has changed or
not.
Click to expand...

You might run into problems if both machines don't share the same version
of Marshal (i.e. Ruby release).
Basically, I'm just asking the question: is the Marshal format "safe",
at least in 1.8.0 final?
Click to expand...

AFAIK yes. There was a recent minor change though, at least I remember a
posting from Matz within the last weeks saying so.

Regards

robert
 
R

Ryan Pavlik

On Thu, 7 Aug 2003 00:30:41 +0900
Hello,

In message "Marshal format "safe"?"

|Basically, I'm just asking the question: is the Marshal format "safe",
|at least in 1.8.0 final?

Define "safe" first.
Click to expand...

I would say that "safe" in this case would be 1) not executing anything
that comes across the wire (which I have always believed to be the case,
just including it for completeness), 2) that the amount of memory used
is directly proportional to the number of bits that come across the
wire, and 3) bad/partial data will at worst throw an exception.
I have no plan to change marshal format in the future, so that after
1.8.0, it should be version safe.
Click to expand...

Cool, that's good to know.
I tried hard to make it very difficult to crash Ruby with a bad (or
hand-written) marshal data. So it should be input safe as long as
limited resources, like memory, are available.
Click to expand...

OK, that's what I wanted to know. I will update to the 1.8 release
version, and put in some further checking.
matz.
Click to expand...

thanks,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

format code, IDE 5
How to make net-ping thread safe? 14
[ANN] JRuby 1.2.0 Released 1
[ANN] RedParse 0.8.4 Released 0
[ANN] JRuby 1.2.0RC1 Released 8
[ANN] JRuby 1.0.2 Released 0
[ANN] JRuby 1.4.0 Released 2
Paging _why, YAML problems 1

Members online

Total: 29 (members: 1, guests: 28)
Robots: 121

Forum statistics

Threads
473,777
Messages
2,569,604
Members
45,223
Latest member
Jurgen2087

Latest Threads

Top