I experienced an error today on what appeared to be bad data fed to
Marshal. I don’t have the data on hand and I’m not sure why it was
generated, but ruby crashed with a “failed to allocate memory” error.
Now, I’m using Marshalled data over the network, if there’s potential
for random data to kill ruby, this is bad. The box in question is
using a ruby prerelease, but I’m not sure if anything has changed or
not.
Basically, I’m just asking the question: is the Marshal format “safe”,
at least in 1.8.0 final?
I experienced an error today on what appeared to be bad data fed to
Marshal. I don’t have the data on hand and I’m not sure why it was
generated, but ruby crashed with a “failed to allocate memory” error.
Maybe the dataset is just too big. This can easily happen if you send a
huge chunk from the server to a smaller client.
Now, I’m using Marshalled data over the network, if there’s potential
for random data to kill ruby, this is bad. The box in question is
using a ruby prerelease, but I’m not sure if anything has changed or
not.
You might run into problems if both machines don’t share the same version
of Marshal (i.e. Ruby release).
Basically, I’m just asking the question: is the Marshal format “safe”,
at least in 1.8.0 final?
AFAIK yes. There was a recent minor change though, at least I remember a
posting from Matz within the last weeks saying so.
Basically, I’m just asking the question: is the Marshal format “safe”,
at least in 1.8.0 final?
Define “safe” first.
I have no plan to change marshal format in the future, so that after
1.8.0, it should be version safe.
I tried hard to make it very difficult to crash Ruby with a bad (or
hand-written) marshal data. So it should be input safe as long as
limited resources, like memory, are available.
matz.
···
In message “Marshal format “safe”?” on 03/08/06, Ryan Pavlik rpav@users.sf.net writes:
Basically, I’m just asking the question: is the Marshal format “safe”,
at least in 1.8.0 final?
Define “safe” first.
I would say that “safe” in this case would be 1) not executing anything
that comes across the wire (which I have always believed to be the case,
just including it for completeness), 2) that the amount of memory used
is directly proportional to the number of bits that come across the
wire, and 3) bad/partial data will at worst throw an exception.
I have no plan to change marshal format in the future, so that after
1.8.0, it should be version safe.
Cool, that’s good to know.
I tried hard to make it very difficult to crash Ruby with a bad (or
hand-written) marshal data. So it should be input safe as long as
limited resources, like memory, are available.
OK, that’s what I wanted to know. I will update to the 1.8 release
version, and put in some further checking.
matz.
thanks,
···
On Thu, 7 Aug 2003 00:30:41 +0900 matz@ruby-lang.org (Yukihiro Matsumoto) wrote:
In message “Marshal format “safe”?” > on 03/08/06, Ryan Pavlik rpav@users.sf.net writes:
In message “Re: Marshal format “safe”?” on 03/08/07, Ryan Pavlik rpav@users.sf.net writes:
I tried hard to make it very difficult to crash Ruby with a bad (or
hand-written) marshal data. So it should be input safe as long as
limited resources, like memory, are available.
OK, that’s what I wanted to know. I will update to the 1.8 release
version, and put in some further checking.
