This is the mail archive of the guile@cygnus.com mailing list for the guile project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
>> There is no way in the world that the user can place data in a higher >> stack frame than main() (unless they use a customised link and ignore libc >> or start inventing their own pointer values) so why bother scanning the >> extra memory just to be conservative? >> > >Not quite - it's possible to put a pointer to a user-allocated string >in environ using putenv or setenv, for instance. Is the environment built on the stack? I didn't know that. In any case, I don't think we need to cater for absolute stupidity. Interacting with guile from C needs a fair amount of programming discipline anyway, and worrying about someone doing that is the least of your worries. >> In my humble opinion, guile should attempt to scan as LITTLE of the >> stack as possible rather than as MUCH as possible. Just do the job that >> has to be done. Make clear to the user that the amount of code they hand >> over into guile's care represents the amount of protection they get but >> GIVE THE USER THE CHOICE. >> > >Do you mean the user has to explicitly ask for stack protection for >ranges he cares about, instead of letting Guile find the top of the >stack? To me that sounds too close to going back to the bad old days >of having to explicilty protect all values on the stack. I think what he means it that the programmer should tell guile where the highest point of the stack that he intends to use is. I can imagine the situation that you have some huge application and you intend to tack guile into some tiny part of it to do some small job. Having guile search the entire stack is overkill, not to mention increasing the chances of more false pointers leading to uncollected garbage. But if you want to be safe, you declare some dummy variable in main, pass the address of it to guile on start-up, and everything from that variable in main to infinity will be safe. That seems very reasonable to me. Tell the user how to do things safely, and let them judge for themselves if they need that level of protection or not. I