Here's one for the #langsec crowd. CloudFlare used a parser generator named Ragel, they didn't parse manually.
Bug was in generated code.
In this specific case, no C code was involved, all just happened using Ragel primitives.
-
-
I see, thanks. However, Ragel still an odd mix of goto's and pointers. It is not a "safe language" it appears.
-
Not at all, no.
-
which is a shame, I was sort of hoping it was :-)
-
It's basically regex but with the ability to hook into the state machine. It's really weird and quite neat...
-
You don't have to use the C backend though, it knows how to generate other stuff. So it can be memory safe.
-
Still, it's really weird, and it's hard to come up with a good suggestion on when it's actually a good idea.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.