Here's one for the #langsec crowd. CloudFlare used a parser generator named Ragel, they didn't parse manually.
Bug was in generated code.
-
-
Replying to @andreasdotorg
Ragel mixes custom code with generated parser code, and that custom code was written in a memory unsafe language.
2 replies 0 retweets 6 likes -
Replying to @CopperheadOS @andreasdotorg
Not much of a "gotcha" when the problem is custom code written in a low-level memory unsafe language, not the generator.
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @andreasdotorg
Hand-written parsers in a memory safe language don't have security risks like this. Parser generators are just a good idea.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
In memory safe languages, they serve other purposes, such as controlling the Chomsky level of the parsed language.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg
That's true, but for many cases that's not much of an issue. For example, with media decoding it doesn't really matter much.
2 replies 0 retweets 0 likes
Right. The only thing that might matter is proving termination. But you can have that with parser combinators and total lang.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.