Re: Motion 46: finalise interval literals, amendments
> Am I right that this p/q feature is the ONLY place in the standard that specifies data structures of unbounded size?
No, this feature is not the only place.
Suppose input stream with interval literal [l,h] where l and u are decimal string.
We need to store l in memory to distinguish between l <= u and l > u.
-Dima
----- Исходное сообщение -----
От: j.d.pryce@xxxxxxxxxx
Кому: dmitry.nadezhin@xxxxxxxxxx
Копия: stds-1788@xxxxxxxxxxxxxxxxx
Отправленные: Среда, 10 Июль 2013 г 11:55:08 GMT +04:00 Абу-Даби, Маскат
Тема: Re: Motion 46: finalise interval literals, amendments
On 10 Jul 2013, at 05:37, Dmitry Nadezhin wrote:
>> the literals may be read from an unseekable stream.
> ...
> In practice p and q are of reasonable size.
> I imagine only how a hacker sipplies long digit sequences as DoS attack.
> An implementation may fail if it can't store input stream in memory
> reporting OutOfMemory error.
> I don't think that standard should specifiy this.
Hmm. Am I right that this p/q feature is the ONLY place in the standard that specifies data structures of unbounded size? (Arrays, etc., are of unbounded size but are language responsibility, not ours.)
Should we be extra careful here? I don't want to see a security update in the future saying "Supplying a long rational number to an IEEE-1788 interval package can cause buffer overflow, allowing arbitrary code execution".
JohnP