From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Using the GNU GMP Library for Bignums in Emacs Date: Sat, 21 Apr 2018 20:09:55 +0300 Message-ID: <83604kxz8c.fsf@gnu.org> References: <29f933ac-a6bf-8742-66a7-0a9d6d3e5a88@disroot.org> <87k1t05wz4.fsf@metalevel.at> Reply-To: Eli Zaretskii NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: blaine.gmane.org 1524330496 12247 195.159.176.226 (21 Apr 2018 17:08:16 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 21 Apr 2018 17:08:16 +0000 (UTC) Cc: emacs-devel@gnu.org To: Markus Triska Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Apr 21 19:08:12 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f9vze-00033g-8V for ged-emacs-devel@m.gmane.org; Sat, 21 Apr 2018 19:08:10 +0200 Original-Received: from localhost ([::1]:58988 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f9w1k-0000A7-NO for ged-emacs-devel@m.gmane.org; Sat, 21 Apr 2018 13:10:20 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53306) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f9w1d-00009G-59 for emacs-devel@gnu.org; Sat, 21 Apr 2018 13:10:14 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f9w1Z-0008ON-5Q for emacs-devel@gnu.org; Sat, 21 Apr 2018 13:10:13 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36287) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f9w1Z-0008OC-1V; Sat, 21 Apr 2018 13:10:09 -0400 Original-Received: from [176.228.60.248] (port=3769 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1f9w1Y-0000Re-GM; Sat, 21 Apr 2018 13:10:08 -0400 In-reply-to: <87k1t05wz4.fsf@metalevel.at> (message from Markus Triska on Sat, 21 Apr 2018 18:46:07 +0200) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:224771 Archived-At: > From: Markus Triska > Date: Sat, 21 Apr 2018 18:46:07 +0200 > > Using GMP has a significant downside if you run out of memory: There’s > currently no defined way for the allocation functions to recover from an > error such as out of memory, they must *terminate* program execution. > > Please see the following page for details: > > https://gmplib.org/manual/Custom-Allocation.html > > Thus, situtations where you can currently throw an Emacs error that can > be handled in user code would instead terminate the Emacs process. This > can for example arise from malicious input that involves very large > integers as results (7^7^7^7 etc.), and of course also elsewhere. > > Also, it may become hard to stop long GMP calculations, whereas you can > easily stop computations that are written in Elisp. Thus, long GMP > calculations may lead to denial of editing attacks. How are those dangers different from using any other external library. Like the JSON library, for excample, or libxml2?