[CSS_ACM_General_List] a question

Sean Neilan sean at seanneilan.com
Tue May 24 13:39:41 CDT 2011


That's what I'm curious about is how python manages the mallocs and frees.
There's some kind of machine that does that. I understand that buffer
overflows can be prevented by not going over array indexes, but, what if you
want to store everything that goes into a server?

Python appears to manage large amounts of data extraordinarily well.
http://docs.python.org/c-api/memory.html

I would like to write web software in C but still have the memory management
capabilities of python so I don't run into buffer overflows.

I'm finding that the ease of python gets old after a while.

On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu> wrote:

> On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
> > What happens in Python that generally doesn't happen in a server in C to
> > prevent buffer overflows? Why should Python have an advantage over the
> > language it was written in?
>
> Python and other languages like it generally make it much harder for
> you to mess up in this way.  In C, your variables, most notoriously
> strings, require you to allocate and properly use the memory set aside
> for them.  For instance,
>
>  char foo[80];
>
> Sets up 80 bytes for a string named 'foo'.  What happens when you
> try to put 81 bytes into that variable?  Well, if you code safely
> that won't happen, but say you did something like this:
>
>  gets(foo);
>
> It is trivial to give more than 80 bytes via gets and, voila, buffer
> overflow.
>
> In Python, and others, memory is managed automatically for you as
> needed.  In Python, you don't even need to allocate memory for foo.
> It could be a string of arbritrary size, Python will figure out and
> handle all the memory management for you.  Even if foo changes
> drastically throughout your running program, it's not something you
> have to manage directly.  Memory management is all handled under the
> covers for you.  I don't know Python well, but I imagine under the
> covers is essentially mallocs and frees that do this for you.
>
> Of course, you might be able to stuff foo full of data exceeding the
> resources of the running system, but that is a slightly separate issue.
>
> Note, even with Python's memory management doing all the work for
> you, you may not entirely be rid of buffer overflows if the underlying
> language implementation has a bug.  For example:
>
>  <http://www.securityfocus.com/bid/30491>
>
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/e7adcc18/attachment.html 


More information about the CSS_ACM_General_List mailing list