[Cryptography] Use Linux for its security
Florian Weimer
fw at deneb.enyo.de
Sat Oct 1 05:26:25 EDT 2016
* Henry Baker:
> I've had a long-standing complaint with Common Lisp -- even though it is
> technically a buffer-overflow-free zone --
Actually, it's not. Common Lisp does not mandate bounds checking for
AREF or SVREF. One can hope that most implementations perform it by
default, but for those implementation with optimizing compilers, it
can be easily switched off. The language rules even say that if a
supposedly-safe function is called from a function compiled without
safety checks, the safety checks in the called functions do have to be
performed (so safety is not modular).
The main difference to C is that Common Lisp arrays have an explicit
length, which makes bounds checks easy to implement, either manually
or automatically by the compiler.
More information about the cryptography
mailing list