AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
17-Nov 23:51 UTC
[0.051] 17.205k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[!REBOL3]

older
newer		first
last
BrianH
9-Oct-2011
[9697x2]
a func [] [print get bind 'stuff :a]

I had to go though the mezzanine code pretty carefully to consider 
what happens when functions are passed as arguments to the mezzanine 
functions. Some functions like REPLACE and ARRAY were modified to 
take advantage of that trick pretty nicely.
Ladislav
9-Oct-2011
[9699]
OK, but nothing of that kind applies to the case of BIND [...] 'some-variable
BrianH
9-Oct-2011
[9700x2]
True, which is why I was convinced by that particular argument :)

then the ban on BIND to a function-context-bound word when the function 
isn't running has no security benefit
 :)
Ladislav
9-Oct-2011
[9702]
Yes, it only prevents some meaningful uses
BrianH
9-Oct-2011
[9703]
Especially ones where the bound words are leaked intentionally to 
provide access to the context. It sounds worthy of a wish ticket 
in CureCode.
Ladislav
9-Oct-2011
[9704]
Unfortunately, the whole issue may be quite long to present completely
BrianH
9-Oct-2011
[9705]
I'll write it up, if it's OK to copy some of your arguments from 
above into the ticket.
Ladislav
9-Oct-2011
[9706x2]
Anything

So, for the case of BIND [...] function the main difference is, that 
it cannot be done regardless of whether the function is running or 
not, which can be considered a security measure, then.
BrianH
9-Oct-2011
[9708]
Yup. And BODY-OF returning an unbound copy prevents code like this:
	print get second body-of :a

PROTECT/hide doesn't affect existing bindings, so you need to be 
careful about leaking those too.
BrianH
10-Oct-2011
[9709]
Initial version of the ticket made: http://issue.cc/r3/1893
Ladislav
10-Oct-2011
[9710]
Supporting comment added.
Henrik
11-Oct-2011
[9711x2]
would it not be practical if REMOVE-EACH could /SKIP ?

nevermind. please ignore request.
Ladislav
11-Oct-2011
[9713]
remove-each [value skip] my-block [...]
Henrik
11-Oct-2011
[9714]
ladislav, yes, saw it just now. :-)
Andreas
12-Oct-2011
[9715x2]
The only function in R3 that operates that way is TRANSCODE, so as 
long as it doesn't choke on overlong combinations

#{c0ae} is an overlong encoding for #"." (#{2e}).

>> invalid-utf? #{c0ae}
== #{C0AE}

>> transcode #{c0ae}
== [® #{}]

>> transcode #{2e}
== [. #{}]

So for words, transcode is behaving strange. On the other hand, for 
strings ({"} is #{22}):

>> transcode #{22c0ae22}
== ["." #{}]
BrianH
12-Oct-2011
[9717]
So, on R3 INVALID-UTF? flags overlong encodings? Sorry I missed that. 
Better fix the R2/Forward version accordingly.
Andreas
12-Oct-2011
[9718]
No, it doesn't.
BrianH
12-Oct-2011
[9719]
And we could use a ticket for the TRANSCODE bugs.
Andreas
12-Oct-2011
[9720]
Or at least, it behaves the same as in R2.
BrianH
12-Oct-2011
[9721x2]
INVALID-UTF? returns the series at the position of the first invalid 
sequence. If it doesn't flag it returns none.

If it is returning anything other than none for an overlong form, 
it is screening for overlong forms.
Andreas
12-Oct-2011
[9723]
It is only in this particular case.
BrianH
12-Oct-2011
[9724]
Other overlong forms are not being screened for, but one form is? 
That would also be worth a ticket.
Andreas
12-Oct-2011
[9725x3]
No, that's nothing to do with overlong forms, but with PARSE in combination 
with bitsets being broken.

Which definitely is worth a ticket.

>> parse/all #{f0} reduce [charset [#{d0}]]
== true
BrianH
12-Oct-2011
[9728]
I'm talking about the R3 version, which is a native that doesn't 
use PARSE. Do you think it's a related bug?
Andreas
12-Oct-2011
[9729x2]
Mixed up R2 and R3 here.

The above is a bug in R3, in any case.
BrianH
12-Oct-2011
[9731]
Well, if it doesn't have a ticket yet it could use one.
Andreas
12-Oct-2011
[9732x5]
Ok. R2's invalid-utf? catches all 2-byte overlong forms, but not 
all 3 or 4-byte overlong forms.

#{e080af} is an overlong form for #"/", for example.

R2>> invalid-utf? #{e080af}
R2== none

R3>> invalid-utf? #{e080af}
R3== #{e080af}

Same for the 4-byte overlong sequence #{f08080af}. R3 correctly detects 
it as wrong, R2 does not.

So, R3's invalid-utf? seems to flag overlong encodings in general. 
R2(/Forward)'s invalid-utf? only catches overlong forms for 2-byte 
sequences, but not for 3- or 4-byte sequences.
BrianH
12-Oct-2011
[9737x3]
Good - we can fix R2's version, but not easily fix R3's.

Change of subject: Has anyone sent mass emails in R3? I need to send 
some (legitimately, internally) from data that R3 processed.

What about 5 or 6 byte overlong forms?
Ladislav
12-Oct-2011
[9740x2]
http://issue.cc/r3/1894

(a crash report)
BrianH
12-Oct-2011
[9742]
APPEND ? Why not WRITE ? Still, it shouldn't crash.
Ladislav
12-Oct-2011
[9743x2]
Well, APPEND PORT "^/" actually works. Just APPEND PORT NEWLINE does 
not

Regarding the http://issue.cc/r3/1893


The USE-RULE/NO-REBIND variant can serve as an example of a case, 
where "early binding to function context" would make the code more 
flexible.
Ashley
1-Nov-2011
[9745x2]
How do you load a DLL in R3? In R2 I'd code:

	*lib: load/library %sqlite3.dll

 version: make routine! [return: [string!]] *lib "sqlite3_libversion"


but the R3 'load native doesn't have a /library refinement any more. 
It also seems that routine! has been replaced with library!

On a separate note, I want to standardize on either R2 or R3 for 
work (no GUI or SDK required). What are the advantages of R3 compared 
to R2 at present, and what (apart from GUI and SDK) can R2 do that 
R3 can't?
older
newer		first
last