科技回声

6 条评论

twoodfin超过 11 年前

I'm not a Python geek, but I found the C implementation for unicode strings in CPython really interesting code reading:<p><a href="http://hg.python.org/cpython/file/tip/Objects/unicodeobject.c" rel="nofollow">http://hg.python.org/cpython/file/tip/Objects/unicodeobject....</a><p>CPython supports several internal representations from one to four bytes per character to optimize for space and performance. There's also a nifty sort of Bloom filter for quick discrimination of strings that might contain characters of interest.

评论 #6780771 未加载

excitom超过 11 年前

When working as an AIX kernel program in 1985, I set registers to a unique value so it would be easy spot code that tried to use an uninitialized value. My choice: 0xdeadbeef. Good to see that constant is still in use.

评论 #6775122 未加载

评论 #6775742 未加载

评论 #6775188 未加载

Beltiras超过 11 年前

I'm not seeing any meaningful exploits coming from this. You can maybe send a request that will fail but I can't see any sort of injection taking place.

评论 #6775448 未加载

drunkpotato超过 11 年前

That's really cool! Character encoding issues is something we wrestle with all the time, and it is surprisingly hard to reason about all the ways supposedly "string" data are handled in the course of a typical workflow. I cringe; I hadn't even considered bugs in the encoding and decoding process itself.

评论 #6775834 未加载

mzs超过 11 年前

Here's the bug (utf-7 decoder) so you don't have to login to github: <a href="http://bugs.python.org/issue19279" rel="nofollow">http://bugs.python.org/issue19279</a>

brokentone超过 11 年前

This reminds me of Godel's incompleteness theorem - which I'll poorly present as: Any system that is sufficiently complex and complete will contain legal assertions that will disprove or destroy the system. (Those that do not are not complete).<p><a href="http://en.wikipedia.org/wiki/G%C3%B6del's_incompleteness_theorems" rel="nofollow">http://en.wikipedia.org/wiki/G%C3%B6del's_incompleteness_the...</a> <a href="http://www.amazon.com/G%C3%B6del-Escher-Bach-Eternal-Golden/dp/0465026567" rel="nofollow">http://www.amazon.com/G%C3%B6del-Escher-Bach-Eternal-Golden/...</a>

评论 #6775099 未加载

评论 #6775236 未加载

评论 #6775068 未加载

6 条评论

twoodfin超过 11 年前

评论 #6780771 未加载

excitom超过 11 年前

评论 #6775122 未加载

评论 #6775742 未加载

评论 #6775188 未加载

Beltiras超过 11 年前

I'm not seeing any meaningful exploits coming from this. You can maybe send a request that will fail but I can't see any sort of injection taking place.

评论 #6775448 未加载

drunkpotato超过 11 年前

评论 #6775834 未加载

mzs超过 11 年前

Here's the bug (utf-7 decoder) so you don't have to login to github: <a href="http://bugs.python.org/issue19279" rel="nofollow">http://bugs.python.org/issue19279</a>

brokentone超过 11 年前

评论 #6775099 未加载

评论 #6775236 未加载

评论 #6775068 未加载

Building an invalid string in Python 2.x

6 条评论

Building an invalid string in Python 2.x

6 条评论