You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now that all pointer reads/writes can report failure, we should implement the checks detailed in Security Considerations to prevent amplification attacks and stack overflow DoS attacks.
I'm imagining this will be implemented by adding the counters to Struct and List. However, this has the side-effect that pointers to the same object from different paths will not be equal based on Go's == operator. This is mitigated because in valid Cap'n Proto messages, "no more than one pointer can point at each object", according to the spec. Because of the relatively little utility, the lack of documentation in this library around depending on this behavior, this seems reasonable to me.
The text was updated successfully, but these errors were encountered:
Now that all pointer reads/writes can report failure, we should implement the checks detailed in Security Considerations to prevent amplification attacks and stack overflow DoS attacks.
I'm imagining this will be implemented by adding the counters to
Struct
andList
. However, this has the side-effect that pointers to the same object from different paths will not be equal based on Go's==
operator. This is mitigated because in valid Cap'n Proto messages, "no more than one pointer can point at each object", according to the spec. Because of the relatively little utility, the lack of documentation in this library around depending on this behavior, this seems reasonable to me.The text was updated successfully, but these errors were encountered: