Skip to content
Permalink
Browse files

Make sure we only keep 100 formats around

To prevent a DOS attack by eating memory by generating many, many different
format specifications.
  • Loading branch information...
lizmat committed Apr 9, 2019
1 parent 12a094a commit 7201d89e5a6cf07ce0f911ed6c4b5dd73f70bb73
Showing with 7 additions and 3 deletions.
  1. +7 −3 src/core/Rakudo/Internals/Sprintf.pm6
@@ -398,14 +398,18 @@ say $code;

# actual workhorse for sprintf()
my $format-lock := Lock.new; # allow multiple threads to create formats
my %FORMATS; # where we keep our formats
my $FORMATS := nqp::hash; # where we keep our formats
method SPRINTF(Str:D $format, @args --> Str:D) {
$format-lock.protect: {
if %FORMATS.AT-KEY($format) -> &process {
if nqp::atkey($FORMATS,$format) -> &process {
process(@args);
}
else {
%FORMATS.BIND-KEY($format,create-format($format))(@args)
nqp::deletekey(
$FORMATS,
nqp::iterkey_s(nqp::shift(nqp::iterator($FORMATS)))
) if nqp::elems($FORMATS) == 100;
nqp::bindkey($FORMATS,$format,create-format($format))(@args)
}
}
}

0 comments on commit 7201d89

Please sign in to comment.
You can’t perform that action at this time.