[lnkForumImage]
TotalShareware - Download Free Software

Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Re: [Security] Ruby 1.8.6-pl369 released

Yukihiro Matsumoto

6/11/2009 6:38:00 AM

Hi,

In message "Re: [Security] Ruby 1.8.6-pl369 released"
on Thu, 11 Jun 2009 07:19:45 +0900, Michal Suchanek <hramrach@centrum.cz> writes:

|> Could be, if we can define "reasonable range".
|
|Perhaps it could be set by a variable (like $KCODE).

I, sort of, hesitate to introduce a new global state to the library.

|It might be useful to make it somewhat $SAFE dependent, too.

Possible.

|However, what is the issue here, exactly?
|
|Is it that a BigDecimal can have a large exponent for which zeroes
|have to be generated while converting to a Bignum?

Basically. A huge BigDecimal could occupies large amount of memory,
and consumes a lot of computational time. It is fundamental, but
bothering sometimes.

matz.

4 Answers

Michal Suchanek

6/11/2009 12:07:00 PM

0

2009/6/11 Yukihiro Matsumoto <matz@ruby-lang.org>:
> Hi,
>
> In message "Re: [Security] Ruby 1.8.6-pl369 released"
> =C2=A0 =C2=A0on Thu, 11 Jun 2009 07:19:45 +0900, Michal Suchanek <hramrac=
h@centrum.cz> writes:
>
> |> Could be, if we can define "reasonable range".
> |
> |Perhaps it could be set by a variable (like $KCODE).
>
> I, sort of, hesitate to introduce a new global state to the library.

The only way to work around this is by a global state of "reasonably
large exponent" which can be either fixed or configurable at runtime.

If that solution is accepted it should better be configurable. It
could be even set to Inf by default for compatiblitity and people who
anticipate this could be a problem or were bitten by the issue already
can set it lower.

>
> |It might be useful to make it somewhat $SAFE dependent, too.
>
> Possible.
>
> |However, what is the issue here, exactly?
> |
> |Is it that a BigDecimal can have a large exponent for which zeroes
> |have to be generated while converting to a Bignum?
>
> Basically. =C2=A0A huge BigDecimal could occupies large amount of memory,
> and consumes a lot of computational time. =C2=A0It is fundamental, but
> bothering sometimes.
>

Then introducing an exponent to Bignum could probably resolve this
particular issue.

Truncating a Decimal should be easy and just shifting the exponent so
that no decimal digits remain should be reasonably fast as well.

This would, however, mean an incompatible change to Bignum because it
would have to track the number of zeroes which were left out. And
adding 1 to the resulting Bignum would still require the zeroes to be
generated.


Thanks

Michal

Charles O Nutter

6/11/2009 11:22:00 PM

0

On Thu, Jun 11, 2009 at 1:37 AM, Yukihiro Matsumoto<matz@ruby-lang.org> wro=
te:
> Basically. =C2=A0A huge BigDecimal could occupies large amount of memory,
> and consumes a lot of computational time. =C2=A0It is fundamental, but
> bothering sometimes.

FWIW, the Java BigDecimal "to_f"/"to_i" behavior runs forever too, so
they've never opted to add a safeguard all these year.

JRuby may just defer to that behavior, but I did add an exponent check
in to_f for now.

- Charlie

Gregory Brown

6/12/2009 12:22:00 AM

0

On Thu, Jun 11, 2009 at 8:06 AM, Michal Suchanek<hramrach@centrum.cz> wrote=
:
> 2009/6/11 Yukihiro Matsumoto <matz@ruby-lang.org>:
>> Hi,
>>
>> In message "Re: [Security] Ruby 1.8.6-pl369 released"
>> =A0 =A0on Thu, 11 Jun 2009 07:19:45 +0900, Michal Suchanek <hramrach@cen=
trum.cz> writes:
>>
>> |> Could be, if we can define "reasonable range".
>> |
>> |Perhaps it could be set by a variable (like $KCODE).
>>
>> I, sort of, hesitate to introduce a new global state to the library.
>
> The only way to work around this is by a global state of "reasonably
> large exponent" which can be either fixed or configurable at runtime.
>
> If that solution is accepted it should better be configurable. =A0It
> could be even set to Inf by default for compatiblitity and people who
> anticipate this could be a problem or were bitten by the issue already
> can set it lower.

I like that idea.

-greg

Ed Chapin

12/5/2011 8:21:00 AM

0

My first, at my first Grateful Dead concert. It bore on the front an
elaborate screening of the band standing around a natural pool, band
members' reflections appearing on the rippled surface as skeletons--
splattered up nicely with color and artist-signed by Judy O..

I didn't purchase it. It was a gift.

Ed