[plt-scheme] Is read safe for untrusted data?

From: Robby Findler (robby at cs.uchicago.edu)
Date: Fri Aug 5 08:48:17 EDT 2005

Read will not do any evaluation, but might allocate an arbitrary amount
of memory. You can use the 3m collectors with custodian-limit-memory to
control this, or you might use read-bytes-avail and friends to limit
the amount of data you read.


You can efficiently limit the buffer size with the read-avail

At Fri, 05 Aug 2005 21:01:05 +1000, Jepri wrote:
>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> Hi,
> I've looked around a bit for an answer to this question but I think at 
> some point I do need to ask the implementors.  Is the (read port) 
> function ok for untrusted data?  Could I  make an internet server where 
> I (read ) straight from the port, and then check the s-expressions I get 
> from read?  I'm worried about unwanted code execution, overflows etc.  
> The documentation implies that it should be ok to do this, but doesn't 
> really say it outright.
> I don't mind using read-char or something to clean the input first, I'd 
> just like to avoid back dooring my server.
> TIA,
> Jeremy

Posted on the users mailing list.