proposal: bytes: trim cap on Buffer.Bytes result #59570
Comments
|
#42986 also raised the capacity issue. |
|
The result of Bytes() is already documented as only valid until the next modification. |
|
@seankhliao I didn't say otherwise. What you are writing is already clearly marked in the documentation and I have acknowledged that ("I know this a flawed assumption"). I didn't claim either to fix code which uses bytes.Buffer incorrectly. I just think it would be wise to mitigate some of the side-effects of that kind of broken code. |
|
I'm generally in favor of this semantic, but I don't see how we can change this today without breaking existing programs. Before the addition of |
|
@dsnet I can't find |
|
See #53685. |
|
Ah, |
|
This proposal has been added to the active column of the proposals project |
rsc
changed the title
|
I agree that this seems infeasible. |
|
This proposal has been declined as retracted. |
The current implementation of
bytes.Buffer.Bytes()is:In this implementation the capacity of the returned slice is the full capacity of internal storage of the
Buffer. This has the following issues:Buffer.Capwith requires direct access to theBufferobject)Bytes()result (I know this a flawed assumption), anappendcould write toBuffer's internal storage (but I don't see a way it could be exploited besides the fact that this internal storage might be he initial slice passed tobytes.NewBufferwhich might be shared somewhere else).I propose to limit the capactity of the returned slice to the strict size of the data returned. I think that this could also reduce exploit vectors in the (flawed) case of a bad use of the Buffer API (which might happen unexpectedly if the result of
Bytes()is passed without care through multiple layers of libraries).Proposed implementation:
A similar change would also be applied to
Buffer.Next(int).The text was updated successfully, but these errors were encountered: