[Expat-discuss] New API: XML_FreeContentModel
Fred L. Drake, Jr.
fdrake at acm.org
Thu Jan 16 15:51:08 EST 2003
Karl Waclawek writes:
> Does thise mean you guys want both? XML_FreeContentModel and the
> memory functions?
Yes.
> > This is much better as far as I'm concerned, and alleviates the issues
> > I had with the XML_GetMemSuite() approach. Since it solves all the
> > use cases I know of,
>
> Which use cases did you think of? And what were your issues?
I was thinking of the original use case someone had asked for this
feature for; I don't remember the details, but the requestor wanted to
layer some functionality into the handlers and therefore share the
same allocator.
The big issue I had was that we'd have yet another XML_Get*()
function, but still the gets and sets would be very asymetric.
Defining functionality-oriented functions (XML_MemAlloc(), etc.)
avoids the weird, haphazard API that was evolving with get functions.
> I just remembered we discussed another memory handling related
> topic a while back. The goal was to find a way for Expat to track
> memory allocations in order to be able to counteract one
> of those "a million laughs" XML attacks. However, I believe we
> found that we would have to add an XML_Parser parameter to
> the memory (de)allocation calls to be able to track this on
> a per instance basis.
>
> Any thoughts? Should this be considered?
I think not for 1.x. *Maybe* for 2.0. There didn't seem to be much
concern about the "million laughs" attack on this list, so I don't see
a lot of pressure to deal with it. If I'm wrong on this, our users
need to tell us, and indicate whether this solution would actually
make sense for them.
> So, just to make sure: what is the final proposal?
- Add XML_FreeContentModel(), as you proposed.
- Add XML_MemAlloc(), XML_MemRealloc(), XML_MemFree(), as Jeremy
proposed.
- I'll write the docs. ;-)
-Fred
--
Fred L. Drake, Jr. <fdrake at acm.org>
PythonLabs at Zope Corporation
More information about the Expat-discuss
mailing list