[QuickCheck] Status of Haskell Platform 2014.2.0.0
Mark Lentczner
mark.lentczner at gmail.com
Tue Jul 15 23:14:37 BST 2014
On Tue, Jul 15, 2014 at 1:59 PM, Bryan O'Sullivan <bos at serpentine.com>
wrote:
> Well, it was rather late to hear that you weren't going to upgrade
> attoparsec, too ;-)
>
On Sun, Mar 30, 2014 at 1:06 PM, Mark Lentczner <mark.lentczner at gmail.com>
wrote:
> SO, In anticipation of releasing a HP shortly (1 month?) after GHC 7.8...
> I'd like to get going on nailing down package versions.
>
>
, incLib "attoparsec" "0.10.4.0"
>
> In brief, an attacker can DoS a user of attoparsec by handing them a
> floating point number with a sufficiently large exponent (e.g.
> 1e1000000000). This will cause it to try to create an Integer with the
> given number of digits, thus possibly OOMing a machine or crashing a
> process.
>
But only if you use the Data.Atooparsec.Text parsers double, number, and
rational parser, right?
- Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://projects.haskell.org/pipermail/quickcheck/attachments/20140715/30fe4912/attachment-0001.htm>
More information about the QuickCheck
mailing list