binary_to_term and Leaking Atoms

Jayson Vantuyl kagato@REDACTED
Fri Oct 2 06:42:54 CEST 2009


I'm working on a network protocol.  The easy way to do it is just use  
term_to_binary and binary_to_term.  There is one problem, though.

I don't necessarily trust the sender of these binaries.  It seems that  
decoding them should be relatively safe, except for the potential for  
someone to leak atoms by creating a large number of atoms until I run  
out of memory.  I presume this sort of thing is the reason that  
binary_to_existing_atom (and list_to_existing_atom) were created.

A few questions:

1.  Is there any facility to "safely" decode binaries?

2.  If not, is it likely that there will be one added?  Perhaps  
binary_to_term/2 (with a "existing_atoms_only" option)?

3.  Are there any other dangers I should be aware of when using  
binary_to_term? For example, despite the fact that I don't intend to  
use them anywhere, are there any reasons to fear decoding fun's?

Bonus question:

Are binaries checksummed internally or when stored with dets?

Thanks,

-- 
Jayson Vantuyl
kagato@REDACTED







More information about the erlang-questions mailing list