On 21 Feb 2013, at 12:09, Jens Alfke <j...@mooseyard.com> wrote: > > On Feb 20, 2013, at 8:39 PM, Gerriet M. Denkmann <gerr...@mdenkmann.de> wrote: > >> They are using $null to stand for nil. Which does not play nice with >> NSArrays (and other containers), which cannot contain nil. > > Plus, the object @“$null” is not the same as a nil pointer, so this is bad > whether or not a container can contain nil. > > This makes NSArchiver no: NSArchiver is ok (though kind of frowned upon) NSKeyedArchiver is the silly one. > a bad idea for _any_ data structure that can contain user (or worse, remote) > input, since things will presumably start to break if the user enters “$null” > into the right fields. (This makes me want to start entering that into > various text fields in apps to see what will happen…) :-p Just make a nib (or xib) file with some label or button title of $null and see what happens.
> > — there’s probably a way to use it to pwn some Mac or iOS software, if a > creative enough hacker gets ahold of it. I am not so sure. I have only noticed that NSKeyedUnarchiver turns arrays with $null into empty arrays. (And dictionaries, which have their keys and values stored as two arrays turn out to have a mismatch between number of keys and values). But another bug looks rather promising: feed strings with illegal Unicode to NSArchiver and see what happens. Did this (by accident) the other day. NSArchiver did not return, there was no exception, the app did not crash. Not sure what was going on. Kind regards, Gerriet. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
