Andi,
Well, majority of the places where it is used right now can be abused through user input.
PHP 4/5: overly long constant names defined(str_repeat("a", 1024 * 1024 * 6)); PHP5: overly long class & method names PHP5: overly long function name
I don't quite understand how this can be abused by user input (unless maybe the developer is doing something very weird). In class/method/function names alloca() is important because of the strtolower() which is crucial for performance. Allocating dynamic memory each time sucks. Then again we could add an extra if() and use a static buffer if the name is reasonable length but I'm not sure it's worth the effort and uglier code.
PHP5/Interbase: too many arguments passed to some functions. PHP5/pcntl: too many arguments passed to pcntl_exec() PHP5/wddx: long datetime field. PHP5/SOAP: some instances where length is could be too long (if request/response is doctored)
These places might benefit from going to emalloc(). They should like places which are slow anyway so I'm not sure the extra allocation would be a big deal.
Thanks for the overview. Andi
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
