Small optimization.
Created attachment 319398 [details] Patch
This is usually a win. I wonder though whether we want this in case of corrupted data. We might end-up allocating very large memory chunks for nothing.
Comment on attachment 319398 [details] Patch Not OK for IPC for security reasons. This has been discussed in the past.
Created attachment 319400 [details] Patch
(In reply to Chris Dumez from comment #3) > Comment on attachment 319398 [details] > Patch > > Not OK for IPC for security reasons. This has been discussed in the past. Can you elaborate more or link me to discussion of this, I’m curious. Is this just to defend against large sized things?
(In reply to Saam Barati from comment #5) > (In reply to Chris Dumez from comment #3) > > Comment on attachment 319398 [details] > > Patch > > > > Not OK for IPC for security reasons. This has been discussed in the past. > > Can you elaborate more or link me to discussion of this, I’m curious. Is > this just to defend against large sized things? It is because you cannot trust the input data (In the case of IPC, the message may come from a compromised process. In the case of persistence, the file on disk may have been compromised/modified). Therefore, you cannot trust that the |size| value matches the number of items encoded. It is therefore unsafe to use uncheckedAppend(). Using reserveInitialCapacity() (as in the latest iteration), is fine AFAIK.
(In reply to Chris Dumez from comment #6) > (In reply to Saam Barati from comment #5) > > (In reply to Chris Dumez from comment #3) > > > Comment on attachment 319398 [details] > > > Patch > > > > > > Not OK for IPC for security reasons. This has been discussed in the past. > > > > Can you elaborate more or link me to discussion of this, I’m curious. Is > > this just to defend against large sized things? > > It is because you cannot trust the input data (In the case of IPC, the > message may come from a compromised process. In the case of persistence, the > file on disk may have been compromised/modified). Therefore, you cannot > trust that the |size| value matches the number of items encoded. It is > therefore unsafe to use uncheckedAppend(). Using reserveInitialCapacity() > (as in the latest iteration), is fine AFAIK. I tried to find the bugzilla where this was previously discussed but could not find it. I remember it was my patch and Anders explained to me why this wasn't OK though.
We have decided not do to this, as Chris says.