From: Mark H Weaver <mhw@netris.org>
To: Josh Datko <jbd@cryptotronix.com>
Cc: 32938@debbugs.gnu.org
Subject: bug#32938: guile 2.2.4 crashes (u8-list->bytevector (make-bytevector 32 0))
Date: Thu, 04 Oct 2018 19:49:21 -0400 [thread overview]
Message-ID: <875zyhi872.fsf@netris.org> (raw)
In-Reply-To: <CAPRRyU=M6MOV22SGkni=pLOZ_1U44qcCQ7J4FVpY-7DN-kajWw@mail.gmail.com> (Josh Datko's message of "Thu, 4 Oct 2018 16:47:14 -0600")
Josh Datko <jbd@cryptotronix.com> writes:
> If you try to convert a bytevector, to a bytevector, using
> u8-list->bytevector, guile crashes.
>
> $ guile -q
> GNU Guile 2.2.4
> Copyright (C) 1995-2017 Free Software Foundation, Inc.
>
> Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
> This program is free software, and you are welcome to redistribute it
> under certain conditions; type `,show c' for details.
>
> Enter `,help' for help.
> scheme@(guile-user)> (use-modules (rnrs bytevectors))
> scheme@(guile-user)> (u8-list->bytevector (make-bytevector 32 0))
> [1] 126190 abort (core dumped) guile -q
Indeed, the code in 'u8-list->bytevector' that's supposed to validate
that its argument is a list, is broken.
'u8-list->bytevector' uses the SCM_VALIDATE_LIST_COPYLEN macro to
validate the list and simultaneously compute its length. That macro
implicitly assumes that its third operand will be a variable of type
'long', because the result of 'scm_ilength' is assigned to it, and
'scm_ilength' returns a 'long'.
After storing the result to the variable, it checks to see if the result
is negative, which would indicate that the operand wasn't a proper list.
The bytevector operations that convert integer lists to bytevectors pass
a variable of type 'size_t' to SCM_VALIDATE_LIST_COPYLEN. Since
'size_t' is unsigned, the -1 result from 'scm_ilength' was interpreted
as ULONG_MAX instead.
Thanks for the report.
Mark
next prev parent reply other threads:[~2018-10-04 23:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 22:47 bug#32938: guile 2.2.4 crashes (u8-list->bytevector (make-bytevector 32 0)) Josh Datko
2018-10-04 23:49 ` Mark H Weaver [this message]
2018-10-14 6:29 ` Mark H Weaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875zyhi872.fsf@netris.org \
--to=mhw@netris.org \
--cc=32938@debbugs.gnu.org \
--cc=jbd@cryptotronix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).