From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Newsgroups: gmane.lisp.guile.bugs
Subject: bug#60487: string-ref segfaults with n < 0 on Guile 3.0.8
Date: Mon, 16 Jan 2023 23:15:31 +0100
Message-ID: <877cxmktx8.fsf@gnu.org>
References: <b7b6bcbafd7e0fed8f044fee3ceed060@posteo.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="11732"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cc: 60487-done@debbugs.gnu.org
To: festerdam@posteo.net
Original-X-From: bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org Mon Jan 16 23:16:30 2023
Return-path: <bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org>
Envelope-to: guile-bugs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org>)
	id 1pHXmH-0002rq-J4
	for guile-bugs@m.gmane-mx.org; Mon, 16 Jan 2023 23:16:29 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guile-bounces@gnu.org>)
	id 1pHXlt-0006ir-CW; Mon, 16 Jan 2023 17:16:05 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pHXls-0006id-0y
 for bug-guile@gnu.org; Mon, 16 Jan 2023 17:16:04 -0500
Original-Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pHXlr-0006W1-9Y
 for bug-guile@gnu.org; Mon, 16 Jan 2023 17:16:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pHXlq-0003Sh-PI
 for bug-guile@gnu.org; Mon, 16 Jan 2023 17:16:02 -0500
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: bug-guile@gnu.org
Resent-Date: Mon, 16 Jan 2023 22:16:02 +0000
Resent-Message-ID: <handler.60487.D60487.167390734713268.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 60487
X-GNU-PR-Package: guile
Mail-Followup-To: 60487@debbugs.gnu.org, ludo@gnu.org, festerdam@posteo.net
Original-Received: via spool by 60487-done@debbugs.gnu.org id=D60487.167390734713268
 (code D ref 60487); Mon, 16 Jan 2023 22:16:02 +0000
Original-Received: (at 60487-done) by debbugs.gnu.org; 16 Jan 2023 22:15:47 +0000
Original-Received: from localhost ([127.0.0.1]:35137 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pHXla-0003Rv-HL
 for submit@debbugs.gnu.org; Mon, 16 Jan 2023 17:15:46 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:50136)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1pHXlV-0003Rc-G0
 for 60487-done@debbugs.gnu.org; Mon, 16 Jan 2023 17:15:45 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1pHXlP-0006SC-HT; Mon, 16 Jan 2023 17:15:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=vHtklc+/sKOn++2G9jqIKTfJ6Qm5bBnakaV0MZir5IE=; b=hrKJ2S2QfzvLfU5OY5PL
 RqzT7Wl1M/7Mt+JblOBmtC144KLl7gv0Lh8IhRGnE19I8nx7Q3MHO30cY0QnuTFxyHrLeEeQNDT0q
 5DgzjvZzz1TUfma81H9+ww9X8JbnnigXkS4W4wmAzOPBcwNEdHutiyO9lKrzALrwMe11Xi7/sDdi1
 gNpuHN0DsgoqscTOTmUc8pgJ0PlloaJWbZzji1Yj6qb30ph+NQSYHewt6g64ysInNdo+E6aRMDziL
 rcYyKrhM/KbiUNZm19RUF14W2syuN+epdOiaGZsyfckMZR1KOUM8forlaw0U6n9S0HOZSH9ScHhvT
 SMXmO3Jwu9oZmw==;
Original-Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1pHXlO-0006kd-Ev; Mon, 16 Jan 2023 17:15:35 -0500
In-Reply-To: <b7b6bcbafd7e0fed8f044fee3ceed060@posteo.net>
 (festerdam@posteo.net's message of "Mon, 02 Jan 2023 04:12:33 +0000")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guile@gnu.org
List-Id: "Bug reports for GUILE,
 GNU's Ubiquitous Extension Language" <bug-guile.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guile>,
 <mailto:bug-guile-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guile>
List-Post: <mailto:bug-guile@gnu.org>
List-Help: <mailto:bug-guile-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guile>,
 <mailto:bug-guile-request@gnu.org?subject=subscribe>
Errors-To: bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org
Original-Sender: bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.lisp.guile.bugs:10520
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.bugs/10520>

Hi,

festerdam@posteo.net skribis:

> The following code results in a segmentation fault on Guile
> 3.0.8-deb+3.0.8-2 (obtained from the Debian repositories):
>     (string-ref "my string" -3)

I can reproduce it with 3.0.8, where I get this backtrace:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (string-ref "my string" -3)

Thread 1 "guile" received signal SIGSEGV, Segmentation fault.
0x00007ffff7f419d9 in scm_is_values (x=3D<optimized out>) at values.h:30
30      values.h: No such file or directory.
(gdb) bt
#0  0x00007ffff7f419d9 in scm_is_values (x=3D<optimized out>) at values.h:30
#1  vm_debug_engine (thread=3D0x7ffff75c1d80) at vm-engine.c:974
#2  0x00007ffff7f4c5d9 in scm_call_n (proc=3D<optimized out>, argv=3D<optim=
ized out>, nargs=3D5)
    at vm.c:1610
#3  0x00007ffff7eb8571 in scm_apply_0 (proc=3D#<program 7ffff5c4e960>, args=
=3D()) at eval.c:603
#4  0x00007ffff7f3dc8d in scm_throw (key=3Dout-of-range,=20
    args=3D<error reading variable: ERROR: Cannot access memory at address =
0x0>0x7ffff2bb2c30)
    at throw.c:262
#5  0x00007ffff7f3dca9 in scm_ithrow (key=3D<optimized out>, args=3D<optimi=
zed out>,=20
    no_return=3D<optimized out>) at throw.c:457
#6  0x00007ffff7eb5245 in scm_error_scm (key=3Dkey@entry=3Dout-of-range, su=
br=3D<optimized out>,=20
    message=3Dmessage@entry=3D"Value out of range ~S to< ~S: ~S",=20
    args=3Dargs@entry=3D<error reading variable: ERROR: Cannot access memor=
y at address 0x0>0x7ffff2bb2c70, data=3Ddata@entry=3D(4611686018427387901))=
 at error.c:90
#7  0x00007ffff7eb52a0 in scm_error (key=3Dout-of-range, subr=3D0x0, messag=
e=3D<optimized out>,=20
    args=3D<error reading variable: ERROR: Cannot access memory at address =
0x0>0x7ffff2bb2c70,=20
    rest=3D(4611686018427387901)) at error.c:62
#8  0x00007ffff7f02dd7 in range_error (bad_val=3Dbad_val@entry=3D4611686018=
427387901,=20
    min=3Dmin@entry=3D<error reading variable: ERROR: Cannot access memory =
at address 0x0>0x0,=20
    max=3D#<bignum 7ffff2baeda0>) at numbers.c:6611
#9  0x00007ffff7f04dfb in scm_to_uint64 (arg=3D4611686018427387901) at inte=
gers.c:259
#10 0x00007ffff7f42215 in vm_debug_engine (thread=3D0x7ffff75c1d80) at vm-e=
ngine.c:1533
#11 0x00007ffff7f4c5d9 in scm_call_n (proc=3D<optimized out>, argv=3D<optim=
ized out>, nargs=3D1)
    at vm.c:1610
#12 0x00007ffff7eb4457 in scm_primitive_eval (exp=3D<optimized out>,=20
    exp@entry=3D((@ (ice-9 control) %) (begin (load-user-init) ((@ (ice-9 t=
op-repl) top-repl)))))
    at eval.c:671
#13 0x00007ffff7eba4b6 in scm_eval (
    exp=3D((@ (ice-9 control) %) (begin (load-user-init) ((@ (ice-9 top-rep=
l) top-repl)))),=20
    module_or_state=3D"#<struct module>" =3D {...}) at eval.c:705
#14 0x00007ffff7f1e3b6 in scm_shell (argc=3D1, argv=3D0x7fffffffd058) at sc=
ript.c:357
--8<---------------cut here---------------end--------------->8---

Fortunately, this was fixed recently in
c0004442b7691f59a0e37869ef288eb26382ad9e.

Thanks!

Ludo=E2=80=99.