bug#38348: [2.9.5] Stack overflow when stdout is closed

bug#38348: [2.9.5] Stack overflow when stdout is closed

[Ludovic Courtès]

Hello!

Guile 2.9.5 segfaults from a C stack overflow when you start it with a
closed stdout:

  /gnu/store/7vwf3nhiacxc2jgcg43w22px4ds3rb36-guile-next-2.9.5/bin/guile -c '(pk 1)' >&-

The backtrace looks like this:

--8<---------------cut here---------------start------------->8---
(gdb) bt -30
#312742 0x00007f2ea9b2961f in scm_error (key=wrong-type-arg, subr=subr@entry=0x0, message=message@entry=0x7f2ea9bcafb6 "Wrong type (expecting ~A): ~S", 
    args=("output port" #f), rest=rest@entry=(#f)) at error.c:62
#312743 0x00007f2ea9b299a4 in scm_wrong_type_arg_msg (subr=subr@entry=0x0, pos=pos@entry=0, bad_value=bad_value@entry=#f, 
    szMessage=szMessage@entry=0x7f2ea9bc98a5 "output port") at error.c:275
#312744 0x00007f2ea9b755bd in scm_puts (s=s@entry=0x7f2ea9bd92c0 "Pre-boot error; key: ", port=port@entry=#f) at ports.c:3625
#312745 0x00007f2ea9ba468c in scm_throw (key=key@entry=wrong-type-arg, args=(#f "Wrong type (expecting ~A): ~S" ("output port" #f) (#f))) at throw.c:247
#312746 0x00007f2ea9ba4809 in scm_ithrow (key=key@entry=wrong-type-arg, args=<optimized out>, no_return=no_return@entry=1) at throw.c:448
#312747 0x00007f2ea9b29585 in scm_error_scm (key=key@entry=wrong-type-arg, subr=<optimized out>, message=message@entry="Wrong type (expecting ~A): ~S", 
    args=args@entry=("output port" #f), data=data@entry=(#f)) at error.c:90
#312748 0x00007f2ea9b2961f in scm_error (key=wrong-type-arg, subr=subr@entry=0x0, message=message@entry=0x7f2ea9bcafb6 "Wrong type (expecting ~A): ~S", 
    args=("output port" #f), rest=rest@entry=(#f)) at error.c:62
#312749 0x00007f2ea9b299a4 in scm_wrong_type_arg_msg (subr=subr@entry=0x0, pos=pos@entry=0, bad_value=bad_value@entry=#f, 
    szMessage=szMessage@entry=0x7f2ea9bc98a5 "output port") at error.c:275
#312750 0x00007f2ea9b755bd in scm_puts (s=s@entry=0x7f2ea9bd92c0 "Pre-boot error; key: ", port=port@entry=#f) at ports.c:3625
#312751 0x00007f2ea9ba468c in scm_throw (key=key@entry=misc-error, args=("scm_fdes_to_port" "requested file mode not available on fdes" () #f)) at throw.c:247
#312752 0x00007f2ea9ba4809 in scm_ithrow (key=key@entry=misc-error, args=<optimized out>, no_return=no_return@entry=1) at throw.c:448
#312753 0x00007f2ea9b29585 in scm_error_scm (key=key@entry=misc-error, subr=<optimized out>, message=message@entry="requested file mode not available on fdes", 
    args=args@entry=(), data=data@entry=#f) at error.c:90
#312754 0x00007f2ea9b2961f in scm_error (key=misc-error, subr=subr@entry=0x7f2ea9bcd320 "scm_fdes_to_port", 
    message=message@entry=0x7f2ea9bcd380 "requested file mode not available on fdes", args=args@entry=(), rest=rest@entry=#f) at error.c:62
#312755 0x00007f2ea9b29a02 in scm_misc_error (subr=subr@entry=0x7f2ea9bcd320 "scm_fdes_to_port", 
    message=message@entry=0x7f2ea9bcd380 "requested file mode not available on fdes", args=args@entry=()) at error.c:295
#312756 0x00007f2ea9b39138 in scm_i_fdes_to_port (fdes=1, mode_bits=1024, name=name@entry=#f, options=options@entry=1) at fports.c:429
#312757 0x00007f2ea9b3958b in scm_fdes_to_port (fdes=<optimized out>, mode=<optimized out>, name=name@entry=#f) at fports.c:457
#312758 0x00007f2ea9b43bc1 in stream_body (data=<optimized out>) at init.c:170
#312759 0x00007f2ea9b2c87a in scm_c_with_exception_handler (type=type@entry=#t, handler=handler@entry=0x7f2ea9ba41f0 <catch_post_unwind_handler>, 
    handler_data=handler_data@entry=0x7ffe000e2810, thunk=thunk@entry=0x7f2ea9ba4330 <catch_body>, thunk_data=thunk_data@entry=0x7ffe000e2810) at exceptions.c:170
#312760 0x00007f2ea9ba452d in scm_c_catch (tag=tag@entry=#t, body=body@entry=0x7f2ea9b43bb0 <stream_body>, body_data=body_data@entry=0x7ffe000e2880, 
    handler=handler@entry=0x7f2ea9b43b10 <stream_handler>, handler_data=handler_data@entry=0x0, pre_unwind_handler=pre_unwind_handler@entry=0x0, 
    pre_unwind_handler_data=0x0) at throw.c:168
#312761 0x00007f2ea9ba454e in scm_internal_catch (tag=tag@entry=#t, body=body@entry=0x7f2ea9b43bb0 <stream_body>, body_data=body_data@entry=0x7ffe000e2880, 
    handler=handler@entry=0x7f2ea9b43b10 <stream_handler>, handler_data=handler_data@entry=0x0) at throw.c:177
#312762 0x00007f2ea9b43b8e in scm_standard_stream_to_port (fdes=fdes@entry=1, mode=0x7f2ea9bcbddd "w") at init.c:198
#312763 0x00007f2ea9b43f64 in scm_init_standard_ports () at init.c:225
#312764 scm_i_init_guile (base=<optimized out>) at init.c:502
#312765 0x00007f2ea9ba2f68 in scm_i_init_thread_for_guile (base=0x7ffe000e2918, dynamic_state=<error reading variable: ERROR: Cannot access memory at address 0x0>0x0)
    at threads.c:570
#312766 0x00007f2ea9ba2f99 in with_guile (base=0x7ffe000e2918, data=0x7ffe000e2940) at threads.c:638
#312767 0x00007f2ea9a88a68 in GC_call_with_stack_base () from /gnu/store/3xs3dnc28p9fi8in7hkfcdx20incrdvq-libgc-7.6.12/lib/libgc.so.1
#312768 0x00007f2ea9ba32e8 in scm_i_with_guile (dynamic_state=<optimized out>, data=data@entry=0x7ffe000e2940, func=func@entry=0x7f2ea9b43b20 <invoke_main_func>)
    at threads.c:688
#312769 scm_with_guile (func=func@entry=0x7f2ea9b43b20 <invoke_main_func>, data=data@entry=0x7ffe000e2970) at threads.c:694
#312770 0x00007f2ea9b43cd2 in scm_boot_guile (argc=argc@entry=17, argv=argv@entry=0x7ffe000e2ac8, main_func=main_func@entry=0x401240 <inner_main>, 
    closure=closure@entry=0x0) at init.c:321
#312771 0x0000000000401100 in main (argc=17, argv=0x7ffe000e2ac8) at guile.c:95
--8<---------------cut here---------------end--------------->8---

I noticed it because the silent rule in the Makefile of GnuTLS does this:

--8<---------------cut here---------------start------------->8---
%.go: %.scm modules/gnutls.scm
	$(AM_V_GUILEC)$(MKDIR_P) "`dirname "$@"`" ;			\
	$(AM_V_P) && out=1 || out=- ;					\
	unset GUILE_LOAD_COMPILED_PATH ; LC_ALL=C			\
	GUILE_AUTO_COMPILE=0 $(CROSS_COMPILING_VARIABLE)		\
	GNUTLS_GUILE_EXTENSION_DIR="$(abs_top_builddir)/guile/src"	\
	$(GUILD) compile --target="$(host)"				\
	  -L "$(top_builddir)/guile/modules"				\
	  -L "$(top_srcdir)/guile/modules"				\
	  -Wformat -Wunbound-variable -Warity-mismatch			\
	  -o "$@" "$<" >&$$out
--8<---------------cut here---------------end--------------->8---

I suspect the same trick can be found elsewhere.

Thanks,
Ludo’.

bug#38348: [2.9.5] Stack overflow when stdout is closed

[Andy Wingo]

Hey :)

On Sat 23 Nov 2019 17:46, Ludovic Courtès <ludo@gnu.org> writes:

> Hello!
>
> Guile 2.9.5 segfaults from a C stack overflow when you start it with a
> closed stdout:
>
>   /gnu/store/7vwf3nhiacxc2jgcg43w22px4ds3rb36-guile-next-2.9.5/bin/guile -c '(pk 1)' >&-

Fixed, thanks!

Cheers,

Andy

bug#38348: [2.9.5] Stack overflow when stdout is closed

[Ludovic Courtès]

Hi,

Ludovic Courtès <ludo@gnu.org> skribis:

> Guile 2.9.5 segfaults from a C stack overflow when you start it with a
> closed stdout:
>
>   /gnu/store/7vwf3nhiacxc2jgcg43w22px4ds3rb36-guile-next-2.9.5/bin/guile -c '(pk 1)' >&-
>
> The backtrace looks like this:
>
> (gdb) bt -30
> #312742 0x00007f2ea9b2961f in scm_error (key=wrong-type-arg, subr=subr@entry=0x0, message=message@entry=0x7f2ea9bcafb6 "Wrong type (expecting ~A): ~S", 
>     args=("output port" #f), rest=rest@entry=(#f)) at error.c:62
> #312743 0x00007f2ea9b299a4 in scm_wrong_type_arg_msg (subr=subr@entry=0x0, pos=pos@entry=0, bad_value=bad_value@entry=#f, 
>     szMessage=szMessage@entry=0x7f2ea9bc98a5 "output port") at error.c:275
> #312744 0x00007f2ea9b755bd in scm_puts (s=s@entry=0x7f2ea9bd92c0 "Pre-boot error; key: ", port=port@entry=#f) at ports.c:3625

In 2.9.6 the stack overflow is fixed (yay!) but we still get the error
above:

--8<---------------cut here---------------start------------->8---
$ guile --version >&-
Error while printing pre-boot error: wrong-type-arg
Abortita(nekropsio elŝutita)
$ guile --version
guile (GNU Guile) 2.9.6
Copyright (C) 2019 Free Software Foundation, Inc.

License LGPLv3+: GNU LGPL 3 or later <http://gnu.org/licenses/lgpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
--8<---------------cut here---------------end--------------->8---

Ludo’.

bug#38348: [2.9.5] Stack overflow when stdout is closed

[Ludovic Courtès]

Ludovic Courtès <ludo@gnu.org> skribis:

> In 2.9.6 the stack overflow is fixed (yay!) but we still get the error
> above:
>
> $ guile --version >&-
> Error while printing pre-boot error: wrong-type-arg
> Abortita(nekropsio elŝutita)
> $ guile --version
> guile (GNU Guile) 2.9.6
> Copyright (C) 2019 Free Software Foundation, Inc.
>
> License LGPLv3+: GNU LGPL 3 or later <http://gnu.org/licenses/lgpl.html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.

This is definitely fixed in 3.0.0.  Thanks, Andy!

Ludo’.