From: Andy Wingo <wingo@pobox.com>
To: Ian Price <ianprice90@googlemail.com>
Cc: 13827@debbugs.gnu.org
Subject: bug#13827: faulty range check in bytevector accessor
Date: Wed, 13 Mar 2013 13:55:14 +0100 [thread overview]
Message-ID: <87k3pbh32l.fsf@pobox.com> (raw)
In-Reply-To: <87liaay0o1.fsf@Kagami.home> (Ian Price's message of "Wed, 27 Feb 2013 02:02:06 +0000")
On Wed 27 Feb 2013 03:02, Ian Price <ianprice90@googlemail.com> writes:
> Branch: master
> Commit: 9b977c836bf147d386944c401113aba32776fa68
> System: 32 bit x86 Fedora 16
>
> (use-modules (rnrs bytevectors))
> (define not-32-bit (expt 2 32))
> (define bv (make-bytevector 4))
> (bytevector-u32-set! bv 0 not-32-bit (endianness big))
> (pk bv)
>
> Running this gives me a core dump. It happens for a wide range of values
> that don't fit in 32 bits.
>
> After some talk on #guile, Mark and I believe it comes down to the range
> check in INTEGER_ACCESSOR_PROLOGUE in bytevectors.c
Something like this look right to you?
--- a/libguile/bytevectors.c
+++ b/libguile/bytevectors.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
+/* Copyright (C) 2009, 2010, 2011, 2012, 2013 Free Software Foundation, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
@@ -82,12 +82,12 @@
_sign char *c_bv; \
\
SCM_VALIDATE_BYTEVECTOR (1, bv); \
- c_index = scm_to_uint (index); \
+ c_index = scm_to_size_t (index); \
\
c_len = SCM_BYTEVECTOR_LENGTH (bv); \
c_bv = (_sign char *) SCM_BYTEVECTOR_CONTENTS (bv); \
\
- if (SCM_UNLIKELY (c_index + ((_len) >> 3UL) - 1 >= c_len)) \
+ if (SCM_UNLIKELY (c_index >= c_len)) \
scm_out_of_range (FUNC_NAME, index);
/* Template for fixed-size integer access (only 8, 16 or 32-bit). */
--
http://wingolog.org/
next prev parent reply other threads:[~2013-03-13 12:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-27 2:02 bug#13827: faulty range check in bytevector accessor Ian Price
2013-02-27 2:30 ` Mark H Weaver
2013-02-27 11:42 ` Ludovic Courtès
2013-02-28 1:38 ` Mark H Weaver
2013-02-28 20:20 ` Ian Price
2013-03-13 12:55 ` Andy Wingo [this message]
2013-03-13 14:37 ` Andy Wingo
2014-07-28 14:35 ` Ben Rocer
2016-06-20 15:16 ` Andy Wingo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k3pbh32l.fsf@pobox.com \
--to=wingo@pobox.com \
--cc=13827@debbugs.gnu.org \
--cc=ianprice90@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).