From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?UTF-8?Q?G=C3=B6ran?= Weinholt Newsgroups: gmane.lisp.guile.bugs Subject: bug#14917: Missing range check in fxcopy-bit can give SIGABRT Date: Sat, 20 Jul 2013 08:57:29 +0200 Message-ID: <87y59190rq.fsf@industria.weinholt.se> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Trace: ger.gmane.org 1374303548 22395 80.91.229.3 (20 Jul 2013 06:59:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 20 Jul 2013 06:59:08 +0000 (UTC) To: 14917@debbugs.gnu.org Original-X-From: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Sat Jul 20 08:59:10 2013 Return-path: Envelope-to: guile-bugs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1V0R8H-0006J4-PH for guile-bugs@m.gmane.org; Sat, 20 Jul 2013 08:59:09 +0200 Original-Received: from localhost ([::1]:50603 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0R8H-0008Br-Bm for guile-bugs@m.gmane.org; Sat, 20 Jul 2013 02:59:09 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:60926) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0R8D-0008BT-1v for bug-guile@gnu.org; Sat, 20 Jul 2013 02:59:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1V0R8A-0002aP-Kh for bug-guile@gnu.org; Sat, 20 Jul 2013 02:59:04 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:44576) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0R8A-0002aL-Hm for bug-guile@gnu.org; Sat, 20 Jul 2013 02:59:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1V0R8A-0001nP-0l for bug-guile@gnu.org; Sat, 20 Jul 2013 02:59:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: =?UTF-8?Q?G=C3=B6ran?= Weinholt Original-Sender: "Debbugs-submit" Resent-CC: bug-guile@gnu.org Resent-Date: Sat, 20 Jul 2013 06:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 14917 X-GNU-PR-Package: guile X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-guile@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.13743034846793 (code B ref -1); Sat, 20 Jul 2013 06:59:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 20 Jul 2013 06:58:04 +0000 Original-Received: from localhost ([127.0.0.1]:38892 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1V0R7C-0001lS-RV for submit@debbugs.gnu.org; Sat, 20 Jul 2013 02:58:03 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:59003) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1V0R78-0001kf-QT for submit@debbugs.gnu.org; Sat, 20 Jul 2013 02:57:59 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1V0R72-0002Qm-KZ for submit@debbugs.gnu.org; Sat, 20 Jul 2013 02:57:53 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:49922) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0R72-0002Qe-Hr for submit@debbugs.gnu.org; Sat, 20 Jul 2013 02:57:52 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:60718) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0R71-000894-K6 for bug-guile@gnu.org; Sat, 20 Jul 2013 02:57:52 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1V0R70-0002QL-Is for bug-guile@gnu.org; Sat, 20 Jul 2013 02:57:51 -0400 Original-Received: from iustitia.weinholt.se ([2a02:28f0:0:a::7dce:e5a8]:60541) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0R70-0002Pt-8I for bug-guile@gnu.org; Sat, 20 Jul 2013 02:57:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=weinholt.se; s=iustitia2012; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=cnTBzARR/FAgwpi2dcjfINeOac8lVfUI5m8MtgczGbc=; b=PhqHygOA9TqCR6lm20Jf/bQpCUv+NSEmhLt2RCmX7ozAGOfre+kL5KpVW7iYvsjrHuIw+A5mMrBlLA0QoiNcu2d46H3PMfLF71nyjg/IIUWAc0EABWB1E1SZhY/ZbQShHwli1cg04Il4BQ2T9Ezie7Xvb8HOwWd5EPhTxC7EZkZclZpKPQvkXl3ZNrql5BvwoKjqWZoxZxJfeEK4KpWWzRMA32q8ATzaajKOkzD3nQTY2kjPzXS86974G3rVd5KWowmwa7KlNE3iHOSyjA5wP2ScJs5Lv5uaeCynWQTDTOw0XTAX7ZgJ4Ok0YUJWn4RkNKZ2FMlImgWxC5Z8ndaikw==; Original-Received: from uucp by iustitia.weinholt.se with local-bsmtp (Exim 4.72) (envelope-from ) id 1V0R6y-0003hm-FB; Sat, 20 Jul 2013 08:57:48 +0200 Original-Received: from weinholt by industria with local (Exim 4.80) (envelope-from ) id 1V0R6g-0001aT-KQ; Sat, 20 Jul 2013 08:57:30 +0200 X-Hashcash: 1:20:130720:bug-guile@gnu.org::2gXASr7epBGn374i:0000000000000000000000000000000000000000000046ZS User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-guile@gnu.org List-Id: "Bug reports for GUILE, GNU's Ubiquitous Extension Language" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Original-Sender: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.bugs:7242 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello schemers, the fxcopy-bit procedure from (rnrs) is missing some range checks. It can return a non-fixnum: scheme@(guile-user)> (import (rnrs)) scheme@(guile-user)> (fxcopy-bit 0 (fixnum-width) 1) $1 =3D 9223372036854775808 It can also crash the guile process, which is somewhat surprising for a fixnum procedure: scheme@(guile-user)> (import (rnrs)) scheme@(guile-user)> (fxcopy-bit 0 100000000000 0) FATAL: memory error in realloc Aborted Here's an alternative error message: scheme@(guile-user)> (import (rnrs)) scheme@(guile-user)> (fxcopy-bit 0 1000000000000 0) gmp: overflow in mpz type Aborted Other implementations of fxcopy-bit usually check that the third argument is 0 or 1, but I'm not sure that is required. There's also a bitwise-copy-bit procedure that is similary affected. Tested with Guile 2.0.9.40-824b-dirty on an amd64 system. Regards, =2D-=20 G=C3=B6ran Weinholt "Mr. Crane, please remember you're not required to answer any of Lt. Tragg's questions. As a matter of fact, don't even discuss the weather with him, he can be very persuasive." -- Perry Mason --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJR6jTaAAoJEOM+YaLpuMOi0FsP/i+YqNZlvwEiAvs1DOjHe7r2 iaOd086En1Vg/XwI5dp85AM2LrlnyZqX4vMmiLagMzKNVw8bu8IHJiU97kdXfOg+ QEIiZHQA2bxmi8K497EQbbJ+ZofO7Mqm+7M4mYa4BQjAuS4fvQjvKm9He7hLui63 sdJvhgtTfIVXfrNd20gkzW9sStM1wJyEF7ToCFsTvAgT3pn+QdJ4RxbRx2gLiJUD yeBgQSNUWZh6G+AXn7sx5oVLPmrg7HLimsn89W2XLjahT7RDVx+7KeqqMLul0514 ys+i1HNFqDRMaKyq+UMPregwbSHvQDkXC0TLNWWXcgoUpGZd4v1rOlgYb0xcU6ku LuczWGBFdbsDGgBfDAcG8PquIQoPyyXY/6J+m+gAsbPP89WKYst6mIdUkIIDren4 4FOeaU/wAhMk2kjXVIZ7phY3K5Bn6u8GWYedo/6PMfo52Dnx8v1Il4ZpKn8l2+7X vo1BRNcRANzY6B9U+P/+xlbHR+CYpdjKf/TpUQdLP82JCFdcsofkeDGWBZZR46a9 jr4N3iFr7sxwvSOneq3IXfLiOsUB+9xyZmc9mg3KF1tsf2JL0srHXv2XXgLkOzng Shz5xGKvdnm+TAuWTAiX0ONjqaPExmyIfnIj8K4dDp0ly73j9KD1kx/bLMo1I/vR smBGtS6k/5tX7iIoAqPW =cewq -----END PGP SIGNATURE----- --=-=-=--