unofficial mirror of bug-guile@gnu.org 
 help / color / mirror / Atom feed
From: d4ryus via "Bug reports for GUILE, GNU's Ubiquitous Extension Language" <bug-guile@gnu.org>
To: 45595@debbugs.gnu.org
Subject: bug#45595: recvfrom! optional start and end parameter invalid
Date: Fri, 1 Jan 2021 12:34:57 +0100	[thread overview]
Message-ID: <X+8I4XX/XNRa7F6f@gandalf.d4ryus.net> (raw)

[-- Attachment #1: Type: text/plain, Size: 996 bytes --]

hi,

the parameter validation for the optional "start" and "end" arguments to
"recvfrom!" are off by one if "end" is passed. From libguile/socket.c
(master commit 64c89458e6):

  ...
  if (SCM_UNBNDP (end))
    cend = SCM_BYTEVECTOR_LENGTH (buf);
  else
    {
      cend = scm_to_size_t (end);
      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
                        || cend < offset))
        scm_out_of_range (FUNC_NAME, end);
    }
  ...

"end" is the optional end argument, "offset" is 0 or "start" if start
was given. The check must be:

  cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset

to allow filling the last byte in the buffer and verify that start is
not equal to end. A workaround to skip the validation is to not pass
end. But i think a better way would be to always validate start (and
end), if one (or both) of them are passed. A potentional fix is
attached.

If you need any additional information, please let me know.

Thank you for your great work!

-  d4ryus

[-- Attachment #2: recvfrom-fix.patch --]
[-- Type: text/plain, Size: 1027 bytes --]

diff --git a/libguile/socket.c b/libguile/socket.c
index 64354f1f1..d6e676744 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
 
   SCM_VALIDATE_BYTEVECTOR (1, buf);
 
-  if (SCM_UNBNDP (start))
-    offset = 0;
-  else
-    offset = scm_to_size_t (start);
-
   if (SCM_UNBNDP (end))
     cend = SCM_BYTEVECTOR_LENGTH (buf);
   else
     {
       cend = scm_to_size_t (end);
-      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
-                        || cend < offset))
+      if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
         scm_out_of_range (FUNC_NAME, end);
     }
 
+  if (SCM_UNBNDP (start))
+    offset = 0;
+  else
+    {
+      offset = scm_to_size_t (start);
+      if (SCM_UNLIKELY (cend <= offset))
+        scm_out_of_range (FUNC_NAME, start);
+    }
+
   SCM_SYSCALL (rv = recvfrom (fd,
                               SCM_BYTEVECTOR_CONTENTS (buf) + offset,
                               cend - offset, flg,
 

             reply	other threads:[~2021-01-01 11:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-01 11:34 d4ryus via Bug reports for GUILE, GNU's Ubiquitous Extension Language [this message]
2021-11-03 18:29 ` bug#45595: recvfrom! optional start and end parameter invalid lloda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/guile/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=X+8I4XX/XNRa7F6f@gandalf.d4ryus.net \
    --to=bug-guile@gnu.org \
    --cc=45595@debbugs.gnu.org \
    --cc=d4ryus@mailbox.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).