unofficial mirror of 
 help / color / mirror / Atom feed
From: d4ryus via "Bug reports for GUILE, GNU's Ubiquitous Extension Language" <>
Subject: bug#45595: recvfrom! optional start and end parameter invalid
Date: Fri, 1 Jan 2021 12:34:57 +0100	[thread overview]
Message-ID: <X+8I4XX/> (raw)

[-- Attachment #1: Type: text/plain, Size: 996 bytes --]


the parameter validation for the optional "start" and "end" arguments to
"recvfrom!" are off by one if "end" is passed. From libguile/socket.c
(master commit 64c89458e6):

  if (SCM_UNBNDP (end))
    cend = SCM_BYTEVECTOR_LENGTH (buf);
      cend = scm_to_size_t (end);
                        || cend < offset))
        scm_out_of_range (FUNC_NAME, end);

"end" is the optional end argument, "offset" is 0 or "start" if start
was given. The check must be:

  cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset

to allow filling the last byte in the buffer and verify that start is
not equal to end. A workaround to skip the validation is to not pass
end. But i think a better way would be to always validate start (and
end), if one (or both) of them are passed. A potentional fix is

If you need any additional information, please let me know.

Thank you for your great work!

-  d4ryus

[-- Attachment #2: recvfrom-fix.patch --]
[-- Type: text/plain, Size: 1027 bytes --]

diff --git a/libguile/socket.c b/libguile/socket.c
index 64354f1f1..d6e676744 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
-  if (SCM_UNBNDP (start))
-    offset = 0;
-  else
-    offset = scm_to_size_t (start);
   if (SCM_UNBNDP (end))
     cend = SCM_BYTEVECTOR_LENGTH (buf);
       cend = scm_to_size_t (end);
-      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
-                        || cend < offset))
+      if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
         scm_out_of_range (FUNC_NAME, end);
+  if (SCM_UNBNDP (start))
+    offset = 0;
+  else
+    {
+      offset = scm_to_size_t (start);
+      if (SCM_UNLIKELY (cend <= offset))
+        scm_out_of_range (FUNC_NAME, start);
+    }
   SCM_SYSCALL (rv = recvfrom (fd,
                               SCM_BYTEVECTOR_CONTENTS (buf) + offset,
                               cend - offset, flg,

                 reply	other threads:[~2021-01-01 11:34 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=X+8I4XX/ \ \ \ \
    --subject='Re: bug#45595: recvfrom'\!' optional start and end parameter invalid' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

unofficial mirror of 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror guile-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guile-bugs guile-bugs/ \
	public-inbox-index guile-bugs

Example config snippet for mirrors.
Newsgroups are available over NNTP:

AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git