From: d4ryus via "Bug reports for GUILE, GNU's Ubiquitous Extension Language" <bug-guile@gnu.org>
To: 45595@debbugs.gnu.org
Subject: bug#45595: recvfrom! optional start and end parameter invalid
Date: Fri, 1 Jan 2021 12:34:57 +0100 [thread overview]
Message-ID: <X+8I4XX/XNRa7F6f@gandalf.d4ryus.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 996 bytes --]
hi,
the parameter validation for the optional "start" and "end" arguments to
"recvfrom!" are off by one if "end" is passed. From libguile/socket.c
(master commit 64c89458e6):
...
if (SCM_UNBNDP (end))
cend = SCM_BYTEVECTOR_LENGTH (buf);
else
{
cend = scm_to_size_t (end);
if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
|| cend < offset))
scm_out_of_range (FUNC_NAME, end);
}
...
"end" is the optional end argument, "offset" is 0 or "start" if start
was given. The check must be:
cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset
to allow filling the last byte in the buffer and verify that start is
not equal to end. A workaround to skip the validation is to not pass
end. But i think a better way would be to always validate start (and
end), if one (or both) of them are passed. A potentional fix is
attached.
If you need any additional information, please let me know.
Thank you for your great work!
- d4ryus
[-- Attachment #2: recvfrom-fix.patch --]
[-- Type: text/plain, Size: 1027 bytes --]
diff --git a/libguile/socket.c b/libguile/socket.c
index 64354f1f1..d6e676744 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
SCM_VALIDATE_BYTEVECTOR (1, buf);
- if (SCM_UNBNDP (start))
- offset = 0;
- else
- offset = scm_to_size_t (start);
-
if (SCM_UNBNDP (end))
cend = SCM_BYTEVECTOR_LENGTH (buf);
else
{
cend = scm_to_size_t (end);
- if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
- || cend < offset))
+ if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
scm_out_of_range (FUNC_NAME, end);
}
+ if (SCM_UNBNDP (start))
+ offset = 0;
+ else
+ {
+ offset = scm_to_size_t (start);
+ if (SCM_UNLIKELY (cend <= offset))
+ scm_out_of_range (FUNC_NAME, start);
+ }
+
SCM_SYSCALL (rv = recvfrom (fd,
SCM_BYTEVECTOR_CONTENTS (buf) + offset,
cend - offset, flg,
next reply other threads:[~2021-01-01 11:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-01 11:34 d4ryus via Bug reports for GUILE, GNU's Ubiquitous Extension Language [this message]
2021-11-03 18:29 ` bug#45595: recvfrom! optional start and end parameter invalid lloda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X+8I4XX/XNRa7F6f@gandalf.d4ryus.net \
--to=bug-guile@gnu.org \
--cc=45595@debbugs.gnu.org \
--cc=d4ryus@mailbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).