unofficial mirror of bug-guile@gnu.org 
 help / color / mirror / Atom feed
* bug#45595: recvfrom! optional start and end parameter invalid
@ 2021-01-01 11:34 d4ryus via Bug reports for GUILE, GNU's Ubiquitous Extension Language
  0 siblings, 0 replies; only message in thread
From: d4ryus via Bug reports for GUILE, GNU's Ubiquitous Extension Language @ 2021-01-01 11:34 UTC (permalink / raw)
  To: 45595

[-- Attachment #1: Type: text/plain, Size: 996 bytes --]

hi,

the parameter validation for the optional "start" and "end" arguments to
"recvfrom!" are off by one if "end" is passed. From libguile/socket.c
(master commit 64c89458e6):

  ...
  if (SCM_UNBNDP (end))
    cend = SCM_BYTEVECTOR_LENGTH (buf);
  else
    {
      cend = scm_to_size_t (end);
      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
                        || cend < offset))
        scm_out_of_range (FUNC_NAME, end);
    }
  ...

"end" is the optional end argument, "offset" is 0 or "start" if start
was given. The check must be:

  cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset

to allow filling the last byte in the buffer and verify that start is
not equal to end. A workaround to skip the validation is to not pass
end. But i think a better way would be to always validate start (and
end), if one (or both) of them are passed. A potentional fix is
attached.

If you need any additional information, please let me know.

Thank you for your great work!

-  d4ryus

[-- Attachment #2: recvfrom-fix.patch --]
[-- Type: text/plain, Size: 1027 bytes --]

diff --git a/libguile/socket.c b/libguile/socket.c
index 64354f1f1..d6e676744 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
 
   SCM_VALIDATE_BYTEVECTOR (1, buf);
 
-  if (SCM_UNBNDP (start))
-    offset = 0;
-  else
-    offset = scm_to_size_t (start);
-
   if (SCM_UNBNDP (end))
     cend = SCM_BYTEVECTOR_LENGTH (buf);
   else
     {
       cend = scm_to_size_t (end);
-      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
-                        || cend < offset))
+      if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
         scm_out_of_range (FUNC_NAME, end);
     }
 
+  if (SCM_UNBNDP (start))
+    offset = 0;
+  else
+    {
+      offset = scm_to_size_t (start);
+      if (SCM_UNLIKELY (cend <= offset))
+        scm_out_of_range (FUNC_NAME, start);
+    }
+
   SCM_SYSCALL (rv = recvfrom (fd,
                               SCM_BYTEVECTOR_CONTENTS (buf) + offset,
                               cend - offset, flg,
 

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-01-01 11:34 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-01 11:34 bug#45595: recvfrom! optional start and end parameter invalid d4ryus via Bug reports for GUILE, GNU's Ubiquitous Extension Language

unofficial mirror of bug-guile@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guile-bugs/0 guile-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guile-bugs guile-bugs/ https://yhetil.org/guile-bugs \
		bug-guile@gnu.org
	public-inbox-index guile-bugs

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.lisp.guile.bugs
	nntp://news.gmane.io/gmane.lisp.guile.bugs


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git