GNU bug report logs -
#14917
Missing range check in fxcopy-bit can give SIGABRT
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 14917 in the body.
You can then email your comments to 14917 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guile <at> gnu.org:
bug#14917; Package
guile.
(Sat, 20 Jul 2013 06:59:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Göran Weinholt <goran <at> weinholt.se>:
New bug report received and forwarded. Copy sent to
bug-guile <at> gnu.org.
(Sat, 20 Jul 2013 06:59:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello schemers,
the fxcopy-bit procedure from (rnrs) is missing some range checks. It
can return a non-fixnum:
scheme@(guile-user)> (import (rnrs))
scheme@(guile-user)> (fxcopy-bit 0 (fixnum-width) 1)
$1 = 9223372036854775808
It can also crash the guile process, which is somewhat surprising for a
fixnum procedure:
scheme@(guile-user)> (import (rnrs))
scheme@(guile-user)> (fxcopy-bit 0 100000000000 0)
FATAL: memory error in realloc
Aborted
Here's an alternative error message:
scheme@(guile-user)> (import (rnrs))
scheme@(guile-user)> (fxcopy-bit 0 1000000000000 0)
gmp: overflow in mpz type
Aborted
Other implementations of fxcopy-bit usually check that the third
argument is 0 or 1, but I'm not sure that is required.
There's also a bitwise-copy-bit procedure that is similary affected.
Tested with Guile 2.0.9.40-824b-dirty on an amd64 system.
Regards,
--
Göran Weinholt <goran <at> weinholt.se>
"Mr. Crane, please remember you're not required to answer any of
Lt. Tragg's questions. As a matter of fact, don't even discuss the
weather with him, he can be very persuasive." -- Perry Mason
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to
Andy Wingo <wingo <at> pobox.com>:
You have taken responsibility.
(Tue, 21 Jun 2016 07:36:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Göran Weinholt <goran <at> weinholt.se>:
bug acknowledged by developer.
(Tue, 21 Jun 2016 07:36:01 GMT)
Full text and
rfc822 format available.
Message #10 received at 14917-done <at> debbugs.gnu.org (full text, mbox):
Howdy :)
Three years later, this is now fixed and will be in 2.1.4. I think
we'll cherry-pick it back to 2.0.12 too.
Cheers,
Andy
On Sat 20 Jul 2013 08:57, Göran Weinholt <goran <at> weinholt.se> writes:
> Hello schemers,
>
> the fxcopy-bit procedure from (rnrs) is missing some range checks. It
> can return a non-fixnum:
>
> scheme@(guile-user)> (import (rnrs))
> scheme@(guile-user)> (fxcopy-bit 0 (fixnum-width) 1)
> $1 = 9223372036854775808
>
> It can also crash the guile process, which is somewhat surprising for a
> fixnum procedure:
>
> scheme@(guile-user)> (import (rnrs))
> scheme@(guile-user)> (fxcopy-bit 0 100000000000 0)
> FATAL: memory error in realloc
> Aborted
>
> Here's an alternative error message:
>
> scheme@(guile-user)> (import (rnrs))
> scheme@(guile-user)> (fxcopy-bit 0 1000000000000 0)
> gmp: overflow in mpz type
> Aborted
>
> Other implementations of fxcopy-bit usually check that the third
> argument is 0 or 1, but I'm not sure that is required.
>
> There's also a bitwise-copy-bit procedure that is similary affected.
> Tested with Guile 2.0.9.40-824b-dirty on an amd64 system.
>
> Regards,
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 19 Jul 2016 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 294 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.