Guile segfault with network calls

bug-guile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Guile segfault with network calls

From:	Martin Grabmueller
Subject:	Guile segfault with network calls
Date:	Thu, 1 Mar 2001 10:28:55 +0100 (MET)

Hello list,

Guile segfaults when a Unix domain address with a very long pathname is
passed to calls like `connect', `bind' or `sendto'.

Example:

guile> (define s (socket AF_UNIX SOCK_STREAM 0))
guile> (connect s AF_UNIX (make-string 100000 #\c))
Segmentation fault

The reason is the following code in `scm_fill_sockaddr' in socket.c:424,
where a memcpy is made without checking for the length.

#ifdef HAVE_UNIX_DOMAIN_SOCKETS
    case AF_UNIX:
      {
        struct sockaddr_un *soka;

        soka = (struct sockaddr_un *)
          scm_must_malloc (sizeof (struct sockaddr_un), proc);
        memset (soka, 0, sizeof (struct sockaddr_un));
        soka->sun_family = AF_UNIX;
        SCM_ASSERT (SCM_STRINGP (address), address, which_arg, proc);
        memcpy (soka->sun_path, SCM_STRING_CHARS (address),
                1 + SCM_STRING_LENGTH (address));
        *size = sizeof (struct sockaddr_un);
        return (struct sockaddr *) soka;
      }
#endif

I don't know what the correct fix for this is, because I couldn't find
out whether there is a standard maximum path length.  Maybe POSIX or
one of the other `Standards' defines one?  Does anyone know?

Regards,
  'martin

[Prev in Thread]

Current Thread

[Next in Thread]

Guile segfault with network calls, Martin Grabmueller <=
- Re: Guile segfault with network calls, Gary Houston, 2001/03/03
  - Re: Guile segfault with network calls, Dirk Herrmann, 2001/03/03
    - Re: Guile segfault with network calls, Gary Houston, 2001/03/03

Prev by Date: Inconsistent behaviour of gethost/getnet/getproto/getserv
Next by Date: HEY YOU, have a nice day!!
Previous by thread: Inconsistent behaviour of gethost/getnet/getproto/getserv
Next by thread: Re: Guile segfault with network calls
Index(es):
- Date
- Thread