Re: [Chicken-hackers] [PATCH] Fix #1041 by checking buffer size when not supplied

[Mario Domenech Goulart]

On Sun, 22 Sep 2013 12:36:48 +0200 Peter Bex <address@hidden> wrote:

> I managed to figure out the cause behind *one* of the panics in #1045.
> The manual says "read-string! reads destructively into the given STRING
> argument, but never more characters than would fit into STRING".
> See http://wiki.call-cc.org/man/4/Unit%20extras#read-string
>
> Unfortunately, this is not always true: when you pass it #f for the
> NUM argument, it will read until EOF, regardless of the size of the
> buffer that's passed in.
>
> Since this is a buffer overrun error with a reasonably simple fix,
> I think this should go into the stability branch and an emergency
> stability release should probably be made.
>
> Attached is the patch which fixes it.  Any external code that's using
> read-string!  should be investigated for #f arguments and fixed to
> explicitly pass the buffer size, so that it won't cause trouble with
> older, unfixed CHICKENs.  I'll modify http-client ASAP.
>
> It would be great if Mario and Alaric could check whether this fix
> solves the issues in awful-picman and Ugarit.  I was unable to reproduce
> the awful-picman bug and the tests for Ugarit just cause so many errors
> on my machine that I'm unsure what's going on.

Thanks a lot, Peter.

Unfortunately, it seems that it doesn't fix #1045.  I still can
reproduce the crashes with awful-picman.

Your patch fixes a bug, so I think it should be pushed.  I'm attaching
an edited version with a slight modification to avoid calling
(##sys#size dest) twice in certain code paths (as we discussed on IRC).
I also edited the commit message to remove the "Fix #1045" part.

I haven't pushed it because I edited it.  The edited version is signed
off, so feel free to push it if you agree with the changes.

Best wishes.
Mario
-- 
http://parenteses.org/mario

0001-Read-no-more-than-the-buffer-length-when-a-length-of.patch
Description: Text Data