[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-hackers] [PATCH] Fix #1041 by checking buffer size when not
From: |
Mario Domenech Goulart |
Subject: |
Re: [Chicken-hackers] [PATCH] Fix #1041 by checking buffer size when not supplied |
Date: |
Mon, 23 Sep 2013 23:10:22 +0000 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
On Sun, 22 Sep 2013 12:36:48 +0200 Peter Bex <address@hidden> wrote:
> I managed to figure out the cause behind *one* of the panics in #1045.
> The manual says "read-string! reads destructively into the given STRING
> argument, but never more characters than would fit into STRING".
> See http://wiki.call-cc.org/man/4/Unit%20extras#read-string
>
> Unfortunately, this is not always true: when you pass it #f for the
> NUM argument, it will read until EOF, regardless of the size of the
> buffer that's passed in.
>
> Since this is a buffer overrun error with a reasonably simple fix,
> I think this should go into the stability branch and an emergency
> stability release should probably be made.
>
> Attached is the patch which fixes it. Any external code that's using
> read-string! should be investigated for #f arguments and fixed to
> explicitly pass the buffer size, so that it won't cause trouble with
> older, unfixed CHICKENs. I'll modify http-client ASAP.
>
> It would be great if Mario and Alaric could check whether this fix
> solves the issues in awful-picman and Ugarit. I was unable to reproduce
> the awful-picman bug and the tests for Ugarit just cause so many errors
> on my machine that I'm unsure what's going on.
Thanks a lot, Peter.
Unfortunately, it seems that it doesn't fix #1045. I still can
reproduce the crashes with awful-picman.
Your patch fixes a bug, so I think it should be pushed. I'm attaching
an edited version with a slight modification to avoid calling
(##sys#size dest) twice in certain code paths (as we discussed on IRC).
I also edited the commit message to remove the "Fix #1045" part.
I haven't pushed it because I edited it. The edited version is signed
off, so feel free to push it if you agree with the changes.
Best wishes.
Mario
--
http://parenteses.org/mario
0001-Read-no-more-than-the-buffer-length-when-a-length-of.patch
Description: Text Data