GNU bug report logs - #14917
Missing range check in fxcopy-bit can give SIGABRT

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Göran Weinholt <goran <at> weinholt.se>
Subject: bug#14917: closed (Re: bug#14917: Missing range check in
 fxcopy-bit can give SIGABRT)
Date: Tue, 21 Jun 2016 07:36:01 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#14917: Missing range check in fxcopy-bit can give SIGABRT

which was filed against the guile package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 14917 <at> debbugs.gnu.org.

-- 
14917: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=14917
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Andy Wingo <wingo <at> pobox.com>
To: Göran Weinholt <goran <at> weinholt.se>
Cc: 14917-done <at> debbugs.gnu.org
Subject: Re: bug#14917: Missing range check in fxcopy-bit can give SIGABRT
Date: Tue, 21 Jun 2016 09:35:44 +0200

Howdy :)

Three years later, this is now fixed and will be in 2.1.4.  I think
we'll cherry-pick it back to 2.0.12 too.

Cheers,

Andy

On Sat 20 Jul 2013 08:57, Göran Weinholt <goran <at> weinholt.se> writes:

> Hello schemers,
>
> the fxcopy-bit procedure from (rnrs) is missing some range checks. It
> can return a non-fixnum:
>
> scheme@(guile-user)> (import (rnrs))
> scheme@(guile-user)> (fxcopy-bit 0 (fixnum-width) 1)
> $1 = 9223372036854775808
>
> It can also crash the guile process, which is somewhat surprising for a
> fixnum procedure:
>
> scheme@(guile-user)> (import (rnrs))
> scheme@(guile-user)> (fxcopy-bit 0 100000000000 0)
> FATAL: memory error in realloc
> Aborted
>
> Here's an alternative error message:
>
> scheme@(guile-user)> (import (rnrs))
> scheme@(guile-user)> (fxcopy-bit 0 1000000000000 0)
> gmp: overflow in mpz type
> Aborted
>
> Other implementations of fxcopy-bit usually check that the third
> argument is 0 or 1, but I'm not sure that is required.
>
> There's also a bitwise-copy-bit procedure that is similary affected.
> Tested with Guile 2.0.9.40-824b-dirty on an amd64 system.
>
> Regards,

[Message part 3 (message/rfc822, inline)]

From: Göran Weinholt <goran <at> weinholt.se>
To: bug-guile <at> gnu.org
Subject: Missing range check in fxcopy-bit can give SIGABRT
Date: Sat, 20 Jul 2013 08:57:29 +0200

[Message part 4 (text/plain, inline)]

Hello schemers,

the fxcopy-bit procedure from (rnrs) is missing some range checks. It
can return a non-fixnum:

scheme@(guile-user)> (import (rnrs))
scheme@(guile-user)> (fxcopy-bit 0 (fixnum-width) 1)
$1 = 9223372036854775808

It can also crash the guile process, which is somewhat surprising for a
fixnum procedure:

scheme@(guile-user)> (import (rnrs))
scheme@(guile-user)> (fxcopy-bit 0 100000000000 0)
FATAL: memory error in realloc
Aborted

Here's an alternative error message:

scheme@(guile-user)> (import (rnrs))
scheme@(guile-user)> (fxcopy-bit 0 1000000000000 0)
gmp: overflow in mpz type
Aborted

Other implementations of fxcopy-bit usually check that the third
argument is 0 or 1, but I'm not sure that is required.

There's also a bitwise-copy-bit procedure that is similary affected.
Tested with Guile 2.0.9.40-824b-dirty on an amd64 system.

Regards,

-- 
Göran Weinholt <goran <at> weinholt.se>
"Mr. Crane, please remember you're not required to answer any of
Lt. Tragg's questions. As a matter of fact, don't even discuss the
weather with him, he can be very persuasive." -- Perry Mason

[Message part 5 (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.