GNU bug report logs - #60487
string-ref segfaults with n < 0 on Guile 3.0.8

Previous Next

Package: guile;

Reported by: festerdam <at> posteo.net

Date: Mon, 2 Jan 2023 08:54:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#60487: closed (string-ref segfaults with n < 0 on Guile 3.0.8)
Date: Mon, 16 Jan 2023 22:16:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Mon, 16 Jan 2023 23:15:31 +0100
with message-id <877cxmktx8.fsf <at> gnu.org>
and subject line Re: bug#60487: string-ref segfaults with n < 0 on Guile 3.0.8
has caused the debbugs.gnu.org bug report #60487,
regarding string-ref segfaults with n < 0 on Guile 3.0.8
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
60487: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60487
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: festerdam <at> posteo.net
To: bug-guile <at> gnu.org
Subject: string-ref segfaults with n < 0 on Guile 3.0.8
Date: Mon, 02 Jan 2023 04:12:33 +0000

The following code results in a segmentation fault on Guile 
3.0.8-deb+3.0.8-2 (obtained from the Debian repositories):
    (string-ref "my string" -3)

gdb's backtrace is the following:

#0  0x00007ffff7f1bcc5 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#1  0x00007ffff7f26c49 in scm_call_n ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#2  0x00007ffff7e97b29 in scm_apply_0 ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#3  0x00007ffff7f15966 in scm_throw ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#4  0x00007ffff7f174e9 in scm_ithrow ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#5  0x00007ffff7e94735 in scm_error_scm ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#6  0x00007ffff7e94790 in scm_error ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#7  0x00007ffff7ee19e7 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#8  0x00007ffff7ee208b in scm_to_uint64 ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#9  0x00007ffff7f1c5e4 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#10 0x00007ffff7f26c49 in scm_call_n ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#11 0x00007ffff7e93a97 in scm_primitive_eval ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#12 0x00007ffff7e99a86 in scm_eval ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#13 0x00007ffff7ef91c6 in scm_shell () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#14 0x00007ffff7ea865c in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#15 0x00007ffff7e91f6a in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#16 0x00007ffff7f194e8 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#17 0x00007ffff7f26c49 in scm_call_n () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#18 0x00007ffff7e936ea in scm_call_2 () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#19 0x00007ffff7f42292 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#20 0x00007ffff7f0ff4f in scm_c_catch () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#21 0x00007ffff7e942e6 in scm_c_with_continuation_barrier () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#22 0x00007ffff7f14b89 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#23 0x00007ffff7c190e7 in GC_call_with_stack_base () from 
/lib/x86_64-linux-gnu/libgc.so.1
#24 0x00007ffff7f0fe68 in scm_with_guile () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#25 0x00007ffff7eb1185 in scm_boot_guile () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#26 0x000055555555510f in ?? ()
#27 0x00007ffff7c9918a in __libc_start_call_main 
(main=main <at> entry=0x5555555550b0, argc=argc <at> entry=1, 
argv=argv <at> entry=0x7fffffffe0b8) at 
../sysdeps/nptl/libc_start_call_main.h:58
#28 0x00007ffff7c99245 in __libc_start_main_impl (main=0x5555555550b0, 
argc=1, argv=0x7fffffffe0b8, init=<optimized out>, fini=<optimized out>, 
rtld_fini=<optimized out>, stack_end=0x7fffffffe0a8) at 
../csu/libc-start.c:381
#29 0x00005555555551aa in ?? ()




[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: festerdam <at> posteo.net
Cc: 60487-done <at> debbugs.gnu.org
Subject: Re: bug#60487: string-ref segfaults with n < 0 on Guile 3.0.8
Date: Mon, 16 Jan 2023 23:15:31 +0100

Hi,

festerdam <at> posteo.net skribis:

> The following code results in a segmentation fault on Guile
> 3.0.8-deb+3.0.8-2 (obtained from the Debian repositories):
>     (string-ref "my string" -3)

I can reproduce it with 3.0.8, where I get this backtrace:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (string-ref "my string" -3)

Thread 1 "guile" received signal SIGSEGV, Segmentation fault.
0x00007ffff7f419d9 in scm_is_values (x=<optimized out>) at values.h:30
30      values.h: No such file or directory.
(gdb) bt
#0  0x00007ffff7f419d9 in scm_is_values (x=<optimized out>) at values.h:30
#1  vm_debug_engine (thread=0x7ffff75c1d80) at vm-engine.c:974
#2  0x00007ffff7f4c5d9 in scm_call_n (proc=<optimized out>, argv=<optimized out>, nargs=5)
    at vm.c:1610
#3  0x00007ffff7eb8571 in scm_apply_0 (proc=#<program 7ffff5c4e960>, args=()) at eval.c:603
#4  0x00007ffff7f3dc8d in scm_throw (key=out-of-range, 
    args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7ffff2bb2c30)
    at throw.c:262
#5  0x00007ffff7f3dca9 in scm_ithrow (key=<optimized out>, args=<optimized out>, 
    no_return=<optimized out>) at throw.c:457
#6  0x00007ffff7eb5245 in scm_error_scm (key=key <at> entry=out-of-range, subr=<optimized out>, 
    message=message <at> entry="Value out of range ~S to< ~S: ~S", 
    args=args <at> entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7ffff2bb2c70, data=data <at> entry=(4611686018427387901)) at error.c:90
#7  0x00007ffff7eb52a0 in scm_error (key=out-of-range, subr=0x0, message=<optimized out>, 
    args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7ffff2bb2c70, 
    rest=(4611686018427387901)) at error.c:62
#8  0x00007ffff7f02dd7 in range_error (bad_val=bad_val <at> entry=4611686018427387901, 
    min=min <at> entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x0, 
    max=#<bignum 7ffff2baeda0>) at numbers.c:6611
#9  0x00007ffff7f04dfb in scm_to_uint64 (arg=4611686018427387901) at integers.c:259
#10 0x00007ffff7f42215 in vm_debug_engine (thread=0x7ffff75c1d80) at vm-engine.c:1533
#11 0x00007ffff7f4c5d9 in scm_call_n (proc=<optimized out>, argv=<optimized out>, nargs=1)
    at vm.c:1610
#12 0x00007ffff7eb4457 in scm_primitive_eval (exp=<optimized out>, 
    exp <at> entry=((@ (ice-9 control) %) (begin (load-user-init) ((@ (ice-9 top-repl) top-repl)))))
    at eval.c:671
#13 0x00007ffff7eba4b6 in scm_eval (
    exp=((@ (ice-9 control) %) (begin (load-user-init) ((@ (ice-9 top-repl) top-repl)))), 
    module_or_state="#<struct module>" = {...}) at eval.c:705
#14 0x00007ffff7f1e3b6 in scm_shell (argc=1, argv=0x7fffffffd058) at script.c:357
--8<---------------cut here---------------end--------------->8---

Fortunately, this was fixed recently in
c0004442b7691f59a0e37869ef288eb26382ad9e.

Thanks!

Ludo’.
This bug report was last modified 2 years and 126 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.