0001-Fix-unpersistability-sanity-check-for-symbol-GC.patchDescription: Text Data
|
| From: | Peter Bex |
| Subject: | [Chicken-hackers] [PATCH] Fix small but critical bug in symbol GC sanity checks and fix randomization of symbol table (security fix) |
| Date: | Fri, 30 Jun 2017 15:48:08 +0200 |
| User-agent: | NeoMutt/20170113 (1.7.2) |
Hi all, The first attached patch fixes a problem with an assertion error that sometimes crops up during symbol GC. The problem is that the C_persistable_symbol() check says that the bound value of a symbol must be either C_SCHEME_UNBOUND or the symbol itself. However, during GC a keyword may get moved around, so the symbol's value slot might contain a forwarding pointer to its own new location. Then, C_symbol_value(s) != s, so it will think the keyword should have been persisted and trigger the assertion. The patch also moves the forwarding pointer chasing for symbols to a helper function. Many thanks to Mario and Kooda for reporting this issue and TheLemonMan for putting in the effort to make it reproducible by hacking rand() to always return a given value, and for pointing out that symbol_table->rand always had the same value. The second patch fixes this fixed value problem: we called initialize_symbol_table() which uses rand(), *before* calling C_randomize(), so the randomization factor wouldn't be initialized properly, or rather have an undefined value which happens to be a fixed value on most platforms. I think this second patch should also go into master (it applies cleanly). Cheers, Peter
0001-Fix-unpersistability-sanity-check-for-symbol-GC.patch
Description: Text Data
0002-Initialize-symbol-table-after-setting-up-randomizati.patch
Description: Text Data
signature.asc
Description: PGP signature
| [Prev in Thread] | Current Thread | [Next in Thread] |