[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Guile segfault with network calls
From: |
Martin Grabmueller |
Subject: |
Guile segfault with network calls |
Date: |
Thu, 1 Mar 2001 10:28:55 +0100 (MET) |
Hello list,
Guile segfaults when a Unix domain address with a very long pathname is
passed to calls like `connect', `bind' or `sendto'.
Example:
guile> (define s (socket AF_UNIX SOCK_STREAM 0))
guile> (connect s AF_UNIX (make-string 100000 #\c))
Segmentation fault
The reason is the following code in `scm_fill_sockaddr' in socket.c:424,
where a memcpy is made without checking for the length.
#ifdef HAVE_UNIX_DOMAIN_SOCKETS
case AF_UNIX:
{
struct sockaddr_un *soka;
soka = (struct sockaddr_un *)
scm_must_malloc (sizeof (struct sockaddr_un), proc);
memset (soka, 0, sizeof (struct sockaddr_un));
soka->sun_family = AF_UNIX;
SCM_ASSERT (SCM_STRINGP (address), address, which_arg, proc);
memcpy (soka->sun_path, SCM_STRING_CHARS (address),
1 + SCM_STRING_LENGTH (address));
*size = sizeof (struct sockaddr_un);
return (struct sockaddr *) soka;
}
#endif
I don't know what the correct fix for this is, because I couldn't find
out whether there is a standard maximum path length. Maybe POSIX or
one of the other `Standards' defines one? Does anyone know?
Regards,
'martin
- Guile segfault with network calls,
Martin Grabmueller <=