bug#59874: Segfault from string-ref with negative 'k'

bug-guile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#59874: Segfault from string-ref with negative 'k'

From:	bokr
Subject:	bug#59874: Segfault from string-ref with negative 'k'
Date:	Sat, 10 Dec 2022 16:51:21 +0100
User-agent:	Mutt/1.10.1 (2018-07-13)

HI,

On +2022-12-07 11:29:28 +0100, Ricardo Wurmus wrote:
> Thank you for reporting this bug.
> 
> > i noticed that if i, on my system, run "guile" from a shell and then type 
> > into the command prompt that appears,
> >
> > (string-ref "a string" -1)
> >
> > guile appears to hang for a few seconds or so, and then prints the message 
> > "Segmentation fault (core dumped)".
> 
> I can reproduce this on Guix System with guile 3.0.8:
> 
> --8<---------------cut here---------------start------------->8---
> guile --no-auto-compile --debug
> GNU Guile 3.0.8
> Copyright (C) 1995-2021 Free Software Foundation, Inc.
> 
> Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
> This program is free software, and you are welcome to redistribute it
> under certain conditions; type `,show c' for details.
> 
> Enter `,help' for help.
> scheme@(guile-user)> (string-ref "a string" -1)
> Segmentation fault
> --8<---------------cut here---------------end--------------->8---
> 
> But:
> 
> --8<---------------cut here---------------start------------->8---
> $ guile -c '(string-ref "a string" -1)'
> Backtrace:
> In ice-9/boot-9.scm:
>   1752:10  6 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
> In unknown file:
>            5 (apply-smob/0 #<thunk 7f3912dd02e0>)
> In ice-9/boot-9.scm:
>     724:2  4 (call-with-prompt ("prompt") #<procedure 7f3912de2c60 at 
> ice-9/eval.scm:330:13 ()> #<procedure default-prompt-handler (k proc)>)
> In ice-9/eval.scm:
>     619:8  3 (_ #(#(#<directory (guile-user) 7f3912dd5c80>)))
> In ice-9/command-line.scm:
>    185:19  2 (_ #<input: string 7f3912dcf850>)
> In unknown file:
>            1 (eval (string-ref "a string" -1) #<directory (guile-user) 
> 7f3912dd5c80>)
>            0 (string-ref "a string" -1)
> 
> ERROR: In procedure string-ref:
> Value out of range 0 to< 7: -1
> --8<---------------cut here---------------end--------------->8---
> 
> -- 
> Ricardo
> 
> 
> 

M-x guiler from emacs editing this reply, produced this:
--8<---------------cut here---------------start------------->8---
Current directory is ~/.mutt/ezTemp/
GNU Guile 2.2.4
Copyright (C) 1995-2017 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guile-user)> (string-ref "a string" -1)
<unnamed port>:1:0: Value out of range 0 to 18446744073709551615: -1

Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
scheme@(guile-user) [1]> 
--8<---------------cut here---------------end--------------->8---

The range number is not as nice as measuring the input string :)
(64-bit unsigned maxint in case not immediately recognized )

--8<---------------cut here---------------start------------->8---
scheme@(guile-user) [1]> (- (expt 2 64) 1)
$3 = 18446744073709551615
--8<---------------cut here---------------end--------------->8---

I am on puri.sm pureOS amber (old ;/)
--8<---------------cut here---------------start------------->8---
scheme@(guile-user) [1]> (system "uname -rv")
4.19.0-22-amd64 #1 SMP Debian 4.19.260-1 (2022-09-29)
--8<---------------cut here---------------end--------------->8---

M! guile --version (direct from here, not via geiser):
--8<---------------cut here---------------start------------->8---
guile (GNU Guile) 2.2.4
Packaged by Debian (2.2.4-deb+1-2+deb10u1)
Copyright (C) 2018 Free Software Foundation, Inc.

License LGPLv3+: GNU LGPL 3 or later <http://gnu.org/licenses/lgpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
--8<---------------cut here---------------end--------------->8---


Interestingly, M! and paste the following
direct from here does measure the input string:

guile --no-auto-compile -c '(display (string-ref "a string" -1))'|& cat -n
--8<---------------cut here---------------start------------->8---
     1  Backtrace:
     2             6 (apply-smob/1 #<catch-closure 56095aa9f7a0>)
     3  In ice-9/boot-9.scm:
     4      705:2  5 (call-with-prompt ("prompt") #<procedure 56095aab49c0 …> …)
     5  In ice-9/eval.scm:
     6      619:8  4 (_ #(#(#<directory (guile-user) 56095ab27140>)))
     7  In ice-9/command-line.scm:
     8     181:18  3 (_ #<input: string 56095ab45a80>)
     9  In unknown file:
    10             2 (eval (display (string-ref "a string" -1)) #<directory …>)
    11  In ice-9/eval.scm:
    12     191:35  1 (_ #f)
    13  In unknown file:
    14             0 (string-ref "a string" -1)
    15  
    16  ERROR: In procedure string-ref:
    17  Value out of range 0 to 7: -1
--8<---------------cut here---------------end--------------->8---

HTH, no more time for pleasant procrastinations :)
--
Regards,
Bengt Richter

[Prev in Thread]

Current Thread

[Next in Thread]

bug#59874: Segfault from string-ref with negative 'k', rose gibson, 2022/12/07
- bug#59874: Segfault from string-ref with negative 'k', tomas, 2022/12/07
- bug#59874: Segfault from string-ref with negative 'k', Ricardo Wurmus, 2022/12/07
  - bug#59874: Segfault from string-ref with negative 'k', bokr <=
    - bug#59874: Segfault from string-ref with negative 'k', Jean Abou Samra, 2022/12/12
- bug#59874: Segfault from string-ref with negative 'k', lloda, 2022/12/07

Prev by Date: bug#59321: ice-9's open-input-pipe is unexpectedly slow on some systems
Next by Date: bug#59540: Calling length on a very long improper list is disastrous.
Previous by thread: bug#59874: Segfault from string-ref with negative 'k'
Next by thread: bug#59874: Segfault from string-ref with negative 'k'
Index(es):
- Date
- Thread