[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-hackers] [PATCH] Fix small but critical bug in symbol GC sanity
From: |
Peter Bex |
Subject: |
[Chicken-hackers] [PATCH] Fix small but critical bug in symbol GC sanity checks and fix randomization of symbol table (security fix) |
Date: |
Fri, 30 Jun 2017 15:48:08 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
Hi all,
The first attached patch fixes a problem with an assertion error
that sometimes crops up during symbol GC. The problem is that the
C_persistable_symbol() check says that the bound value of a
symbol must be either C_SCHEME_UNBOUND or the symbol itself.
However, during GC a keyword may get moved around, so the
symbol's value slot might contain a forwarding pointer to its
own new location. Then, C_symbol_value(s) != s, so it will
think the keyword should have been persisted and trigger the
assertion. The patch also moves the forwarding pointer chasing
for symbols to a helper function.
Many thanks to Mario and Kooda for reporting this issue and
TheLemonMan for putting in the effort to make it reproducible
by hacking rand() to always return a given value, and for
pointing out that symbol_table->rand always had the same
value.
The second patch fixes this fixed value problem: we called
initialize_symbol_table() which uses rand(), *before* calling
C_randomize(), so the randomization factor wouldn't be initialized
properly, or rather have an undefined value which happens to be a
fixed value on most platforms. I think this second patch should
also go into master (it applies cleanly).
Cheers,
Peter
0001-Fix-unpersistability-sanity-check-for-symbol-GC.patch
Description: Text Data
0002-Initialize-symbol-table-after-setting-up-randomizati.patch
Description: Text Data
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Chicken-hackers] [PATCH] Fix small but critical bug in symbol GC sanity checks and fix randomization of symbol table (security fix),
Peter Bex <=