[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-janitors] #1216: string-ref specialization elides range che
|
From: |
Chicken Trac |
|
Subject: |
Re: [Chicken-janitors] #1216: string-ref specialization elides range check |
|
Date: |
Thu, 27 Aug 2015 06:36:26 -0000 |
#1216: string-ref specialization elides range check
--------------------------+---------------------
Reporter: syn | Owner:
Type: defect | Status: new
Priority: critical | Milestone: someday
Component: scrutinizer | Version: 4.10.x
Resolution: | Keywords:
--------------------------+---------------------
Changes (by sjamaan):
* priority: major => critical
Comment:
Changing it to {{{C_i_string_ref}}} would still be beneficial due to
inlining. Note that there are also two rewrites in {{{c-platform.scm}}};
an unsafe one that uses {{{C_subchar}}} and a safe one that uses
{{{C_i_string_ref}}}.
I think the real problem here is that there are two kinds of unsafe: the
kind that doesn't check its argument types (which will result in crashes
when passed the wrong type; but in the scrutinizer that means it wouldn't
be unsafe because the types are checked elsewhere) and the kind that
doesn't check anything. The latter results in unsafe specializations which
indeed may result in security nightmares.
I'm raising this ticket to "critical" because there may be some true
landmines waiting to go off in Scheme code that's otherwise safe.
Rewrites like this change the semantics of the code in such a way that you
can't reason about its safety anymore.
--
Ticket URL: <http://bugs.call-cc.org/ticket/1216#comment:2>
CHICKEN Scheme <http://www.call-cc.org/>
CHICKEN Scheme is a compiler for the Scheme programming language.