[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] [SECURITY] Buffer overrun vulnerability in Chicken's sch

From: Peter Bex
Subject: [Chicken-users] [SECURITY] Buffer overrun vulnerability in Chicken's scheduler
Date: Mon, 11 Jun 2012 12:33:28 +0200
User-agent: Mutt/

Hello Chicken users,

Recently a buffer overrun error was discovered in Chicken's thread
scheduler.  This buffer overrun is triggered on UNIX-like OSes when a
file descriptor with an integer value higher than FD_SETSIZE gets
opened due to the way the POSIX select() function is currently being

Every Chicken program which accepts a potentially unlimited number of
incoming network connections or otherwise opens an unlimited number of
file descriptors is potentially vulnerable to an application crash.

Currently a patch is being developed.  In the meanwhile an effective
workaround is to limit the maximum number of open descriptors using
the Unix "ulimit -n" command.

Please verify the maximum number of descriptors supported safely by
Chicken by compiling following one-line program using csc and then
running the resulting binary:

(print (foreign-value "FD_SETSIZE" int))

Simply ensure that the programs you want to protect run under a maximum
number of open files ulimit that matches this number (or lower).

lease note that this bug also affects people using the
"high-load-scheduler" egg, which provides an alternative scheduler

On Windows, there is no buffer overrun danger, but there is a potential
problem of threads never waking up; there is currently no known
workaround for this.


Kind regards,
The Chicken team

reply via email to

[Prev in Thread] Current Thread [Next in Thread]