[cffi-devel] Re: varargs (again)

Fri, 13 Jan 2006 04:47:13 -0800 

Hi,

Brad Anderson wrote:
>I saw some topics in the archives about varargs,
First, I have to repeat that interfacing to varargs is, hm... challenging.  You 
cannot expect to be able to use varargs functions portably.  It may still work 
in some cases, and possibly all the cases that you need, but there's no general 
solution yet, neither within most Lisp implementations, nor for many other 
programming language environments.


Luis' and James' talk about how it could/would look like at the cffi level, 
when it will work.  But that does not make the low-level machinery be able to 
use varargs in general.  Yet the few cases that you need may still work.

That said, I'd prefer a single defcfun with a possible &rest marker, than 
another defcfun-varargs entry point.  Oh well, that's a matter of endless 
debate.  E.g. for my AFFI (10 years ago), I had separate defining forms, 
whereas Sam Steingold in clisp unified all (library or module) into 
ffi:def-call-out distinguished by the presence of (:library #).

In the long run (varargs fully supported), it presumably makes no sense to have 
two defining entry points.  A keyword variation is enough to deal with the 
special case.  IMHO it's just now that we want to distinguish both, perhaps 
because one works, and the other not, or because one is well-defined, and the 
other still gathering ideas.


Luis Oliveira wrote:
>  (defcfun "xmlParserError" :void
>    (ctx :pointer)
>    (msg :string))
>  (defun xml-parser-error (control-string &rest args)
>    (xmlParserError <whatever-a-ctx-is>
>                    (format nil "~?" control-string args)))

Here you allow your application to crash when given strings containing "%" 
characters.  A safe approach would be as follows
  (defcfun "xmlParserError" :void
    (ctx :pointer)
    (formatter :string) ; constantly pass "%s" here
    (msg :string))
(xmlParserError <ctx> "%s" (apply #' format nil control-string args))
;; Do all the formatting on the Lisp side
;; Tell the C side to *not* format!

I just had to fix a bug in CLISP's syscalls module: posix:syslog() exhibited 
exactly this stack overflow vulnerability!  Calling posix:syslog() with unknown 
strings could crash it.

Regards,
        Jörg Höhle.
_______________________________________________
cffi-devel mailing list
cffi-devel@common-lisp.net
http://common-lisp.net/cgi-bin/mailman/listinfo/cffi-devel

Reply via email to