Re: [GHC] #5688: instance Read Integer/Rational/Double readsPrec out of memory and crash due to exponential notation

Sun, 25 Dec 2011 05:29:26 -0800 

#5688: instance Read Integer/Rational/Double readsPrec out of memory and crash 
due
to exponential notation
---------------------------------+------------------------------------------
    Reporter:  gracjan           |       Owner:                  
        Type:  bug               |      Status:  patch           
    Priority:  highest           |   Milestone:  7.4.1           
   Component:  libraries/base    |     Version:  6.12.3          
    Keywords:                    |          Os:  Unknown/Multiple
Architecture:  Unknown/Multiple  |     Failure:  Runtime crash   
  Difficulty:  Unknown           |    Testcase:                  
   Blockedby:                    |    Blocking:                  
     Related:                    |  
---------------------------------+------------------------------------------
Description changed by igloo:

Old description:

> {{{
>  GHCi, version 6.12.3: http://www.haskell.org/ghc/
>  Loading package ghc-prim ... linking ... done.
>  Loading package integer-gmp ... linking ... done.
>  Loading package base ... linking ... done.
>  Loading package ffi-1.0 ... linking ... done.
>  120000000000
>  Prelude> read "12e1000000000000" :: Integer
>  Segmentation fault
> }}}
>
> Sometimes it fails with Bus error.
>
> According to Haskell'98 and Haskell'00 Reports Integers should not parse
> exponential notation at all.
>
> http://www.haskell.org/onlinereport/haskell2010/haskellch2.html#x7-190002.5
>
> This is security issue in web frameworks as parsing HTTP headers, URLs,
> JSON and other may involve parsing integers.

New description:

 {{{
  GHCi, version 6.12.3: http://www.haskell.org/ghc/
  Loading package ghc-prim ... linking ... done.
  Loading package integer-gmp ... linking ... done.
  Loading package base ... linking ... done.
  Loading package ffi-1.0 ... linking ... done.
  120000000000
  Prelude> read "12e1000000000000" :: Integer
  Segmentation fault
 }}}

 Sometimes it fails with Bus error.

 According to Haskell'98 and Haskell'00 Reports Integers should not parse
 exponential notation at all.

 http://www.haskell.org/onlinereport/haskell2010/haskellch2.html#x7-190002.5

 This is security issue in web frameworks as parsing HTTP headers, URLs,
 JSON and other may involve parsing integers.

--

-- 
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/5688#comment:25>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs

Reply via email to