Re: [GHC] #5688: instance Read Integer/Rational/Double readsPrec out of memory and crash due to exponential notation

Thu, 12 Jan 2012 02:16:41 -0800 

#5688: instance Read Integer/Rational/Double readsPrec out of memory and crash 
due
to exponential notation
-------------------------------+--------------------------------------------
  Reporter:  gracjan           |          Owner:                  
      Type:  bug               |         Status:  new             
  Priority:  highest           |      Milestone:  7.4.2           
 Component:  libraries/base    |        Version:  6.12.3          
Resolution:                    |       Keywords:                  
        Os:  Unknown/Multiple  |   Architecture:  Unknown/Multiple
   Failure:  Runtime crash     |     Difficulty:  Unknown         
  Testcase:                    |      Blockedby:                  
  Blocking:                    |        Related:                  
-------------------------------+--------------------------------------------

Comment(by iustin):

 Replying to [comment:34 igloo]:
 > Replying to [comment:33 iustin]:
 > > Replying to [comment:31 igloo]:
 > > > This isn't a regression, so let's punt it to 7.6.
 > >
 > > It's not a regression, but IMHO it's a security bug.
 >
 > I don't think a DoS is as bad a problem as the phrase "security bug"
 implies.

 True. Can it be confirmed that a most this does is a crash of the runtime,
 with no other "bad" behaviours?

 >
 > > As such, it should be fixed even in lower versions, not only in a
 future one!
 >
 > We're not set up to be able to make releases on old branches.

 As I wrote in a previous comment, you don't need to make a full release,
 but for long-term distributions it would be very helpful if you release an
 "official" patch against older versions, that can be applied.

 > > I might overreact (sorry) but dragging the feet on such issues make it
 hard to promote the use of Haskell…
 >
 > Well, pragmatically speaking, currently we're past the feature freeze
 and into the RC phase (so ideally wouldn't be changing the definition of
 `Read Integer` etc), the release is already long overdue, and we don't
 have a good fix yet.

 Again, I don't propose to delay the release. What I'm interested in is to
 know for production environments that still run an older GHC release (6.12
 as that is in current Debian stable and Ubuntu LTS and 7.0/7.2), they can
 apply a "blessed" patch to their build systems in order to safeguard
 against this (once a good solution is found; I expect the fix to probably
 apply without issues to older versions too). That's all - the update of
 Milestone to 7.6 worried me that all older versions are left out in the
 cold.

 thanks again,
 iustin

-- 
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/5688#comment:36>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs

Reply via email to