bug#61201: Installation hint crashes when user names contain at sign
Ludovic Courtès writes: > Ludovic Courtès skribis: > >> A funny thing was reported earlier today on the Café Guix channel: >> >> $ guix install hello [17:52] >> building profile with 5 packages... >> hint: Backtrace: > > [...] > >> In guix/ui.scm: >> 312:5 6 (display-hint _ ) >> 1451:24 5 (texi->plain-text ) >> In texinfo.scm: >> 1132:22 4 (parse ) >>980:31 3 (loop # (fragment) _ _ ) >>967:36 2 (loop # #f # ?) >> 92:2 1 (command-spec ) >> In ice-9/boot-9.scm: >> 1685:16 0 (raise-exception _ #:continuable? ) >> >> ice-9/boot-9.scm:1685:16: In procedure raise-exception: >> Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'. > > Here’s one way to reproduce the bug, showing a crash in ‘display-hint’ > due to an unescaped brace: > > $ mkdir /tmp/x{ample > $ touch /tmp/x{ample/guix.scm > $ (cd '/tmp/x{ample' ; guix shell) > guix shell: error: not loading '/tmp/x{ample/guix.scm' because not authorized > to do so > hint: Backtrace: > 13 (primitive-load "/home/ludo/.config/guix/current/bin/guix") > In guix/ui.scm: >2279:7 12 (run-guix . _) > 2242:10 11 (run-guix-command _ . _) > In ice-9/boot-9.scm: > 1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _) > In guix/scripts/shell.scm: >308:15 9 (_) > In guix/ui.scm: > 312:5 8 (display-hint _ _) > 1451:24 7 (texi->plain-text _) > In texinfo.scm: > 1132:22 6 (parse _) >980:31 5 (loop # (*fragment*) _ _ _) >980:31 4 (loop # #f _ _ _) >911:31 3 (loop # #f # > #f _) >746:27 2 (_ # #f (example smallexample > verbatim lisp smalllisp menu w %) # …) > In sxml/ssax/input-parse.scm: > 88:2 1 (next-token _ _ _ _) > In ice-9/boot-9.scm: > 1685:16 0 (raise-exception _ #:continuable? _) > > ice-9/boot-9.scm:1685:16: In procedure raise-exception: > Throw to key `parser-error' with args `(# "EOF > while reading a token " "reading char data")'. > > Ludo’. Would it be heresy to recommend that plain strings and strings that contain texinfo markup be separate types to catch this sort of thing? In 2023 it's pretty embarrassing to have bugs that are basically SQL injections.
bug#61201: Installation hint crashes when user names contain at sign
Ludovic Courtès skribis: > A funny thing was reported earlier today on the Café Guix channel: > > $ guix install hello [17:52] > building profile with 5 packages... > hint: Backtrace: [...] > In guix/ui.scm: > 312:5 6 (display-hint _ ) > 1451:24 5 (texi->plain-text ) > In texinfo.scm: > 1132:22 4 (parse ) >980:31 3 (loop # (fragment) _ _ ) >967:36 2 (loop # #f # ?) > 92:2 1 (command-spec ) > In ice-9/boot-9.scm: > 1685:16 0 (raise-exception _ #:continuable? ) > > ice-9/boot-9.scm:1685:16: In procedure raise-exception: > Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'. Here’s one way to reproduce the bug, showing a crash in ‘display-hint’ due to an unescaped brace: --8<---cut here---start->8--- $ mkdir /tmp/x{ample $ touch /tmp/x{ample/guix.scm $ (cd '/tmp/x{ample' ; guix shell) guix shell: error: not loading '/tmp/x{ample/guix.scm' because not authorized to do so hint: Backtrace: 13 (primitive-load "/home/ludo/.config/guix/current/bin/guix") In guix/ui.scm: 2279:7 12 (run-guix . _) 2242:10 11 (run-guix-command _ . _) In ice-9/boot-9.scm: 1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _) In guix/scripts/shell.scm: 308:15 9 (_) In guix/ui.scm: 312:5 8 (display-hint _ _) 1451:24 7 (texi->plain-text _) In texinfo.scm: 1132:22 6 (parse _) 980:31 5 (loop # (*fragment*) _ _ _) 980:31 4 (loop # #f _ _ _) 911:31 3 (loop # #f # #f _) 746:27 2 (_ # #f (example smallexample verbatim lisp smalllisp menu w %) # …) In sxml/ssax/input-parse.scm: 88:2 1 (next-token _ _ _ _) In ice-9/boot-9.scm: 1685:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1685:16: In procedure raise-exception: Throw to key `parser-error' with args `(# "EOF while reading a token " "reading char data")'. --8<---cut here---end--->8--- Ludo’.
bug#61201: Installation hint crashes when user names contain at sign
A funny thing was reported earlier today on the Café Guix channel: --8<---cut here---start->8--- $ guix install hello [17:52] building profile with 5 packages... hint: Backtrace: 17 (primitive-load "/usr/local/bin/guix") In guix/ui.scm: 2279:7 16 (run-guix . ) 2242:10 15 (run-guix-command _ . ) In ice-9/boot-9.scm: 1752:10 14 (with-exception-handler _ _ #:unwind? _ # ) In guix/status.scm: 835:3 13 () 815:4 12 (call-with-status-report _ ) In guix/store.scm: 1300:8 11 (call-with-build-handler _ ) 1300:8 10 (call-with-build-handler # ?) In guix/build/syscalls.scm: 1440:3 9 () 1407:4 8 (call-with-file-lock/no-wait _ _ ) In guix/scripts/package.scm: 325:7 7 (build-and-use-profile _ "/var/guix/profiles/per-user/?" ?) In guix/ui.scm: 312:5 6 (display-hint _ ) 1451:24 5 (texi->plain-text ) In texinfo.scm: 1132:22 4 (parse ) 980:31 3 (loop # (fragment) _ _ ) 967:36 2 (loop # #f # ?) 92:2 1 (command-spec ) In ice-9/boot-9.scm: 1685:16 0 (raise-exception _ #:continuable? ) ice-9/boot-9.scm:1685:16: In procedure raise-exception: Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'. --8<---cut here---end--->8--- This is because the user name ends in “@univ…”, which ‘display-hint’ interprets as Texinfo. Ludo’.