Re: [PATCH] Fix crash when accessing block header of immediate values in pretty-printer
On 2020-10-21 18:17, megane wrote: > Interesting.. How do you trigger this bug? Here's a simple way: #;1> (pp (block-ref 'aardvark 0)) Error: segmentation violation Call history: (pp (block-ref (quote aardvark) 0)) (block-ref (quote aardvark) 0) (quote aardvark) (##core#quote aardvark) (pp (block-ref (quote aardvark) 0)) (block-ref (quote aardvark) 0)<-- I don't know how else # can spring to life, but there might be other ways? Of course one probably shouldn't do this, but we still shouldn't segfault. Evan
Re: [PATCH] Fix crash when accessing block header of immediate values in pretty-printer
Evan Hanson writes: > This fixes a segmentation fault when pretty-printing C_SCHEME_UNBOUND, > since we reach into the value with C_block_header() in C_anypointerp() > before checking for C_unboundvaluep(). This crashes, since unbound is an > immediate value. > > In addition to moving the call to C_unboundvaluep() above the call to > C_anypointerp(), this also adds a generic check for any other immediate > values before the remaining cases, which handle non-immediate objects. > --- > extras.scm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/extras.scm b/extras.scm > index 76c23a21..cc679697 100644 > --- a/extras.scm > +++ b/extras.scm > @@ -356,9 +356,9 @@ >(out (number->string code 16) col) > ] > [else (out (make-string 1 obj) > col)] ) ) ) ) > ((##core#inline "C_undefinedp" obj) (out "#" col)) > + ((##core#inline "C_unboundvaluep" obj) (out "#" col)) > + ((##core#inline "C_immp" obj) (out "#" col)) > ((##core#inline "C_anypointerp" obj) (out (##sys#pointer->string > obj) col)) > - ((##core#inline "C_unboundvaluep" obj) > - (out "#" col) ) > ((##sys#generic-structure? obj) >(let ([o (open-output-string)]) > (##sys#user-print-hook obj #t o) Interesting.. How do you trigger this bug?
[PATCH] Fix crash when accessing block header of immediate values in pretty-printer
This fixes a segmentation fault when pretty-printing C_SCHEME_UNBOUND, since we reach into the value with C_block_header() in C_anypointerp() before checking for C_unboundvaluep(). This crashes, since unbound is an immediate value. In addition to moving the call to C_unboundvaluep() above the call to C_anypointerp(), this also adds a generic check for any other immediate values before the remaining cases, which handle non-immediate objects. --- extras.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/extras.scm b/extras.scm index 76c23a21..cc679697 100644 --- a/extras.scm +++ b/extras.scm @@ -356,9 +356,9 @@ (out (number->string code 16) col) ] [else (out (make-string 1 obj) col)] ) ) ) ) ((##core#inline "C_undefinedp" obj) (out "#" col)) + ((##core#inline "C_unboundvaluep" obj) (out "#" col)) + ((##core#inline "C_immp" obj) (out "#" col)) ((##core#inline "C_anypointerp" obj) (out (##sys#pointer->string obj) col)) - ((##core#inline "C_unboundvaluep" obj) -(out "#" col) ) ((##sys#generic-structure? obj) (let ([o (open-output-string)]) (##sys#user-print-hook obj #t o) -- 2.28.0
