projects / platform / upstream / guile.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 420c263) | patch
Improve overflow checks in bytevector, string, and I/O operations.
authorMark H Weaver <mhw@netris.org>
Fri, 19 Apr 2019 04:59:59 +0000 (00:59 -0400)
committerMark H Weaver <mhw@netris.org>
Tue, 18 Jun 2019 06:05:20 +0000 (02:05 -0400)
commit91ba73b397fcc2a36ae7e434522a924c7a8887d0
tree375d88ff803fa5bed9c6ffbfb10e51d41f5ebea8tree | snapshot
parent420c2632bb1f48e492a035c1d216f209734f45e6commit | diff
Improve overflow checks in bytevector, string, and I/O operations.

* libguile/bytevectors.c (INTEGER_ACCESSOR_PROLOGUE)
(scm_bytevector_copy_x, bytevector_large_set): Rewrite checks to reliably
detect overflows.
(make_bytevector): Constrain the bytevector length to avoid later
overflows during allocation.
(make_bytevector_from_buffer): Fix indentation.
(scm_bytevector_length): Use 'scm_from_size_t' to convert a 'size_t',
not 'scm_from_uint'.
* libguile/fports.c (fport_seek): Check for overflow before the implicit
conversion of the return value.
* libguile/guardians.c (guardian_print): Use 'scm_from_ulong' to convert
an 'unsigned long', not 'scm_from_uint'.
* libguile/ports.c (scm_unread_string): Change a variable to type 'size_t'.
(scm_seek, scm_truncate_file): Use 'scm_t_off' instead of
'off_t_or_off64_t' to avoid implicit type conversions that could
overflow, because 'ptob->seek' and 'ptob->truncate' use 'scm_t_off'.
* libguile/r6rs-ports.c (bytevector_input_port_seek)
(custom_binary_port_seek, bytevector_output_port_seek): Rewrite offset
calculations to reliably detect overflows.  Use 'scm_from_off_t' to
convert a 'scm_t_off', not 'scm_from_long' nor 'scm_from_int'.
(scm_get_bytevector_n_x, scm_get_bytevector_all, scm_unget_bytevector)
(bytevector_output_port_write): Rewrite checks to reliably detect
overflows.  Use 'size_t' where appropriate.
(bytevector_output_port_buffer_grow): Rewrite size calculations to
reliably detect overflows.  Minor change in the calculation of the new
size: now it is max(min_size, 2*current_size), whereas previously it
would multiply current_size by the smallest power of 2 needed to surpass
min_size.
* libguile/strings.c (make_stringbuf): Constrain the stringbuf length to
avoid later overflows during allocation.
(scm_string_append): Change overflow check to use INT_ADD_OVERFLOW.
* libguile/strports.c (string_port_write): Rewrite size calculations to
reliably detect overflows.
(string_port_seek): Rewrite offset calculations to reliably detect
overflows.  Use 'scm_from_off_t' to convert a 'scm_t_off', not
'scm_from_long'.
(string_port_truncate): Use 'scm_from_off_t' to convert a 'scm_t_off',
not 'scm_from_off_t_or_off64_t'.
* libguile/vectors.c (scm_c_make_vector): Change a variable to type
'size_t'.
libguile/bytevectors.c diff | blob | history
libguile/fports.c diff | blob | history
libguile/guardians.c diff | blob | history
libguile/ports.c diff | blob | history
libguile/r6rs-ports.c diff | blob | history
libguile/strings.c diff | blob | history
libguile/strports.c diff | blob | history
libguile/vectors.c diff | blob | history
Domain: System / Toolchain;