emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#12095: closed (Protecting pointer on bytevector wi

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#12095: closed (Protecting pointer on bytevector with guardian does not protect memory)
Date: Mon, 08 Oct 2012 15:44:02 +0000 
Your message dated Mon, 08 Oct 2012 17:42:49 +0200
with message-id <address@hidden>
and subject line Re: bug#12095: Protecting pointer on bytevector with guardian 
does not protect memory
has caused the debbugs.gnu.org bug report #12095,
regarding Protecting pointer on bytevector with guardian does not protect memory
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
12095: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12095
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: Protecting pointer on bytevector with guardian does not protect memory Date: Mon, 30 Jul 2012 18:01:09 +0200 
The memory from a bytevector of which a pointer is taken (with
'bytevector->pointer') can be overwritten even if that pointer has
been put inside a guardian. 'make-c-struct' from (system foreign) is
using 'bytevector->pointer'.

With the test script attached:

$ guile -v | head -1
guile (GNU Guile) 2.0.6.8-cc26b9-dirty
$ guile --no-auto-compile -s test.scm
#<pointer 0x974648c>
#vu8(1 1 1 1 1 1 1 1 1 1)
#vu8(1 1 1 1 1 1 1 1 1 1)
#vu8(110 103 45 108 101 110 103 116 104 0)  <<<< memory overwrite with 
"ng-length\0" from module
#<pointer 0x974648c>
$

With auto compilation turned on, it looks like the problem can not be
reproduced.

-- 
Patrick Bernaud

Attachment: test.scm
Description: Binary data


--- End Message ---
--- Begin Message --- Subject: Re: bug#12095: Protecting pointer on bytevector with guardian does not protect memory Date: Mon, 08 Oct 2012 17:42:49 +0200 User-agent: Gnus/5.130005 (Ma Gnus v0.5) Emacs/24.2 (gnu/linux) 
Daniel Hartwig <address@hidden> skribis:

> On 8 October 2012 21:44, Ludovic Courtès <address@hidden> wrote:
>>> On 8 October 2012 04:38, Ludovic Courtès <address@hidden> wrote:
>>> Right.  But then the pointer is being collected even though it remains
>>> inside the guardian, in the example it is never extracted from there.
>>
>> Well, when the object reaches the guardian’s zombie list, that’s because
>> it’s been finalized, so any weak references from that object can also be
>> nullified.
>
> Ah.  So I thought that being in the zombie list prevented any
> finalization, thus when the guardian returns an object it is still
> fully functional and only after the reference is lost again does it
> really get finalized.

Well, the object is still usable when the guardian returns it, because
it’s been kept alive by the finalizer (‘finalize_guarded’ in
guardians.c).

Now, whether weak references from the object are subject to
“nullification” by the GC is clearly a gray area, but I’m not surprised
that it is.

>> How does it help?  Should we close the bug?  :-)
>
> Sure.  At least you seem convinced and you has actually hacked on it :-)

Good.  :-)

So closing it now, but feel free to reopen if you think something’s wrong.

Thanks,
Ludo’.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]