--- Begin Message ---
Subject: |
Protecting pointer on bytevector with guardian does not protect memory |
Date: |
Mon, 30 Jul 2012 18:01:09 +0200 |
The memory from a bytevector of which a pointer is taken (with
'bytevector->pointer') can be overwritten even if that pointer has
been put inside a guardian. 'make-c-struct' from (system foreign) is
using 'bytevector->pointer'.
With the test script attached:
$ guile -v | head -1
guile (GNU Guile) 2.0.6.8-cc26b9-dirty
$ guile --no-auto-compile -s test.scm
#<pointer 0x974648c>
#vu8(1 1 1 1 1 1 1 1 1 1)
#vu8(1 1 1 1 1 1 1 1 1 1)
#vu8(110 103 45 108 101 110 103 116 104 0) <<<< memory overwrite with
"ng-length\0" from module
#<pointer 0x974648c>
$
With auto compilation turned on, it looks like the problem can not be
reproduced.
--
Patrick Bernaud
test.scm
Description: Binary data
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#12095: Protecting pointer on bytevector with guardian does not protect memory |
Date: |
Mon, 08 Oct 2012 17:42:49 +0200 |
User-agent: |
Gnus/5.130005 (Ma Gnus v0.5) Emacs/24.2 (gnu/linux) |
Daniel Hartwig <address@hidden> skribis:
> On 8 October 2012 21:44, Ludovic Courtès <address@hidden> wrote:
>>> On 8 October 2012 04:38, Ludovic Courtès <address@hidden> wrote:
>>> Right. But then the pointer is being collected even though it remains
>>> inside the guardian, in the example it is never extracted from there.
>>
>> Well, when the object reaches the guardian’s zombie list, that’s because
>> it’s been finalized, so any weak references from that object can also be
>> nullified.
>
> Ah. So I thought that being in the zombie list prevented any
> finalization, thus when the guardian returns an object it is still
> fully functional and only after the reference is lost again does it
> really get finalized.
Well, the object is still usable when the guardian returns it, because
it’s been kept alive by the finalizer (‘finalize_guarded’ in
guardians.c).
Now, whether weak references from the object are subject to
“nullification” by the GC is clearly a gray area, but I’m not surprised
that it is.
>> How does it help? Should we close the bug? :-)
>
> Sure. At least you seem convinced and you has actually hacked on it :-)
Good. :-)
So closing it now, but feel free to reopen if you think something’s wrong.
Thanks,
Ludo’.
--- End Message ---