[Guile-commits] 01/01: Fix buffer overrun with unbuffered custom binary input ports.

[Ludovic Courtès]

civodul pushed a commit to branch stable-2.0
in repository guile.

commit ed72201a795ac1c8d6c0288b6bb710f2bd0ebd9c
Author: Ludovic Courtès <address@hidden>
Date:   Sun Jan 18 21:52:48 2015 +0100

    Fix buffer overrun with unbuffered custom binary input ports.
    
    Fixes <http://bugs.gnu.org/19621>.
    
    Before that, in 'cbip_fill_input', BUFFERED would be set to 0 when
    reading from 'scm_getc' et al, because 'shortbuf' was being used.  Thus,
    we could eventually execute this line:
    
          /* Copy the data back to the internal buffer.  */
          memcpy ((char *) c_port->read_pos, SCM_BYTEVECTOR_CONTENTS (bv),
              c_octets);
    
    But 'read_pos' would quickly point to the fields beyond 'shortbuf',
    thereby leading to a corruption of the 'scm_t_port' itself.
    
    * libguile/r6rs-ports.c (cbip_setvbuf): When READ_SIZE is 0, keep using
      BV as the 'read_buf'.
      (cbip_fill_input): Adjust assertion to accept 'read_buf_size = 1'.
    * test-suite/tests/r6rs-ports.test ("7.2.7 Input Ports")["custom binary
      input port unbuffered & 'get-string-all'", "custom binary input port
      unbuffered UTF-8 & 'get-string-all'"]: New tests.
---
 libguile/r6rs-ports.c            |   17 ++++++++++-------
 test-suite/tests/r6rs-ports.test |   33 ++++++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/libguile/r6rs-ports.c b/libguile/r6rs-ports.c
index 83f8996..93171f0 100644
--- a/libguile/r6rs-ports.c
+++ b/libguile/r6rs-ports.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2009, 2010, 2011, 2013, 2014 Free Software Foundation, Inc.
+/* Copyright (C) 2009, 2010, 2011, 2013-2015 Free Software Foundation, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public License
@@ -307,9 +307,10 @@ cbip_setvbuf (SCM port, long read_size, long write_size)
   switch (read_size)
     {
     case 0:
-      /* Unbuffered: keep PORT's bytevector as is (it will be used in
-        future 'scm_c_read' calls), but point to the one-byte buffer.  */
-      pt->read_buf = &pt->shortbuf;
+      /* Unbuffered: keep using PORT's bytevector as the underlying
+        buffer (it will also be used by future 'scm_c_read' calls.)  */
+      assert (SCM_BYTEVECTOR_LENGTH (bv) >= 1);
+      pt->read_buf = (unsigned char *) SCM_BYTEVECTOR_CONTENTS (bv);
       pt->read_buf_size = 1;
       break;
 
@@ -404,9 +405,11 @@ cbip_fill_input (SCM port)
 
       if (buffered)
        {
-         /* Make sure the buffer isn't corrupt.  BV can be passed directly
-            to READ_PROC.  */
-         assert (c_port->read_buf_size == SCM_BYTEVECTOR_LENGTH (bv));
+         /* Make sure the buffer isn't corrupt.  Its size can be 1 when
+            someone called 'setvbuf' with _IONBF.  BV can be passed
+            directly to READ_PROC.  */
+         assert (c_port->read_buf_size == SCM_BYTEVECTOR_LENGTH (bv)
+                 || c_port->read_buf_size == 1);
          c_port->read_pos = (unsigned char *) SCM_BYTEVECTOR_CONTENTS (bv);
        }
       else
diff --git a/test-suite/tests/r6rs-ports.test b/test-suite/tests/r6rs-ports.test
index dba8036..e5f1266 100644
--- a/test-suite/tests/r6rs-ports.test
+++ b/test-suite/tests/r6rs-ports.test
@@ -1,6 +1,6 @@
 ;;;; r6rs-ports.test --- R6RS I/O port tests.   -*- coding: utf-8; -*-
 ;;;;
-;;;; Copyright (C) 2009, 2010, 2011, 2012, 2014 Free Software Foundation, Inc.
+;;;; Copyright (C) 2009-2012, 2014-2015 Free Software Foundation, Inc.
 ;;;; Ludovic Courtès
 ;;;;
 ;;;; This library is free software; you can redistribute it and/or
@@ -557,6 +557,37 @@ not `set-port-position!'"
                         obj))
                   ret)))))
 
+  (pass-if-equal "custom binary input port unbuffered & 'get-string-all'"
+      (make-string 1000 #\a)
+    ;; In Guile 2.0.11 this test would lead to a buffer overrun followed
+    ;; by an assertion failure.  See <http://bugs.gnu.org/19621>.
+    (let* ((input (with-fluids ((%default-port-encoding #f))
+                    (open-input-string (make-string 1000 #\a))))
+           (read! (lambda (bv index count)
+                    (let ((n (get-bytevector-n! input bv index
+                                                count)))
+                      (if (eof-object? n) 0 n))))
+           (port  (make-custom-binary-input-port "foo" read!
+                                                 #f #f #f)))
+      (setvbuf port _IONBF)
+      (get-string-all port)))
+
+  (pass-if-equal "custom binary input port unbuffered UTF-8 & 'get-string-all'"
+      (make-string 1000 #\λ)
+    ;; In Guile 2.0.11 this test would lead to a buffer overrun followed
+    ;; by an assertion failure.  See <http://bugs.gnu.org/19621>.
+    (let* ((input (with-fluids ((%default-port-encoding "UTF-8"))
+                    (open-input-string (make-string 1000 #\λ))))
+           (read! (lambda (bv index count)
+                    (let ((n (get-bytevector-n! input bv index
+                                                count)))
+                      (if (eof-object? n) 0 n))))
+           (port  (make-custom-binary-input-port "foo" read!
+                                                 #f #f #f)))
+      (setvbuf port _IONBF)
+      (set-port-encoding! port "UTF-8")
+      (get-string-all port)))
+
   (pass-if-equal "custom binary input port, unbuffered then buffered"
       `((6 "Lorem ") (12 "ipsum dolor ") (777 "sit amet, consectetur…")
         (777 ,(eof-object)))