#354 Stem default value bug

closed
None
5
2012-08-14
2007-06-20
No

Simple test case:

s = .stem~new
s[]=s
say s

will cause ooRexx to segfault (ooRexx build from current SVN tree, Debian 4.0, x86)

The problem is that stem[]=... doesn't validate it's arguments. Thus it works to set it to a cyclic reference. This causes no problems until the default value is questioned again, but then it enters an endless recursion...

There is the problem:
RexxString RexxStem::stringValue()
/***********
/
/ Function: Forward string request on to the default value /
/***********/
{
/
return the objects string value /
return (RexxString
)this->value->stringValue();
}

And there is the main problem:

RexxObject RexxStem::bracketEqual(
RexxObject
tails, / tail elements /
size_t argCount) /
number of tail elements /
[...]
if (argCount == 1) { /
just setting the default value? /
/
set the new default value /
OrefSet(this, this->value, new_value);
this->tails.clear(); /
clear out the dictionary /
this->dropped = FALSE; /
now have an explicit value /
return this->value; /
just return the default value */
}

It sets the value without validation...
Thanks, Moritz

Discussion

  • Moritz Hoffmann

    Moritz Hoffmann - 2007-06-20

    Logged In: YES
    user_id=1267170
    Originator: YES

    To speed up things I add a patch. This does the following thing in RexxStem::bracketEqual()
    if (argCount == 1) { / just setting the default value? /
    if (new_value == this) / test for illegal default value /
    report_exception1(Error_Execution_badobject,new_string("1",1));

    And now the following happens:
    moritz@TP42:serializable % ~/dev/oorexx/interpreter-3.x/trunk/.libs/rexx /opt/ooRexx/share/ooRexx/rexxtry.rex
    REXX-ooRexx_3.2.0(MT) 6.02 18 Jun 2007
    rexxtry.rex lets you interactively try REXX statements.
    Each string is executed when you hit Enter.
    Enter 'call tell' for a description of the features.
    Go on - try a few... Enter 'exit' to end.
    s = .stem~new
    ............................................... rexxtry.rex on LINUX
    s[]=s
    Oooops ! ... try again. Execution error
    Incorrect object reference detected
    rc = 98 ....................................... rexxtry.rex on LINUX

    File Added: stem.diff

     
  • Moritz Hoffmann

    Moritz Hoffmann - 2007-06-20

    SVN Diff for changes to solve issue

     
  • Rick McGuire

    Rick McGuire - 2007-06-20

    Logged In: YES
    user_id=1125291
    Originator: NO

    Yes, but it can't really eliminate all occurrances of the problem. This only handles a single cycle loop, but there are other ways to create circular references that can create these sorts of loops. For example,

    a.[] = b.
    b.[] = a.

    would create the same overflow situation.

     
  • Rick McGuire

    Rick McGuire - 2007-06-21

    Logged In: YES
    user_id=1125291
    Originator: NO

    Committed revision 488.

    While it's not really possible to prevent all recursions here, it does seem reasonable to prevent a stem default value from being set to a stem variable, since the assignment

    a. = b.

    does not give that result.

     
  • Moritz Hoffmann

    Moritz Hoffmann - 2007-07-05

    Logged In: YES
    user_id=1267170
    Originator: YES

    I think this solution is good enough!
    Moritz

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks