tcl-core

[TCLCORE] a comment with regard to the fix of bug 2494093

[Matthias K. <ma...@us...>]

Hi everybody,

I want to give two points to your attention that concern me with the fix
of bug 2494093 (buffer overflow in AppendUnicodeToUnicode() ->
SEGFAULT). But first thank you very much for helping to find the problem
and then fixing it promptly!

1) The fix as now implemented restricts the content of variables to
  INT_MAX/4 which is 512MB! To my mind this is comparatively small and
  should be documented somewhere. Please notice that this is also half
  the size, of what was possible in 8.4.19 / 8.5.6.

2) In tclStringObj.c is a lengthy documentation of the memory allocation
  algorithm for strings. This is now obsolete in the case when more than
  INT_MAX/4 memory is free and could be allocated. As in this case we
  panic() before even coming to the attemptckalloc().

What you should make with this information? Well, I don't know. I just
wanted to make sure it doesn't get lost and someone has to learn it the
hard way. I can live with the fix now.

Where is the use case that needs so much memory? Consider vfs::memchan.
This is where I stumbled over the issue. I thought I use vfs::memchan to
be able to transparently uncompress and evaluate the crc of archives...

kind regards
-- Matthias Kraft

Re: [TCLCORE] a comment with regard to the fix of bug 2494093

[Donald G P. <dg...@NI...>]

Matthias Kraft wrote:
> I want to give two points to your attention that concern me with the fix
> of bug 2494093 ...

The right place to raise these concerns is on Ticket 2494093 in the
Tcl Bug Tracker.  Re-open if need be.

-- 
| Don Porter          Mathematical and Computational Sciences Division |
| don...@ni...             Information Technology Laboratory |
| http://math.nist.gov/~DPorter/                                  NIST |
|______________________________________________________________________|

Re: [TCLCORE] a comment with regard to the fix of bug 2494093

[WANGNICK S. <seb...@eu...>]

I for one am happy that this issue is not hidden in the Tracker ...

-----Original Message-----
From: Donald G Porter [mailto:dg...@NI...] 
Sent: Wednesday 14 January 2009 23:48
To: Matthias Kraft
Cc: tcl-core
Subject: Re: [TCLCORE] a comment with regard to the fix of bug 2494093

Matthias Kraft wrote:
> I want to give two points to your attention that concern me with the 
> fix of bug 2494093 ...

The right place to raise these concerns is on Ticket 2494093 in the Tcl
Bug Tracker.  Re-open if need be.
____

This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful.

Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL, unless it is confirmed by appropriately signed hard copy.

Any views expressed in this message are those of the sender.

Re: [TCLCORE] a comment with regard to the fix of bug 2494093

[Donal K. F. <don...@ma...>]

WANGNICK Sebastian wrote:
> I for one am happy that this issue is not hidden in the Tracker ...

FWIW (and for those who don't know this already) this is really just bug
219196 - yes, it's an old one - in another guise. I plan to tackle it
properly when we drop the ABI/API full compatibility promise for 9.0,
but the changes required are far too messy to do before then. The issue
is really that Tcl mixes up between 'int' and 'long' and 'size_t' and
many other integer-ish types in many places, and sometime that Augean
Stable must be cleaned. Everything done before then is merely marking
time...

Donal.