bug#59874: Segfault from string-ref with negative 'k'
HI,
On +2022-12-07 11:29:28 +0100, Ricardo Wurmus wrote:
> Thank you for reporting this bug.
>
> > i noticed that if i, on my system, run "guile" from a shell and then type
> > into the command prompt that appears,
> >
> > (string-ref "a string" -1)
> >
> > guile appears to hang for a few seconds or so, and then prints the message
> > "Segmentation fault (core dumped)".
>
> I can reproduce this on Guix System with guile 3.0.8:
>
> --8<---cut here---start->8---
> guile --no-auto-compile --debug
> GNU Guile 3.0.8
> Copyright (C) 1995-2021 Free Software Foundation, Inc.
>
> Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
> This program is free software, and you are welcome to redistribute it
> under certain conditions; type `,show c' for details.
>
> Enter `,help' for help.
> scheme@(guile-user)> (string-ref "a string" -1)
> Segmentation fault
> --8<---cut here---end--->8---
>
> But:
>
> --8<---cut here---start->8---
> $ guile -c '(string-ref "a string" -1)'
> Backtrace:
> In ice-9/boot-9.scm:
> 1752:10 6 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
> In unknown file:
>5 (apply-smob/0 #)
> In ice-9/boot-9.scm:
> 724:2 4 (call-with-prompt ("prompt") # ice-9/eval.scm:330:13 ()> #)
> In ice-9/eval.scm:
> 619:8 3 (_ #(#(#)))
> In ice-9/command-line.scm:
>185:19 2 (_ #)
> In unknown file:
>1 (eval (string-ref "a string" -1) # 7f3912dd5c80>)
>0 (string-ref "a string" -1)
>
> ERROR: In procedure string-ref:
> Value out of range 0 to< 7: -1
> --8<---cut here---end--->8---
>
> --
> Ricardo
>
>
>
M-x guiler from emacs editing this reply, produced this:
--8<---cut here---start->8---
Current directory is ~/.mutt/ezTemp/
GNU Guile 2.2.4
Copyright (C) 1995-2017 Free Software Foundation, Inc.
Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.
Enter `,help' for help.
scheme@(guile-user)> (string-ref "a string" -1)
:1:0: Value out of range 0 to 18446744073709551615: -1
Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.
scheme@(guile-user) [1]>
--8<---cut here---end--->8---
The range number is not as nice as measuring the input string :)
(64-bit unsigned maxint in case not immediately recognized )
--8<---cut here---start->8---
scheme@(guile-user) [1]> (- (expt 2 64) 1)
$3 = 18446744073709551615
--8<---cut here---end--->8---
I am on puri.sm pureOS amber (old ;/)
--8<---cut here---start->8---
scheme@(guile-user) [1]> (system "uname -rv")
4.19.0-22-amd64 #1 SMP Debian 4.19.260-1 (2022-09-29)
--8<---cut here---end--->8---
M! guile --version (direct from here, not via geiser):
--8<---cut here---start->8---
guile (GNU Guile) 2.2.4
Packaged by Debian (2.2.4-deb+1-2+deb10u1)
Copyright (C) 2018 Free Software Foundation, Inc.
License LGPLv3+: GNU LGPL 3 or later .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
--8<---cut here---end--->8---
Interestingly, M! and paste the following
direct from here does measure the input string:
guile --no-auto-compile -c '(display (string-ref "a string" -1))'|& cat -n
--8<---cut here---start->8---
1 Backtrace:
2 6 (apply-smob/1 #)
3 In ice-9/boot-9.scm:
4 705:2 5 (call-with-prompt ("prompt") # …)
5 In ice-9/eval.scm:
6 619:8 4 (_ #(#(#)))
7 In ice-9/command-line.scm:
8 181:18 3 (_ #)
9 In unknown file:
10 2 (eval (display (string-ref "a string" -1)) #)
11 In ice-9/eval.scm:
12 191:35 1 (_ #f)
13 In unknown file:
14 0 (string-ref "a string" -1)
15
16 ERROR: In procedure string-ref:
17 Value out of range 0 to 7: -1
--8<---cut here---end--->8---
HTH, no more time for pleasant procrastinations :)
--
Regards,
Bengt Richter
bug#73188: PEG parser does not support full PEG grammar
• Late kudos to Ekaitz for this great PEG contribution, especially RISCV, which will IMO play a key part in the future of human secure control over machines :) • Is there a trustable git repo I could clone to follow future developments of this work? • IWBN to have an example doc for how to define a DSL and its interpreter a la brainf*ck, but compiled suitable for running in qemu bullet-proof container. Scroll to end of this email for what I was surprised worked, though it may have compromised my system, I'm not sure: CAVEAT! :) On +2024-12-22 22:22:09 +0100, Ludovic Courtès wrote: > Hi Ekaitz, > > Apologies for applying the wrong version of the patch series! > > I pushed the 3 patches you just sent: > > 6750f6cc8 * PEG: string-peg: Add HTML5 grammar test. > 38ad26497 * PEG: string-peg: Better support for escaping. > c86a48a92 * PEG: string-peg: Fix [^...] interpretation. > > I added commit logs that follow the project’s conventions (same as > Guix). > > In the future, when a patch fixes a bug, please include a test case that > reproduces the bug being fixed; possibly add information in the commit > log about the commit that introduced the bug/regression. This is useful > to get a good understanding of the situation. (I understand in this > case the problem was mostly me applying an earlier version.) > > And bonus points if you provide commit logs. :-) > > Thank you! > > Ludo’. > > > -=-=-=- Here is what worked way back when ludo published <https://lists.gnu.org/archive/html/info-gnu/2022-12/msg7.html> (a release announcement email that IMO is a paragon of release announcements) I'm not suggesting running this as I did, since I am not sure about security bugs, then and since, but I did it back when Ludo realeased it. CAVEAT! YOU HAVE BEEN WARNED! (Tips on published vulns appreciated) But runvm (below) seemed to work amazingly under (debian-based) pureos wayland. $ cd ~/wb/gxqemu/ $ file * guix-system-vm-image-1.4.0.x86_64-linux.qcow2: QEMU QCOW2 Image (v3), 32255246336 bytes runvm: Bourne-Again shell script, ASCII text executable $ ls -ltrad * -rwxr-xr-x 1 bokr bokr211 Feb 7 2024 runvm -rw-r--r-- 1 bokr bokr 8862695424 Oct 14 02:17 guix-system-vm-image-1.4.0.x86_64-linux.qcow2 $ du -h guix-system-vm-image-1.4.0.x86_64-linux.qcow2 8.3Gguix-system-vm-image-1.4.0.x86_64-linux.qcow2 $ cat -nA runvm 1 #!/usr/bin/bash$ 2 $ 3 qemu-system-x86_64 \$ 4 -nic user,model=virtio-net-pci \$ 5 -enable-kvm -m 2048 \$ 6 -device virtio-blk,drive=myhd \$ 7 -drive if=none,file=guix-system-vm-image-1.4.0.x86_64-linux.qcow2,id=myhd$ $ $ # I'm not doing the following, since I am not sure about security bugs, but I did it $ # when Ludo realeased it (with a realease announcement email that IMO is a paragon of $ # relase announcements): <https://lists.gnu.org/archive/html/info-gnu/2022-12/msg7.html> $ # $ # ./runvm & $ # in a system with Wayland as the display compositor, this runs the image in the foreground AND $ # continues running the term CLI '(bash)' in the background, amazingly compositing both anything $ # running via X-wayland headless Xorg, like maybe firefox-esr, and the qcow image, so you can $ # mouse around and switch between the two. $ $ # NOTICE: Not responsible for consequences of trying this: YOU HAVE BEEN WARNED :) $ $ uname -a Linux BRL14v1 5.10.0-33-amd64 #1 SMP Debian 5.10.226-1 (2024-10-03) x86_64 GNU/Linux $ pwd /home/bokr/wb/gxqemu $ cd ~/wb/guix/guix $ git log|head commit e92b20a41a026b8af7dd2031eb61267b061617b5 Author: Tomas Volf <~@wolfsden.cz> Date: Fri Dec 13 17:27:46 2024 +0100 services: mingetty: Support waiting on shepherd services. For auto-login on systems with elogind, dbus-system needs to be started. This commit adds ability to express that ordering. * gnu/services/base.scm (): Add shepherd-requirement $ -=-=-=- I am interested in using Ekaitz's Peg work and predecessor guile work of Andy Wingo and Ludo to produce secure minimal-code guile extensions displaying popups showing e.g. progress graphics based on direct wayland event protocols, to be able to show status of "hung" looping or deadlocked threads, subject ot user privilege authentication. IIRC the display ran at 60hz before starting the cow2 image and dropped to 30hz when showing both display outputs at the same time. If I get time, I'll try to take a video with my phone to show it, but don't hold your breath ;-) It would be interesting to try a minimal wayland for mes too :) Obviously these are wip-thoughts ;-) Thanks for reading :) Happy Holidays -- With kind regards, Bengt Richter
bug#62590: Strange put-char encoding-error "conversion to port encoding failed"
I'm wondering what writing the backtrace to a /tmp/file and doing a cat -nA on it would show. (to get the traceback bits presented by independent alternate formatting machinery from what produced what you've seen so far). On +2025-02-11 19:06:46 +, Christopher Baines wrote: > Christopher Baines writes: > > > Christopher Baines writes: > > > >> I've been seeing some strange occasional errors for a while now. > > > > ... > > > >> I'm not sure what the 84 means? If I'm picking out the characters that > >> have failed to be encoded, I'm not sure why some of these would fail > >> (like space or w)? > >> > >> Unfortunately I'm not sure how to reproduce this. Suspendable ports > >> might be a factor here as that is probably in use. > > > > Still seeing these errors, including today. I've managed to stumble on a > > reliable and somewhat minimal way of reproducing them: > > Here's a slightly simplified version with some comments: > > (use-modules (ice-9 binary-ports) > (rnrs bytevectors) > (ice-9 exceptions) > (ice-9 threads) > (system repl debug)) > > (setvbuf (current-output-port) 'line) > (setvbuf (current-error-port) 'line) > > (simple-format (current-error-port) >"current-output-port: ~A (encoding: ~A)\n\n" >(current-output-port) >(port-encoding (current-output-port))) > > (for-each > (lambda (i) >(call-with-new-thread > (lambda () > (with-exception-handler > (lambda (exn) > (let ((stack (make-stack #t))) > (print-frames (stack->vector stack) > (current-error-port) > #:count (stack-length stack)) > (print-exception >(current-error-port) >(stack-ref stack 3) >'%exception >(list exn))) > (force-output (current-error-port)) > > (primitive-exit 1)) > (lambda () > (while #t > (with-exception-handler > (lambda (exn) > ;; The put-char error seems to happen around here > (simple-format (current-output-port) > "exception: ~A\n" > exn) > #f) > (lambda () > (with-throw-handler #t > (lambda () > ;; Cause some error, I think any error will do > (+ 'a 1)) > (lambda (key . args) > (let* ((stack (make-stack #t 3)) >(backtrace > (call-with-output-string > (lambda (port) > (display-backtrace stack port) > (newline port) > (display >;; Printing the backtrace seems significant, >;; other strings don't seem to reproduce the >;; behaviour >backtrace >(current-output-port)) > #f > #:unwind? #t))) > (iota 2)) > > (sleep 60)
