[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] GNU Guile branch, master, updated. release_1-9-13-127-g3
From: |
Andy Wingo |
Subject: |
[Guile-commits] GNU Guile branch, master, updated. release_1-9-13-127-g3ef6650 |
Date: |
Sat, 04 Dec 2010 18:28:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Guile".
http://git.savannah.gnu.org/cgit/guile.git/commit/?id=3ef6650def28f7c29a2cc983086468d3195167d4
The branch, master has been updated
via 3ef6650def28f7c29a2cc983086468d3195167d4 (commit)
from 8556760c234b75e1faba956ba7b3b44175783459 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3ef6650def28f7c29a2cc983086468d3195167d4
Author: Andy Wingo <address@hidden>
Date: Sat Dec 4 19:31:20 2010 +0100
make-string et al nulls memory if not given an initializer
* libguile/gc-malloc.c: Add a note that the gc-malloc does not clear the
memory block, so users need to make sure it is initialized.
* libguile/bitvectors.c (scm_c_make_bitvector):
* libguile/bytevectors.c (scm_make_bytevector):
* libguile/strings.c (scm_c_make_string): If no initializer is given,
initialize the bytes to 0. Prevents information leakage if an app uses
make-string et al without initializers.
* libguile/foreign.c (make_cif): Initialize this too, to prevent leakage
in the struct holes. Paranoia...
-----------------------------------------------------------------------
Summary of changes:
libguile/bitvectors.c | 4 +++-
libguile/bytevectors.c | 2 ++
libguile/foreign.c | 2 ++
libguile/gc-malloc.c | 6 ++++--
libguile/strings.c | 10 +++++++---
5 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/libguile/bitvectors.c b/libguile/bitvectors.c
index 67f5abd..65fc021 100644
--- a/libguile/bitvectors.c
+++ b/libguile/bitvectors.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1995,1996,1997,1998,2000,2001,2002,2003,2004, 2005, 2006,
2009 Free Software Foundation, Inc.
+/* Copyright (C) 1995,1996,1997,1998,2000,2001,2002,2003,2004, 2005, 2006,
2009, 2010 Free Software Foundation, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
@@ -117,6 +117,8 @@ scm_c_make_bitvector (size_t len, SCM fill)
if (!SCM_UNBNDP (fill))
scm_bitvector_fill_x (res, fill);
+ else
+ memset (bits, 0, sizeof (scm_t_uint32) * word_len);
return res;
}
diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c
index 31703bf..30adbff 100644
--- a/libguile/bytevectors.c
+++ b/libguile/bytevectors.c
@@ -482,6 +482,8 @@ SCM_DEFINE (scm_make_bytevector, "make-bytevector", 1, 1, 0,
for (i = 0; i < c_len; i++)
contents[i] = c_fill;
}
+ else
+ memset (SCM_BYTEVECTOR_CONTENTS (bv), 0, c_len);
return bv;
}
diff --git a/libguile/foreign.c b/libguile/foreign.c
index b50f5a1..082ec7f 100644
--- a/libguile/foreign.c
+++ b/libguile/foreign.c
@@ -609,6 +609,8 @@ make_cif (SCM return_type, SCM arg_types, const char
*caller)
+ (nargs + n_struct_elts + 1)*sizeof(ffi_type));
mem = scm_gc_malloc_pointerless (cif_len, "foreign");
+ /* ensure all the memory is initialized, even the holes */
+ memset (mem, 0, cif_len);
cif = (ffi_cif *) mem;
/* reuse cif_len to walk through the mem */
diff --git a/libguile/gc-malloc.c b/libguile/gc-malloc.c
index e409b6e..4f77f65 100644
--- a/libguile/gc-malloc.c
+++ b/libguile/gc-malloc.c
@@ -169,8 +169,10 @@ scm_gc_unregister_collectable_memory (void *mem, size_t
size, const char *what)
#endif
}
-/* Allocate SIZE bytes of memory whose contents should not be scanned for
- pointers (useful, e.g., for strings). */
+/* Allocate SIZE bytes of memory whose contents should not be scanned
+ for pointers (useful, e.g., for strings). Note though that this
+ memory is *not* cleared; be sure to initialize it to prevent
+ information leaks. */
void *
scm_gc_malloc_pointerless (size_t size, const char *what)
{
diff --git a/libguile/strings.c b/libguile/strings.c
index a305450..729b33d 100644
--- a/libguile/strings.c
+++ b/libguile/strings.c
@@ -1112,7 +1112,7 @@ SCM_DEFINE (scm_make_string, "make-string", 1, 1, 0,
"Return a newly allocated string of\n"
"length @var{k}. If @var{chr} is given, then all elements of\n"
"the string are initialized to @var{chr}, otherwise the contents\n"
- "of the @var{string} are unspecified.")
+ "of the @var{string} are all set to @var{#\nul}.")
#define FUNC_NAME s_scm_make_string
{
return scm_c_make_string (scm_to_size_t (k), chr);
@@ -1124,9 +1124,13 @@ scm_c_make_string (size_t len, SCM chr)
#define FUNC_NAME NULL
{
size_t p;
- SCM res = scm_i_make_string (len, NULL);
+ char *contents = NULL;
+ SCM res = scm_i_make_string (len, &contents);
- if (!SCM_UNBNDP (chr))
+ /* If no char is given, initialize string contents to NULL. */
+ if (SCM_UNBNDP (chr))
+ memset (contents, 0, len);
+ else
{
SCM_VALIDATE_CHAR (0, chr);
res = scm_i_string_start_writing (res);
hooks/post-receive
--
GNU Guile
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Guile-commits] GNU Guile branch, master, updated. release_1-9-13-127-g3ef6650,
Andy Wingo <=