GNU bug report logs - #60487
string-ref segfaults with n < 0 on Guile 3.0.8

Previous Next

Package: guile;

Reported by: festerdam <at> posteo.net

Date: Mon, 2 Jan 2023 08:54:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 60487 in the body.
You can then email your comments to 60487 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guile <at> gnu.org:
bug#60487; Package guile. (Mon, 02 Jan 2023 08:54:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to festerdam <at> posteo.net:
New bug report received and forwarded. Copy sent to bug-guile <at> gnu.org. (Mon, 02 Jan 2023 08:54:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: festerdam <at> posteo.net
To: bug-guile <at> gnu.org
Subject: string-ref segfaults with n < 0 on Guile 3.0.8
Date: Mon, 02 Jan 2023 04:12:33 +0000
The following code results in a segmentation fault on Guile 
3.0.8-deb+3.0.8-2 (obtained from the Debian repositories):
    (string-ref "my string" -3)

gdb's backtrace is the following:

#0  0x00007ffff7f1bcc5 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#1  0x00007ffff7f26c49 in scm_call_n ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#2  0x00007ffff7e97b29 in scm_apply_0 ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#3  0x00007ffff7f15966 in scm_throw ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#4  0x00007ffff7f174e9 in scm_ithrow ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#5  0x00007ffff7e94735 in scm_error_scm ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#6  0x00007ffff7e94790 in scm_error ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#7  0x00007ffff7ee19e7 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#8  0x00007ffff7ee208b in scm_to_uint64 ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#9  0x00007ffff7f1c5e4 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#10 0x00007ffff7f26c49 in scm_call_n ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#11 0x00007ffff7e93a97 in scm_primitive_eval ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#12 0x00007ffff7e99a86 in scm_eval ()
   from /lib/x86_64-linux-gnu/libguile-3.0.so.1
#13 0x00007ffff7ef91c6 in scm_shell () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#14 0x00007ffff7ea865c in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#15 0x00007ffff7e91f6a in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#16 0x00007ffff7f194e8 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#17 0x00007ffff7f26c49 in scm_call_n () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#18 0x00007ffff7e936ea in scm_call_2 () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#19 0x00007ffff7f42292 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#20 0x00007ffff7f0ff4f in scm_c_catch () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#21 0x00007ffff7e942e6 in scm_c_with_continuation_barrier () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#22 0x00007ffff7f14b89 in ?? () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#23 0x00007ffff7c190e7 in GC_call_with_stack_base () from 
/lib/x86_64-linux-gnu/libgc.so.1
#24 0x00007ffff7f0fe68 in scm_with_guile () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#25 0x00007ffff7eb1185 in scm_boot_guile () from 
/lib/x86_64-linux-gnu/libguile-3.0.so.1
#26 0x000055555555510f in ?? ()
#27 0x00007ffff7c9918a in __libc_start_call_main 
(main=main <at> entry=0x5555555550b0, argc=argc <at> entry=1, 
argv=argv <at> entry=0x7fffffffe0b8) at 
../sysdeps/nptl/libc_start_call_main.h:58
#28 0x00007ffff7c99245 in __libc_start_main_impl (main=0x5555555550b0, 
argc=1, argv=0x7fffffffe0b8, init=<optimized out>, fini=<optimized out>, 
rtld_fini=<optimized out>, stack_end=0x7fffffffe0a8) at 
../csu/libc-start.c:381
#29 0x00005555555551aa in ?? ()





Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Mon, 16 Jan 2023 22:16:02 GMT) Full text and rfc822 format available.

Notification sent to festerdam <at> posteo.net:
bug acknowledged by developer. (Mon, 16 Jan 2023 22:16:02 GMT) Full text and rfc822 format available.

Message #10 received at 60487-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: festerdam <at> posteo.net
Cc: 60487-done <at> debbugs.gnu.org
Subject: Re: bug#60487: string-ref segfaults with n < 0 on Guile 3.0.8
Date: Mon, 16 Jan 2023 23:15:31 +0100
Hi,

festerdam <at> posteo.net skribis:

> The following code results in a segmentation fault on Guile
> 3.0.8-deb+3.0.8-2 (obtained from the Debian repositories):
>     (string-ref "my string" -3)

I can reproduce it with 3.0.8, where I get this backtrace:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (string-ref "my string" -3)

Thread 1 "guile" received signal SIGSEGV, Segmentation fault.
0x00007ffff7f419d9 in scm_is_values (x=<optimized out>) at values.h:30
30      values.h: No such file or directory.
(gdb) bt
#0  0x00007ffff7f419d9 in scm_is_values (x=<optimized out>) at values.h:30
#1  vm_debug_engine (thread=0x7ffff75c1d80) at vm-engine.c:974
#2  0x00007ffff7f4c5d9 in scm_call_n (proc=<optimized out>, argv=<optimized out>, nargs=5)
    at vm.c:1610
#3  0x00007ffff7eb8571 in scm_apply_0 (proc=#<program 7ffff5c4e960>, args=()) at eval.c:603
#4  0x00007ffff7f3dc8d in scm_throw (key=out-of-range, 
    args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7ffff2bb2c30)
    at throw.c:262
#5  0x00007ffff7f3dca9 in scm_ithrow (key=<optimized out>, args=<optimized out>, 
    no_return=<optimized out>) at throw.c:457
#6  0x00007ffff7eb5245 in scm_error_scm (key=key <at> entry=out-of-range, subr=<optimized out>, 
    message=message <at> entry="Value out of range ~S to< ~S: ~S", 
    args=args <at> entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7ffff2bb2c70, data=data <at> entry=(4611686018427387901)) at error.c:90
#7  0x00007ffff7eb52a0 in scm_error (key=out-of-range, subr=0x0, message=<optimized out>, 
    args=<error reading variable: ERROR: Cannot access memory at address 0x0>0x7ffff2bb2c70, 
    rest=(4611686018427387901)) at error.c:62
#8  0x00007ffff7f02dd7 in range_error (bad_val=bad_val <at> entry=4611686018427387901, 
    min=min <at> entry=<error reading variable: ERROR: Cannot access memory at address 0x0>0x0, 
    max=#<bignum 7ffff2baeda0>) at numbers.c:6611
#9  0x00007ffff7f04dfb in scm_to_uint64 (arg=4611686018427387901) at integers.c:259
#10 0x00007ffff7f42215 in vm_debug_engine (thread=0x7ffff75c1d80) at vm-engine.c:1533
#11 0x00007ffff7f4c5d9 in scm_call_n (proc=<optimized out>, argv=<optimized out>, nargs=1)
    at vm.c:1610
#12 0x00007ffff7eb4457 in scm_primitive_eval (exp=<optimized out>, 
    exp <at> entry=((@ (ice-9 control) %) (begin (load-user-init) ((@ (ice-9 top-repl) top-repl)))))
    at eval.c:671
#13 0x00007ffff7eba4b6 in scm_eval (
    exp=((@ (ice-9 control) %) (begin (load-user-init) ((@ (ice-9 top-repl) top-repl)))), 
    module_or_state="#<struct module>" = {...}) at eval.c:705
#14 0x00007ffff7f1e3b6 in scm_shell (argc=1, argv=0x7fffffffd058) at script.c:357
--8<---------------cut here---------------end--------------->8---

Fortunately, this was fixed recently in
c0004442b7691f59a0e37869ef288eb26382ad9e.

Thanks!

Ludo’.




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 14 Feb 2023 12:24:14 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 43 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.