search

Interlisp / medley

The main repo for the Medley Interlisp project. Wiki, Issues are here. Other repositories include maiko (the VM implementation) and Interlisp.github.io (web site sources)
https://Interlisp.org
MIT License
376 stars 19 forks source link

[maiko] Creating a file with versioned name but too large version number can cause segmentation fault #1881

Open nbriggs opened 2 hours ago

nbriggs commented 2 hours ago

If a file with a name that looks like a Lisp versioned file exists in a directory being examined through a versioned FDEV (DSK) but the version number is more digits than the internal buffer used for conversion from text to integer the Maiko code will overrun the buffer and likely take a segmentation fault.

nbriggs commented 2 hours ago

test case:

touch test.~919534594857784514355537~

and then in a Medley exec window: DIR {DSK}/tmp which produces:

running: lde  -noscroll -g 1100x700 -sc 1100x700 -m 256  loadups/full.sysout
greet: /home/briggs/medley/greetfiles/MEDLEYDIR-INIT

*Error* Segmentation fault at address 0x34f30442.
Please record the signal and code information
and do a 'v' before trying anything else.
Enter the URaid
CL:NIL

backtrace is

    frame #10: 0x00450a95 ldex`quote_fname(file="test.~919534594857784514355537~") at ufs.c:1160:3
    frame #11: 0x00451fc1 ldex`enum_dsk(dir="/tmp", name="*.*", ver="*", finfo_buf=0xffbfe87c) at dir.c:873:9
    frame #12: 0x0045124d ldex`COM_gen_files(args=0x00460464) at dir.c:2077:15
    frame #13: 0x00432dd3 ldex`OP_subrcall(subr_no=112, argnum=4) at subr.c:175:20