Closed p5pRT closed 20 years ago
Sorry if this is a duplicate\, I sent a similar report with perlbug yesterday but didn't receive it back nor can I find it in the archive. Maybe mail on that machine was misconfigured.
It's a long standing bug\, the following code core dumps with yesterday's repository perl.
perl -le '
require "MD5.pm";
sub new { bless {}\, shift;} # OK if commented
open FH\, "/etc/hosts" or die;
my $md5 = new MD5; # OK if MD5->new
print "md5[$md5]\n"; # prints e.g. md5[MD5=HASH(0x80ee280)]
$md5->addfile(*FH); # SEGV
'
md5[MD5=HASH(0x80ed200)]
zsh: segmentation fault (core dumped)
I have reported this long time ago (no bug ID)\, you can find the old postings with this query:
http://www.xray.mpe.mpg.de/cgi-bin/w3glimpse/perl5-porters?query=md5+addfile+hash&errors=0&case=on&maxfiles=100&maxlines=30
-- andreas
On 14 Mar 2000 10:08:54 +0100\, Andreas J. Koenig wrote:
Sorry if this is a duplicate\, I sent a similar report with perlbug yesterday but didn't receive it back nor can I find it in the archive. Maybe mail on that machine was misconfigured.
It's a long standing bug\, the following code core dumps with yesterday's repository perl.
perl -le '
require "MD5.pm"; sub new { bless {}\, shift;} # OK if commented open FH\, "/etc/hosts" or die; my $md5 = new MD5; # OK if MD5->new print "md5[$md5]\n"; # prints e.g. md5[MD5=HASH(0x80ee280)] $md5->addfile(*FH); # SEGV ' md5[MD5=HASH(0x80ed200)]zsh: segmentation fault (core dumped)
The C\
bless({}\,'MD5')->addfile(*FOO);
MD5::addfile apparently doesn't like that uninitialized fake MD5 object very much. (You might want to talk to the author of MD5 about that.)
Just never ever use the indirect object form with a bareword name. This is precisely why we support C\<new MD5::>\, which ought to work fine.
Sarathy gsar@ActiveState.com
Gurusamy Sarathy \gsar@​ActiveState\.com writes:
On 14 Mar 2000 10:08:54 +0100\, Andreas J. Koenig wrote:
Sorry if this is a duplicate\, I sent a similar report with perlbug yesterday but didn't receive it back nor can I find it in the archive. Maybe mail on that machine was misconfigured.
It's a long standing bug\, the following code core dumps with yesterday's repository perl.
perl -le '
require "MD5.pm"; sub new { bless {}\, shift;} # OK if commented open FH\, "/etc/hosts" or die; my $md5 = new MD5; # OK if MD5->new print "md5[$md5]\n"; # prints e.g. md5[MD5=HASH(0x80ee280)] $md5->addfile(*FH); # SEGV ' md5[MD5=HASH(0x80ed200)]zsh: segmentation fault (core dumped)
The C\
there is being parsed as a subroutine call new('MD5'). So you're effectively doing: bless({}\,'MD5')->addfile(*FOO);
MD5::addfile apparently doesn't like that uninitialized fake MD5 object very much. (You might want to talk to the author of MD5 about that.)
This patch for Digest::MD5 should help\, but it can still be made to core dump with code like:
perl -MMD5 -e '$a = 3333; $m = bless \$a\, "MD5"; $m->add(*foo); print $m'
since we will here try to access memory at address 3333 in order to verify the signature.
To be real safe I think I would have to hide the pointer in magic. I'll try to improve it a bit more before uploading a Digest-MD5-2.10.
Perhaps the recommendations in perlxs for how to hide pointers to C structures should be updated likewise and there be some standard safe typemap for this kind of thing. Is magic the best way to go?
Regards\, Gisle
RCS file: /home/cvs/aas/perl/mods/md5/MD5.xs\,v retrieving revision 1.24 diff -u -p -u -r1.24 MD5.xs --- MD5.xs 1999/07/28 10:38:50 1.24 +++ MD5.xs 2000/03/16 22:24:21 @@ -92\,10 +92\,12 @@ static void u2s(U32 u\, U8* s) ((U32)(*(s+3)) \<\< 24)) #endif
+#define MD5_CTX_SIGNATURE 200003165
/* This stucture keeps the current state of algorithm. */ typedef struct { + U32 signature; /* safer cast in get_md5_ctx() */ U32 A\, B\, C\, D; /* current digest */ U32 bytes_low; /* counts bytes in message */ U32 bytes_high; /* turn it into a 64-bit counter */ @@ -418\,8 +420\,15 @@ MD5Final(U8* digest\, MD5_CTX *ctx)
static MD5_CTX* get_md5_ctx(SV* sv) { - if (sv_derived_from(sv\, "Digest::MD5")) - return (MD5_CTX*)SvIV(SvRV(sv)); + if (SvROK(sv)) { + sv = SvRV(sv); + if (SvIOK(sv)) { + MD5_CTX* ctx = (MD5_CTX*)SvIV(sv); + if (ctx && ctx->signature == MD5_CTX_SIGNATURE) { + return ctx; + } + } + } croak("Not a reference to a Digest::MD5 object"); return (MD5_CTX*)0; /* some compilers insist on a return value */ } @@ -515\,6 +524\,7 @@ new(xclass) STRLEN my_na; char *sclass = SvPV(xclass\, my_na); New(55\, context\, 1\, MD5_CTX); + context->signature = MD5_CTX_SIGNATURE; ST(0) = sv_newmortal(); sv_setref_pv(ST(0)\, sclass\, (void*)context); SvREADONLY_on(SvRV(ST(0)));
"Gisle" == Gisle Aas \gisle@​aas\.no writes: Gisle> Perhaps the recommendations in perlxs for how to hide Gisle> pointers to C structures should be updated likewise and Gisle> there be some standard safe typemap for this kind of thing. Gisle> Is magic the best way to go?
You want '~' magic\, but no\, there's no standard typemap for it or any other magic that I'm aware of.
-- Stephen
"If I claimed I was emporer just cause some moistened bint lobbed a scimitar at me they'd put me away"
Migrated from rt.perl.org#2364 (status was 'resolved')
Searchable as RT2364$