Comment line causes segfault

[MaxBarraclough]

I'm getting a segfault from a long comment line.

I'm running the latest pForth master (commit b6c2720), on Ubuntu 22.04.4 LTS / AMD64.

The segfault does not occur if I use the older pForth available through Ubuntu's apt package-manager.

The following 2-line shell script recreates the issue (adapted to omit the fully-qualified path of the pforth_standalone binary in my filesystem). Small changes to the long comment line often stop the segfault occurring.

echo "\ 123456 1234 12 123 1234 1234 1234 12 1234 1234 123 1 12 1234567 1234 1  12345 1234 123 1234 1234567 123456 12345678901 123 123 12345678" > segfault.fth

pforth_standalone segfault.fth

[philburk]

@MaxBarraclough - Thanks for reporting this.

The ACCEPT code seems to limit the number of characters it will write into the buffer. If the buffer is not full it will append an EOL. If the buffer is full it does not.

The \ word is defined as:

: \     EOL WORD DROP ;

So if there is no EOL then WORD maybe shoots past the end of the buffer and reads memory it should not be seeing.

Note that ACCEPT should not append anything to the buffer, according to: https://forth-standard.org/standard/core/ACCEPT

So maybe the problem is that WORD should not be parsing past the end of the buffer.

WORD is defined in terms of SKIP and SCAN at https://github.com/philburk/pforth/blob/b6c27209ee2b621d8edff19408f357fb814bdf8e/csrc/pf_words.c#L213

SKIP and SCAN seem to be handling the buffer size limits correctly. https://github.com/philburk/pforth/blob/b6c27209ee2b621d8edff19408f357fb814bdf8e/csrc/pf_words.c#L78

I will need to use a source level debugger in XCode.