#67: deftransform for replace is unsafe --------------------+------------------------------------------------------- Reporter: rtoy | Owner: somebody Type: defect | Status: new Priority: major | Milestone: Component: Core | Version: 2012-12 Keywords: | --------------------+------------------------------------------------------- Consider this function {{{ (defun bad (s) (declare (simple-string s)) (replace s s :start2 100 :end2 105)) }}} After compiling this, {{{ (bad (copy-seq "1234567890")) }}} Produces a totally bogus result, filling in the first 4 characters of the resulting string with garbage. The problem is that the deftransform for replace just calls {{{BIT-BASH- COPY}}} without verifying that the start and end indices make sense for the given string. Note that it also doesn't check to see that end >= start, but this gets handled by {{{BIT-BASH-COPY}}} which gets a negative length and signals an error. -- Ticket URL: <http://trac.common-lisp.net/cmucl/ticket/67> cmucl <http://common-lisp.net/project/cmucl> Cmucl is a high-performance, free Common Lisp implementation.