#67: deftransform for replace is unsafe --------------------+------------------------------------------------------- Reporter: rtoy | Owner: somebody Type: defect | Status: new Priority: major | Milestone: Component: Core | Version: 2012-12 Keywords: | --------------------+------------------------------------------------------- Consider this function {{{ (defun bad (s) (declare (simple-string s)) (replace s s :start2 100 :end2 105)) }}} After compiling this, {{{ (bad (copy-seq "1234567890")) }}} Produces a totally bogus result, filling in the first 4 characters of the resulting string with garbage.
The problem is that the deftransform for replace just calls {{{BIT-BASH- COPY}}} without verifying that the start and end indices make sense for the given string. Note that it also doesn't check to see that end >= start, but this gets handled by {{{BIT-BASH-COPY}}} which gets a negative length and signals an error.
#67: deftransform for replace is unsafe ---------------------+------------------------------------------------------ Reporter: rtoy | Owner: somebody Type: defect | Status: closed Priority: major | Milestone: Component: Core | Version: 2012-12 Resolution: fixed | Keywords: ---------------------+------------------------------------------------------ Changes (by toy.raymond@…):
* status: new => closed * resolution: => fixed
Comment:
commit 3be4fc215fa2a4d23dc145e6cfa9519492525bc1 Author: Raymond Toy toy.raymond@gmail.com Date: Sat Dec 22 12:46:45 2012 -0800
Fix ticket:67
Check that the start and end indices make sense for the given strings. This is important before we start bashing random parts of the string, potentially overwriting other objects.
-
cmucl