[cffi-devel] Re: varargs (again)

Hoehle, Joerg-Cyril Joerg-Cyril.Hoehle at t-systems.com
Fri Jan 13 12:46:46 UTC 2006 

Hi,

Brad Anderson wrote:
>I saw some topics in the archives about varargs,
First, I have to repeat that interfacing to varargs is, hm... challenging.  You cannot expect to be able to use varargs functions portably.  It may still work in some cases, and possibly all the cases that you need, but there's no general solution yet, neither within most Lisp implementations, nor for many other programming language environments.


Luis' and James' talk about how it could/would look like at the cffi level, when it will work.  But that does not make the low-level machinery be able to use varargs in general.  Yet the few cases that you need may still work.

That said, I'd prefer a single defcfun with a possible &rest marker, than another defcfun-varargs entry point.  Oh well, that's a matter of endless debate.  E.g. for my AFFI (10 years ago), I had separate defining forms, whereas Sam Steingold in clisp unified all (library or module) into ffi:def-call-out distinguished by the presence of (:library #).

In the long run (varargs fully supported), it presumably makes no sense to have two defining entry points.  A keyword variation is enough to deal with the special case.  IMHO it's just now that we want to distinguish both, perhaps because one works, and the other not, or because one is well-defined, and the other still gathering ideas.


Luis Oliveira wrote:
>  (defcfun "xmlParserError" :void
>    (ctx :pointer)
>    (msg :string))
>  (defun xml-parser-error (control-string &rest args)
>    (xmlParserError <whatever-a-ctx-is>
>                    (format nil "~?" control-string args)))

Here you allow your application to crash when given strings containing "%" characters.  A safe approach would be as follows
  (defcfun "xmlParserError" :void
    (ctx :pointer)
    (formatter :string) ; constantly pass "%s" here
    (msg :string))
(xmlParserError <ctx> "%s" (apply #' format nil control-string args))
;; Do all the formatting on the Lisp side
;; Tell the C side to *not* format!

I just had to fix a bug in CLISP's syscalls module: posix:syslog() exhibited exactly this stack overflow vulnerability!  Calling posix:syslog() with unknown strings could crash it.

Regards,
	Jörg Höhle.

More information about the cffi-devel mailing list