[cmucl-ticket] [cmucl] #67: deftransform for replace is unsafe
cmucl
cmucl-devel at common-lisp.net
Sat Dec 22 16:39:29 UTC 2012
#67: deftransform for replace is unsafe
--------------------+-------------------------------------------------------
Reporter: rtoy | Owner: somebody
Type: defect | Status: new
Priority: major | Milestone:
Component: Core | Version: 2012-12
Keywords: |
--------------------+-------------------------------------------------------
Consider this function
{{{
(defun bad (s)
(declare (simple-string s))
(replace s s :start2 100 :end2 105))
}}}
After compiling this,
{{{
(bad (copy-seq "1234567890"))
}}}
Produces a totally bogus result, filling in the first 4 characters of the
resulting string with garbage.
The problem is that the deftransform for replace just calls {{{BIT-BASH-
COPY}}} without verifying that the start and end indices make sense for
the given string. Note that it also doesn't check to see that end >=
start, but this gets handled by {{{BIT-BASH-COPY}}} which gets a negative
length and signals an error.
--
Ticket URL: <http://trac.common-lisp.net/cmucl/ticket/67>
cmucl <http://common-lisp.net/project/cmucl>
Cmucl is a high-performance, free Common Lisp implementation.
More information about the cmucl-ticket
mailing list