Bug #122912 for Math-Cephes: at least two functions fail to extend the argument stack

Mon Aug 28 01:29:09 2017 TONYC [...] cpan.org - Ticket created

Subject:

at least two functions fail to extend the argument stack

The functions: Math::Cephesc::ellpj Math::Cephesc::fresnl fail to properly extend the argument stack before using it. For example from ellpj: sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { EXTEND(sp,1); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg3)); argvi++; } { if (argvi >= items) { EXTEND(sp,1); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg4)); argvi++; } The EXTEND() macro extends the stack relative to its first argument, but this code doesn't modify sp after using a place on the stack. This code could potentially be writing beyond the end of an allocated block. Unfortunately this appears to be a SWIG bug. Tony

Mon Aug 28 08:03:24 2017 SHLOMIF [...] cpan.org - Correspondence added

On Mon Aug 28 01:29:09 2017, TONYC wrote: Show quoted text

> The functions: > > Math::Cephesc::ellpj > Math::Cephesc::fresnl > > fail to properly extend the argument stack before using it. > > For example from ellpj: > > sv_setiv(ST(argvi++), (IV) result); > { > if (argvi >= items) { > EXTEND(sp,1); > } > ST(argvi) = sv_newmortal(); > sv_setnv(ST(argvi),(double) *(arg3)); > argvi++; > } > { > if (argvi >= items) { > EXTEND(sp,1); > } > ST(argvi) = sv_newmortal(); > sv_setnv(ST(argvi),(double) *(arg4)); > argvi++; > } > > The EXTEND() macro extends the stack relative to its first argument, > but this code doesn't modify sp after using a place on the stack. > > This code could potentially be writing beyond the end of an allocated > block. > > Unfortunately this appears to be a SWIG bug. >

thanks for the report, Tony! Do you know if it still happens with the latest release of SWIG - 3.0.12 according to https://en.wikipedia.org/wiki/SWIG ? Furthermore, it was released 6 months ago and SWIG has a github repo so if the problem is still there, we should report it at their issue tracker (possibly with a patch). Note that I am not a Perl/XS expert - I just maintain some modules that use it. Show quoted text

> Tony

Mon Aug 28 08:03:27 2017 The RT System itself - Status changed from 'new' to 'open'

Sun Dec 09 13:08:02 2018 HMBRAND [...] cpan.org - Correspondence added

Here is a patch. The last version consistently failed on 5.28.1 with -Duseshrplib

Subject:

MC.diff

diff -purd Math-Cephes-0.5305/Cephes_wrap.c Math-Cephes-0.5305-0/Cephes_wrap.c --- Math-Cephes-0.5305/Cephes_wrap.c 2012-11-10 10:31:23.000000000 +0100 +++ Math-Cephes-0.5305-0/Cephes_wrap.c 2018-12-09 19:02:05.991423445 +0100 @@ -1685,7 +1685,7 @@ XS(_wrap_airy) { sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg2)); @@ -1693,7 +1693,7 @@ XS(_wrap_airy) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg3)); @@ -1701,7 +1701,7 @@ XS(_wrap_airy) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg4)); @@ -1709,7 +1709,7 @@ XS(_wrap_airy) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg5)); @@ -2855,7 +2855,7 @@ XS(_wrap_euclid) { sv_setnv(ST(argvi++), (double) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg1)); @@ -2863,7 +2863,7 @@ XS(_wrap_euclid) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg2)); @@ -3325,7 +3325,7 @@ XS(_wrap_ellpj) { sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg3)); @@ -3333,7 +3333,7 @@ XS(_wrap_ellpj) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg4)); @@ -3341,7 +3341,7 @@ XS(_wrap_ellpj) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg5)); @@ -3349,7 +3349,7 @@ XS(_wrap_ellpj) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg6)); @@ -3709,7 +3709,7 @@ XS(_wrap_md_frexp) { sv_setnv(ST(argvi++), (double) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setiv(ST(argvi),(IV) *(arg2)); @@ -3773,7 +3773,7 @@ XS(_wrap_fresnl) { sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg2)); @@ -3781,7 +3781,7 @@ XS(_wrap_fresnl) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg3)); @@ -3995,7 +3995,7 @@ XS(_wrap_hyp2f0) { sv_setnv(ST(argvi++), (double) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg5)); @@ -5157,7 +5157,7 @@ XS(_wrap_shichi) { sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg2)); @@ -5165,7 +5165,7 @@ XS(_wrap_shichi) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg3)); @@ -5203,7 +5203,7 @@ XS(_wrap_sici) { sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg2)); @@ -5211,7 +5211,7 @@ XS(_wrap_sici) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg3)); @@ -5505,7 +5505,7 @@ XS(_wrap_onef2) { sv_setnv(ST(argvi++), (double) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg5)); @@ -5549,7 +5549,7 @@ XS(_wrap_threef0) { sv_setnv(ST(argvi++), (double) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg5)); @@ -5904,7 +5904,7 @@ XS(_wrap_drand) { sv_setiv(ST(argvi++), (IV) result); { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setnv(ST(argvi),(double) *(arg1)); @@ -6534,7 +6534,7 @@ XS(_wrap_cpmul_wrap) { } { if (argvi >= items) { - EXTEND(sp,1); + EXTEND(sp,argvi); } ST(argvi) = sv_newmortal(); sv_setiv(ST(argvi),(IV) *(arg9));

Sun Dec 09 13:08:04 2018 HMBRAND [...] cpan.org - Fixed in 0.5305 added

Sun Dec 09 13:08:17 2018 HMBRAND [...] cpan.org - Severity Critical added

Sun Dec 09 13:08:50 2018 HMBRAND [...] cpan.org - Fixed in 0.5305 deleted

Sun Dec 09 13:08:50 2018 HMBRAND [...] cpan.org - Broken in 0.5305 added

Sun Dec 09 18:39:17 2018 tony [...] develop-help.com - Correspondence added

CC:	TONYC [...] cpan.org
Subject:	Re: [rt.cpan.org #122912] at least two functions fail to extend the argument stack
Date:	Mon, 10 Dec 2018 10:39:04 +1100
To:	"H.Merijn Brand via RT" <bug-Math-Cephes [...] rt.cpan.org>
From:	Tony Cook <tony [...] develop-help.com>

On Sun, Dec 09, 2018 at 01:08:03PM -0500, H.Merijn Brand via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=122912 > > > Here is a patch. The last version consistently failed on 5.28.1 with -Duseshrplib > >

Show quoted text

> diff -purd Math-Cephes-0.5305/Cephes_wrap.c Math-Cephes-0.5305-0/Cephes_wrap.c > --- Math-Cephes-0.5305/Cephes_wrap.c 2012-11-10 10:31:23.000000000 +0100 > +++ Math-Cephes-0.5305-0/Cephes_wrap.c 2018-12-09 19:02:05.991423445 +0100 > @@ -1685,7 +1685,7 @@ XS(_wrap_airy) { > sv_setiv(ST(argvi++), (IV) result); > { > if (argvi >= items) { > - EXTEND(sp,1); > + EXTEND(sp,argvi); > } > ST(argvi) = sv_newmortal(); > sv_setnv(ST(argvi),(double) *(arg2));

That's code generated by SWIG. Shlomi: sorry, I missed your question, it looks like SWIG is still broken: https://github.com/swig/swig/blob/master/Lib/perl5/typemaps.i#L193 Reported upstream: https://github.com/swig/swig/issues/1374

Sun Dec 16 16:58:20 2018 TONYC [...] cpan.org - Correspondence added

On Sun Dec 09 18:39:17 2018, tony@develop-help.com wrote: Show quoted text

> On Sun, Dec 09, 2018 at 01:08:03PM -0500, H.Merijn Brand via RT wrote:

> > <URL: https://rt.cpan.org/Ticket/Display.html?id=122912 > > > > > Here is a patch. The last version consistently failed on 5.28.1 with > > -Duseshrplib > > > >

>

> > diff -purd Math-Cephes-0.5305/Cephes_wrap.c Math-Cephes-0.5305- > > 0/Cephes_wrap.c > > --- Math-Cephes-0.5305/Cephes_wrap.c 2012-11-10 10:31:23.000000000 > > +0100 > > +++ Math-Cephes-0.5305-0/Cephes_wrap.c 2018-12-09 > > 19:02:05.991423445 +0100 > > @@ -1685,7 +1685,7 @@ XS(_wrap_airy) { > > sv_setiv(ST(argvi++), (IV) result); > > { > > if (argvi >= items) { > > - EXTEND(sp,1); > > + EXTEND(sp,argvi); > > } > > ST(argvi) = sv_newmortal(); > > sv_setnv(ST(argvi),(double) *(arg2));

> > That's code generated by SWIG. > > Shlomi: sorry, I missed your question, it looks like SWIG is still > broken: > > https://github.com/swig/swig/blob/master/Lib/perl5/typemaps.i#L193 > > Reported upstream: > > https://github.com/swig/swig/issues/1374

Fixed upstream (but not released yet) in https://github.com/swig/swig/commit/871ece78e644875a51d7e165bd6452515742f298 Tony

Mon Dec 17 02:43:30 2018 shlomif [...] shlomifish.org - Correspondence added

Subject:	Re: [rt.cpan.org #122912] at least two functions fail to extend the argument stack
Date:	Mon, 17 Dec 2018 09:43:09 +0200
To:	bug-Math-Cephes [...] rt.cpan.org
From:	Shlomi Fish <shlomif [...] shlomifish.org>

On Sun, 16 Dec 2018 16:58:20 -0500 "TONYC via RT" <bug-Math-Cephes@rt.cpan.org> wrote: Show quoted text

> Queue: Math-Cephes > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=122912 > > > On Sun Dec 09 18:39:17 2018, tony@develop-help.com wrote:

> > On Sun, Dec 09, 2018 at 01:08:03PM -0500, H.Merijn Brand via RT wrote:

> > > <URL: https://rt.cpan.org/Ticket/Display.html?id=122912 > > > > > > > Here is a patch. The last version consistently failed on 5.28.1 with > > > -Duseshrplib > > > > > >

> >

> > > diff -purd Math-Cephes-0.5305/Cephes_wrap.c Math-Cephes-0.5305- > > > 0/Cephes_wrap.c > > > --- Math-Cephes-0.5305/Cephes_wrap.c 2012-11-10 10:31:23.000000000 > > > +0100 > > > +++ Math-Cephes-0.5305-0/Cephes_wrap.c 2018-12-09 > > > 19:02:05.991423445 +0100 > > > @@ -1685,7 +1685,7 @@ XS(_wrap_airy) { > > > sv_setiv(ST(argvi++), (IV) result); > > > { > > > if (argvi >= items) { > > > - EXTEND(sp,1); > > > + EXTEND(sp,argvi); > > > } > > > ST(argvi) = sv_newmortal(); > > > sv_setnv(ST(argvi),(double) *(arg2));

> > > > That's code generated by SWIG. > > > > Shlomi: sorry, I missed your question, it looks like SWIG is still > > broken: > > > > https://github.com/swig/swig/blob/master/Lib/perl5/typemaps.i#L193 > > > > Reported upstream: > > > > https://github.com/swig/swig/issues/1374

> > Fixed upstream (but not released yet) in > > https://github.com/swig/swig/commit/871ece78e644875a51d7e165bd6452515742f298 >

Thanks for the update. Show quoted text

> Tony

-- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ List of Text Editors and IDEs - http://shlom.in/IDEs <PerlJam> I’m trying to achieve world peace and this regex is the last thing standing in my way! ;) Please reply to list if it's a mailing list post - http://shlom.in/reply .