diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2019-07-11 06:36:21 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2019-07-11 06:36:21 -0700 |
| commit | 46ae35f5b87efa3582aa8564839b30acbeeffe57 (patch) | |
| tree | 246307d3b288bafd836c94e26c34a0df37c703be /signal.c | |
| parent | 22a0514369a0a377f8c5d40675fea68adaf1d333 (diff) | |
| download | txr-46ae35f5b87efa3582aa8564839b30acbeeffe57.tar.gz txr-46ae35f5b87efa3582aa8564839b30acbeeffe57.tar.bz2 txr-46ae35f5b87efa3582aa8564839b30acbeeffe57.zip | |
ffi: handle variable length types in buffer ops.
The motivating bug here is that
(ffi-put #(1 2 3 5) (ffi (array int)))
perpetrates a buffer overrun. The size of (array int) is zero,
and so a zero-length buffer is allocated. But then an array of
five ints is stored. This is made to work correctly:
allocating a buffer large enough.
A new virtual function is introduced into the txr_ffi_type
structure to calculate a type's dynamic size, from a prototype
Lisp object.
* ffi.c (struct txr_ffi_type): New function pointer member,
dynsize.
(ffi_fixed_dynsize, ffi_varray_dynsize): New static functions.
(make_ffi_type_builtin, make_ffi_type_pointer,
make_ffi_type_struct, make_ffi_type_union,
make_ffi_type_array): Initialize new dynsize member of type
structure with pointer to ffi_fixed_dynsize.
(ffi_type_compile): Initialize the dynsize pointer of variable
array types to ffi_varray_dynsize.
(ffi_put_into, ffi_put, ffi_in, ffi_out): Use dynsize to
calculate the real size required to store or extract the given
object.
* txr.1: Update doc for ffi-put, ffi-put-into and ffi-in.
Looks like we are missing ffi-out; it is not documented!
Diffstat (limited to 'signal.c')
0 files changed, 0 insertions, 0 deletions