Steel Bank Common Lisp

in-file function type derivation violates safety

Bug #657499 reported by Nikodemus Siivola on 2010-10-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
Fix Released
High
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

File-compiling the following and calling QUUX returns "foo" instead of signalling a type-error.

(declaim (optimize safety))

(defun foo ()
  (cons t t))

(defun bar ()
  (let ((cons (foo)))
    (setf (car cons) 3)
    cons))

(defun quux ()
  (eval `(locally (declare (optimize safety))
           (setf (fdefinition 'foo) (lambda () (copy-seq "foobar")))
           (bar))))

Nikodemus Siivola (nikodemus) on 2010-10-09
Changed in sbcl:
assignee: nobody → Nikodemus Siivola (nikodemus)
status: New → In Progress
Nikodemus Siivola (nikodemus) on 2010-10-10
tags: added: compiler types
Nikodemus Siivola (nikodemus) wrote :

Marking this as "high" due to heap corruption potential.

Changed in sbcl:
importance: Undecided → High
Nikodemus Siivola (nikodemus) wrote :

Attached patch is my current status on this. Pending addition of tests and more testing, I plan to commit this soonish.

The basic approach is to use ASSERT-LVAR-TYPE instead of DERIVE-NODE-TYPE for derived untrusted calls.

Nikodemus Siivola (nikodemus) wrote :

In 1.0.43.57.

Changed in sbcl:
assignee: Nikodemus Siivola (nikodemus) → nobody
status: In Progress → Fix Committed
Nikodemus Siivola (nikodemus) on 2010-11-07
Changed in sbcl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers