SBCL

posix-getenv causes "Unhandled memory fault"

Bug #721087 reported by Mark Chernev on 2011-02-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	SBCL	Fix Released	High	Unassigned

Bug Description

* (print (sb-ext:posix-getenv nil))
CORRUPTION WARNING in SBCL pid 12713(tid 140737354102528):
Memory fault at 0 (pc=0x7ffff7447a32, sp=0x7ffff517a6d8)
The integrity of this image is possibly compromised.
Continuing with fingers crossed.

debugger invoked on a SB-SYS:MEMORY-FAULT-ERROR in thread #<THREAD
                                                            "initial thread" RUNNING
                                                            {1002BC7861}>:
  Unhandled memory fault at #x0.

Type HELP for debugger help, or (SB-EXT:QUIT) to exit from SBCL.

restarts (invokable by number or by possibly-abbreviated name):
0: [ABORT] Exit debugger, returning to top level.

(SB-SYS:MEMORY-FAULT-ERROR)

---------------------------------------

> sbcl --version
SBCL 1.0.45

> uname -a
Linux foo 2.6.36-gentoo-r5 #1 PREEMPT Fri Dec 24 20:17:13 EST 2010 x86_64 AMD Athlon(tm) 64 Processor 3000+ AuthenticAMD GNU/Linux

* (print *features*)

(:CL-PPCRE :QUICKLISP :SB-BSD-SOCKETS-ADDRINFO :ASDF2 :ASDF :ANSI-CL
:COMMON-LISP :SBCL :SB-DOC :SB-TEST :SB-LDB :SB-PACKAGE-LOCKS :SB-UNICODE
:SB-EVAL :SB-SOURCE-LOCATIONS :IEEE-FLOATING-POINT :X86-64 :UNIX :ELF :LINUX
:SB-THREAD :LARGEFILE :GENCGC :STACK-GROWS-DOWNWARD-NOT-UPWARD
:C-STACK-IS-CONTROL-STACK :LINKAGE-TABLE :COMPARE-AND-SWAP-VOPS
:UNWIND-TO-FRAME-AND-CALL-VOP :RAW-INSTANCE-INIT-VOPS
:STACK-ALLOCATABLE-CLOSURES :STACK-ALLOCATABLE-VECTORS
:STACK-ALLOCATABLE-LISTS :STACK-ALLOCATABLE-FIXED-OBJECTS :ALIEN-CALLBACKS
:CYCLE-COUNTER :COMPLEX-FLOAT-VOPS :FLOAT-EQL-VOPS :INLINE-CONSTANTS
:MEMORY-BARRIER-VOPS :OS-PROVIDES-DLOPEN :OS-PROVIDES-DLADDR
:OS-PROVIDES-PUTWC :OS-PROVIDES-SUSECONDS-T :OS-PROVIDES-GETPROTOBY-R
:OS-PROVIDES-POLL)
(:CL-PPCRE :QUICKLISP :SB-BSD-SOCKETS-ADDRINFO :ASDF2 :ASDF :ANSI-CL
:COMMON-LISP :SBCL :SB-DOC :SB-TEST :SB-LDB :SB-PACKAGE-LOCKS :SB-UNICODE
:SB-EVAL :SB-SOURCE-LOCATIONS :IEEE-FLOATING-POINT :X86-64 :UNIX :ELF :LINUX
:SB-THREAD :LARGEFILE :GENCGC :STACK-GROWS-DOWNWARD-NOT-UPWARD
:C-STACK-IS-CONTROL-STACK :LINKAGE-TABLE :COMPARE-AND-SWAP-VOPS
:UNWIND-TO-FRAME-AND-CALL-VOP :RAW-INSTANCE-INIT-VOPS
:STACK-ALLOCATABLE-CLOSURES :STACK-ALLOCATABLE-VECTORS
:STACK-ALLOCATABLE-LISTS :STACK-ALLOCATABLE-FIXED-OBJECTS :ALIEN-CALLBACKS
:CYCLE-COUNTER :COMPLEX-FLOAT-VOPS :FLOAT-EQL-VOPS :INLINE-CONSTANTS
:MEMORY-BARRIER-VOPS :OS-PROVIDES-DLOPEN :OS-PROVIDES-DLADDR
:OS-PROVIDES-PUTWC :OS-PROVIDES-SUSECONDS-T :OS-PROVIDES-GETPROTOBY-R
:OS-PROVIDES-POLL)

Tags:

Nikodemus Siivola (nikodemus) on 2011-02-18

Changed in sbcl:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

William Halliburton (whalliburton) wrote on 2011-02-18:

0001-Fix-a-memory-fault-bug-in-sb-posix-getenv.patch Edit (1.2 KiB, text/plain)

Fix attached.

tags:

added: review

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-02-18:

c-string-with-nil.diff Edit (624 bytes, text/plain)

That's only fixing a symptom. The problem is that NIL, when passed as a c-string, is translated into (int-sap 0), and into a reference to (int-sap 0).
I don't really see why c-string should accept NIL, so I attached two patches, one that handles NIL, and one that removes handling of NIL.

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-02-18:

c-string-no-nil.diff Edit (951 bytes, text/plain)

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-02-18:

s/and into a reference to/and not into a reference to/

Revision history for this message

William Halliburton (whalliburton) wrote on 2011-02-18: Re: [Bug 721087] Re: posix-getenv causes "Unhandled memory fault"

On Fri, Feb 18, 2011 at 10:17 AM, Stas Boukarev <email address hidden> wrote:
>
> I don't really see why c-string should accept NIL, so I attached two
> patches, one that handles NIL, and one that removes handling of NIL.
>

There may be valid uses of passing NULL into C functions CHAR * (which
c-string really is). My patch is localized to the problem at hand. The
getenv C function is causing a memory fault when passed in a NULL to its
CHAR * argument, which sounds like a bug in getenv, which I plug by
disallowing the passing of anything but strings. Maybe we need another c
type like c-string-no-null or such.

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-02-18:

I don't see how passing NULL where a pointer to a char is expected is useful, NULL is a char, but it's not a pointer to one. And it's not limited to getenv, you can take any function which takes a c-string and you'll get a memory fault.
e.g.
(sb-posix:getpwnam nil) => Memory fault

Revision history for this message

William Halliburton (whalliburton) wrote on 2011-02-18:

I was referring to the C NULL macro which is the null pointer, and not the
NULL character.

You are correct that there are other functions that have this problem, which
is why I proposed some other way of indicating c-string-no-null. I am just
not convinced that there is no collateral damage from your patch on others
that allow for, and expect at times, a (CHAR *)0 to be passed in.

On Fri, Feb 18, 2011 at 11:06 AM, Stas Boukarev <email address hidden> wrote:

> I don't see how passing NULL where a pointer to a char is expected is
> useful, NULL is a char, but it's not a pointer to one. And it's not limited
> to getenv, you can take any function which takes a c-string and you'll get a
> memory fault.
> e.g.
> (sb-posix:getpwnam nil) => Memory fault
>
> --
> You received this bug notification because you are subscribed to SBCL.
> https://bugs.launchpad.net/bugs/721087
>
> Title:
> posix-getenv causes "Unhandled memory fault"
>

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-02-18:

Now i agree that passing NULL is useful.

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-02-18:

And null pointer passing isn't limited to c-strings, but it's common for all pointer types. The best way would be to have the ability to specify (and (not null) type).

Revision history for this message

Nikodemus Siivola (nikodemus) wrote on 2011-03-02:

#10

I'm adding a :NOT-NULL option to C-STRING for now.

More general (and (not null) <alien-type>) or (not-null <alien-type>) left for later.

Changed in sbcl:
assignee:	nobody → Nikodemus Siivola (nikodemus)
status:	Triaged → In Progress

Revision history for this message

Stas Boukarev (stassats) wrote on 2011-03-02:

#11

(sb-posix:readdir nil) memory faults too, and it's doesn't use a c-string.

Revision history for this message

Nikodemus Siivola (nikodemus) wrote on 2011-03-02:

#12

Yeah, which is particularly nasty because

(TYPEP NIL '(ALIEN (* T))) => NIL

but general alien pointer type translators accept NIL. This is probably due to a missing :LISP-REP method or something.

NOT-NULL needs to be really part of all pointer types.

Revision history for this message

Nikodemus Siivola (nikodemus) wrote on 2011-03-02:

#13

In 1.0.46.19, but see also bug 727661.

Changed in sbcl:
status:	In Progress → Fix Committed
assignee:	Nikodemus Siivola (nikodemus) → nobody

Nikodemus Siivola (nikodemus) on 2011-03-28

Changed in sbcl:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.