| Title | Example Scheme interpreter crashes in append |
| Status | closed |
| Priority | optional |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | Run the example Scheme interpreter and append the empty list to anything. You get a segmentation fault: $ ./scheme MPS Toy Scheme Example The prompt shows total allocated bytes and number of collections. Try (vector-length (make-vector 100000 1)) to see the MPS in action. You can force a complete garbage collection with (gc). If you recurse too much the interpreter may crash from using too much C stack. 9960, 0> (append '() '()) Bus error: 10 |
| Analysis | At the end of entry_append, after arg1 has been copied to the result, the code looks like this: if(arg1 != obj_empty) error("%s: applied to non-list", operator->operator.name); CDR(end) = arg2; return result; but if arg1 was empty, then end is uninitialized. The code needs to look like this: if(arg1 != obj_empty) error("%s: applied to non-list", operator->operator.name); if(result == obj_empty) return arg2; CDR(end) = arg2; return result; |
| How found | manual_test |
| Evidence | See description. |
| Observed in | 1.110.0 |
| Created by | Gareth Rees |
| Created on | 2012-10-22 12:52:38 |
| Last modified by | Gareth Rees |
| Last modified on | 2012-10-22 12:54:35 |
| History | 2012-10-22 GDR Created. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 180004 | closed | 2012-10-22 12:54:35 | Gareth Rees | Fix bug in append when the first argument is nil. |