aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Gustavsson <[email protected]>2011-05-13 14:18:35 +0200
committerBjörn Gustavsson <[email protected]>2011-05-13 14:18:35 +0200
commit0dde47552986f06dc31d43586f6c31d82050f60d (patch)
treef0fffd6302b6b1e64114b8062920ed92bc6ce2b3
parent6f6f9e1a6fd96efd86673855cbdcd316c445c753 (diff)
parent875104fa418b2ead0f19250e75074002ae3e3c72 (diff)
downloadotp-0dde47552986f06dc31d43586f6c31d82050f60d.tar.gz
otp-0dde47552986f06dc31d43586f6c31d82050f60d.tar.bz2
otp-0dde47552986f06dc31d43586f6c31d82050f60d.zip
Merge branch 'bjorn/fix-binary-overflow/OTP-9118' into dev
* bjorn/fix-binary-overflow/OTP-9118: Fix overflow in list_to_bitstring/1 Replace io_list_len() with erts_iolist_size() Make port_command/2 reject non-byte sized bitstrings io.c: Make io_list_vec_len() less general iolist_size/1: Fix truncation of result Test iolist_size/1 with bad arguments binary_SUITE: Remove workaround for avoiding stack overflow
-rw-r--r--erts/emulator/beam/bif.c142
-rw-r--r--erts/emulator/beam/binary.c103
-rw-r--r--erts/emulator/beam/erl_bif_ddll.c13
-rw-r--r--erts/emulator/beam/erl_bif_info.c6
-rw-r--r--erts/emulator/beam/erl_bif_port.c9
-rw-r--r--erts/emulator/beam/erl_bif_re.c18
-rw-r--r--erts/emulator/beam/erl_nif.c4
-rw-r--r--erts/emulator/beam/global.h6
-rw-r--r--erts/emulator/beam/io.c97
-rw-r--r--erts/emulator/beam/utils.c37
-rw-r--r--erts/emulator/test/binary_SUITE.erl123
-rw-r--r--erts/emulator/test/driver_SUITE.erl94
12 files changed, 474 insertions, 178 deletions
diff --git a/erts/emulator/beam/bif.c b/erts/emulator/beam/bif.c
index 8c35644125..ac93b10d12 100644
--- a/erts/emulator/beam/bif.c
+++ b/erts/emulator/beam/bif.c
@@ -2168,20 +2168,146 @@ BIF_RETTYPE tl_1(BIF_ALIST_1)
/**********************************************************************/
/* return the size of an I/O list */
-BIF_RETTYPE iolist_size_1(BIF_ALIST_1)
+static Eterm
+accumulate(Eterm acc, Uint size)
{
- Sint size = io_list_len(BIF_ARG_1);
+ if (is_non_value(acc)) {
+ /*
+ * There is no pre-existing accumulator. Allocate a
+ * bignum buffer with one extra word to be used if
+ * the bignum grows in the future.
+ */
+ Eterm* hp = (Eterm *) erts_alloc(ERTS_ALC_T_TEMP_TERM,
+ (BIG_UINT_HEAP_SIZE+1) *
+ sizeof(Eterm));
+ return uint_to_big(size, hp);
+ } else {
+ Eterm* big;
+ int need_heap;
- if (size == -1) {
- BIF_ERROR(BIF_P, BADARG);
- } else if (IS_USMALL(0, (Uint) size)) {
- BIF_RET(make_small(size));
+ /*
+ * Add 'size' to 'acc' in place. There is always one
+ * extra word allocated in case the bignum grows by one word.
+ */
+ big = big_val(acc);
+ need_heap = BIG_NEED_SIZE(BIG_SIZE(big));
+ acc = big_plus_small(acc, size, big);
+ if (BIG_NEED_SIZE(big_size(acc)) > need_heap) {
+ /*
+ * The extra word has been consumed. Grow the
+ * allocation by one word.
+ */
+ big = (Eterm *) erts_realloc(ERTS_ALC_T_TEMP_TERM,
+ big_val(acc),
+ (need_heap+1) * sizeof(Eterm));
+ acc = make_big(big);
+ }
+ return acc;
+ }
+}
+
+static Eterm
+consolidate(Process* p, Eterm acc, Uint size)
+{
+ Eterm* hp;
+
+ if (is_non_value(acc)) {
+ return erts_make_integer(size, p);
} else {
- Eterm* hp = HAlloc(BIF_P, BIG_UINT_HEAP_SIZE);
- BIF_RET(uint_to_big(size, hp));
+ Eterm* big;
+ Uint sz;
+ Eterm res;
+
+ acc = accumulate(acc, size);
+ big = big_val(acc);
+ sz = BIG_NEED_SIZE(BIG_SIZE(big));
+ hp = HAlloc(p, sz);
+ res = make_big(hp);
+ while (sz--) {
+ *hp++ = *big++;
+ }
+ erts_free(ERTS_ALC_T_TEMP_TERM, (void *) big_val(acc));
+ return res;
}
}
+BIF_RETTYPE iolist_size_1(BIF_ALIST_1)
+{
+ Eterm obj, hd;
+ Eterm* objp;
+ Uint size = 0;
+ Uint cur_size;
+ Uint new_size;
+ Eterm acc = THE_NON_VALUE;
+ DECLARE_ESTACK(s);
+
+ obj = BIF_ARG_1;
+ goto L_again;
+
+ while (!ESTACK_ISEMPTY(s)) {
+ obj = ESTACK_POP(s);
+ L_again:
+ if (is_list(obj)) {
+ L_iter_list:
+ objp = list_val(obj);
+ hd = CAR(objp);
+ obj = CDR(objp);
+ /* Head */
+ if (is_byte(hd)) {
+ size++;
+ if (size == 0) {
+ acc = accumulate(acc, (Uint) -1);
+ size = 1;
+ }
+ } else if (is_binary(hd) && binary_bitsize(hd) == 0) {
+ cur_size = binary_size(hd);
+ if ((new_size = size + cur_size) >= size) {
+ size = new_size;
+ } else {
+ acc = accumulate(acc, size);
+ size = cur_size;
+ }
+ } else if (is_list(hd)) {
+ ESTACK_PUSH(s, obj);
+ obj = hd;
+ goto L_iter_list;
+ } else if (is_not_nil(hd)) {
+ goto L_type_error;
+ }
+ /* Tail */
+ if (is_list(obj)) {
+ goto L_iter_list;
+ } else if (is_binary(obj) && binary_bitsize(obj) == 0) {
+ cur_size = binary_size(obj);
+ if ((new_size = size + cur_size) >= size) {
+ size = new_size;
+ } else {
+ acc = accumulate(acc, size);
+ size = cur_size;
+ }
+ } else if (is_not_nil(obj)) {
+ goto L_type_error;
+ }
+ } else if (is_binary(obj) && binary_bitsize(obj) == 0) {
+ cur_size = binary_size(obj);
+ if ((new_size = size + cur_size) >= size) {
+ size = new_size;
+ } else {
+ acc = accumulate(acc, size);
+ size = cur_size;
+ }
+ } else if (is_not_nil(obj)) {
+ goto L_type_error;
+ }
+ }
+
+ DESTROY_ESTACK(s);
+ BIF_RET(consolidate(BIF_P, acc, size));
+
+ L_type_error:
+ DESTROY_ESTACK(s);
+ BIF_ERROR(BIF_P, BADARG);
+}
/**********************************************************************/
diff --git a/erts/emulator/beam/binary.c b/erts/emulator/beam/binary.c
index 9486602633..1fb39c6c67 100644
--- a/erts/emulator/beam/binary.c
+++ b/erts/emulator/beam/binary.c
@@ -32,11 +32,11 @@
#include "erl_bits.h"
#ifdef DEBUG
-static int list_to_bitstr_buf(Eterm obj, char* buf, int len);
+static int list_to_bitstr_buf(Eterm obj, char* buf, Uint len);
#else
static int list_to_bitstr_buf(Eterm obj, char* buf);
#endif
-static Sint bitstr_list_len(Eterm obj);
+static int bitstr_list_len(Eterm obj, Uint* num_bytes);
void
erts_init_binary(void)
@@ -355,21 +355,24 @@ BIF_RETTYPE bitstring_to_list_1(BIF_ALIST_1)
BIF_RETTYPE erts_list_to_binary_bif(Process *p, Eterm arg)
{
Eterm bin;
- int i;
+ Uint size;
int offset;
byte* bytes;
+
if (is_nil(arg)) {
BIF_RET(new_binary(p,(byte*)"",0));
}
if (is_not_list(arg)) {
goto error;
}
- if ((i = io_list_len(arg)) < 0) {
- goto error;
+ switch (erts_iolist_size(arg, &size)) {
+ case ERTS_IOLIST_OVERFLOW: BIF_ERROR(p, SYSTEM_LIMIT);
+ case ERTS_IOLIST_TYPE: goto error;
+ default: ;
}
- bin = new_binary(p, (byte *)NULL, i);
+ bin = new_binary(p, (byte *)NULL, size);
bytes = binary_bytes(bin);
- offset = io_list_to_buf(arg, (char*) bytes, i);
+ offset = io_list_to_buf(arg, (char*) bytes, size);
ASSERT(offset == 0);
BIF_RET(bin);
@@ -396,7 +399,8 @@ BIF_RETTYPE iolist_to_binary_1(BIF_ALIST_1)
BIF_RETTYPE list_to_bitstring_1(BIF_ALIST_1)
{
Eterm bin;
- int i,offset;
+ Uint sz;
+ int offset;
byte* bytes;
ErlSubBin* sb1;
Eterm* hp;
@@ -405,15 +409,19 @@ BIF_RETTYPE list_to_bitstring_1(BIF_ALIST_1)
BIF_RET(new_binary(BIF_P,(byte*)"",0));
}
if (is_not_list(BIF_ARG_1)) {
- goto error;
+ error:
+ BIF_ERROR(BIF_P, BADARG);
}
- if ((i = bitstr_list_len(BIF_ARG_1)) < 0) {
+ switch (bitstr_list_len(BIF_ARG_1, &sz)) {
+ case ERTS_IOLIST_TYPE:
goto error;
+ case ERTS_IOLIST_OVERFLOW:
+ BIF_ERROR(BIF_P, SYSTEM_LIMIT);
}
- bin = new_binary(BIF_P, (byte *)NULL, i);
+ bin = new_binary(BIF_P, (byte *)NULL, sz);
bytes = binary_bytes(bin);
#ifdef DEBUG
- offset = list_to_bitstr_buf(BIF_ARG_1, (char*) bytes, i);
+ offset = list_to_bitstr_buf(BIF_ARG_1, (char*) bytes, sz);
#else
offset = list_to_bitstr_buf(BIF_ARG_1, (char*) bytes);
#endif
@@ -422,20 +430,16 @@ BIF_RETTYPE list_to_bitstring_1(BIF_ALIST_1)
hp = HAlloc(BIF_P, ERL_SUB_BIN_SIZE);
sb1 = (ErlSubBin *) hp;
sb1->thing_word = HEADER_SUB_BIN;
- sb1->size = i-1;
+ sb1->size = sz-1;
sb1->offs = 0;
sb1->orig = bin;
sb1->bitoffs = 0;
sb1->bitsize = offset;
sb1->is_writable = 0;
- hp += ERL_SUB_BIN_SIZE;
bin = make_binary(sb1);
}
BIF_RET(bin);
-
- error:
- BIF_ERROR(BIF_P, BADARG);
}
BIF_RETTYPE split_binary_2(BIF_ALIST_2)
@@ -499,7 +503,7 @@ BIF_RETTYPE split_binary_2(BIF_ALIST_2)
*/
static int
#ifdef DEBUG
-list_to_bitstr_buf(Eterm obj, char* buf, int len)
+list_to_bitstr_buf(Eterm obj, char* buf, Uint len)
#else
list_to_bitstr_buf(Eterm obj, char* buf)
#endif
@@ -602,8 +606,8 @@ list_to_bitstr_buf(Eterm obj, char* buf)
return offset;
}
-static Sint
-bitstr_list_len(Eterm obj)
+static int
+bitstr_list_len(Eterm obj, Uint* num_bytes)
{
Eterm* objp;
Uint len = 0;
@@ -611,6 +615,26 @@ bitstr_list_len(Eterm obj)
DECLARE_ESTACK(s);
goto L_again;
+#define SAFE_ADD(Var, Val) \
+ do { \
+ Uint valvar = (Val); \
+ Var += valvar; \
+ if (Var < valvar) { \
+ goto L_overflow_error; \
+ } \
+ } while (0)
+
+#define SAFE_ADD_BITSIZE(Var, Bin) \
+ do { \
+ if (*binary_val(Bin) == HEADER_SUB_BIN) { \
+ Uint valvar = ((ErlSubBin *) binary_val(Bin))->bitsize; \
+ Var += valvar; \
+ if (Var < valvar) { \
+ goto L_overflow_error; \
+ } \
+ } \
+ } while (0)
+
while (!ESTACK_ISEMPTY(s)) {
obj = ESTACK_POP(s);
L_again:
@@ -621,9 +645,12 @@ bitstr_list_len(Eterm obj)
obj = CAR(objp);
if (is_byte(obj)) {
len++;
+ if (len == 0) {
+ goto L_overflow_error;
+ }
} else if (is_binary(obj)) {
- len += binary_size(obj);
- offs += binary_bitsize(obj);
+ SAFE_ADD(len, binary_size(obj));
+ SAFE_ADD_BITSIZE(offs, obj);
} else if (is_list(obj)) {
ESTACK_PUSH(s, CDR(objp));
goto L_iter_list; /* on head */
@@ -635,24 +662,44 @@ bitstr_list_len(Eterm obj)
if (is_list(obj))
goto L_iter_list; /* on tail */
else if (is_binary(obj)) {
- len += binary_size(obj);
- offs += binary_bitsize(obj);
+ SAFE_ADD(len, binary_size(obj));
+ SAFE_ADD_BITSIZE(offs, obj);
} else if (is_not_nil(obj)) {
goto L_type_error;
}
} else if (is_binary(obj)) {
- len += binary_size(obj);
- offs += binary_bitsize(obj);
+ SAFE_ADD(len, binary_size(obj));
+ SAFE_ADD_BITSIZE(offs, obj);
} else if (is_not_nil(obj)) {
goto L_type_error;
}
}
+#undef SAFE_ADD
+#undef SAFE_ADD_BITSIZE
DESTROY_ESTACK(s);
- return (Sint) (len + (offs/8) + ((offs % 8) != 0));
+
+ /*
+ * Make sure that the number of bits in the bitstring will fit
+ * in an Uint to ensure that the binary can be matched using
+ * the binary syntax.
+ */
+ if (len << 3 < len) {
+ goto L_overflow_error;
+ }
+ len += (offs >> 3) + ((offs & 7) != 0);
+ if (len << 3 < len) {
+ goto L_overflow_error;
+ }
+ *num_bytes = len;
+ return ERTS_IOLIST_OK;
L_type_error:
DESTROY_ESTACK(s);
- return (Sint) -1;
+ return ERTS_IOLIST_TYPE;
+
+ L_overflow_error:
+ DESTROY_ESTACK(s);
+ return ERTS_IOLIST_OVERFLOW;
}
diff --git a/erts/emulator/beam/erl_bif_ddll.c b/erts/emulator/beam/erl_bif_ddll.c
index c9cdcb87a6..9631fb50db 100644
--- a/erts/emulator/beam/erl_bif_ddll.c
+++ b/erts/emulator/beam/erl_bif_ddll.c
@@ -1,7 +1,7 @@
/*
* %CopyrightBegin%
*
- * Copyright Ericsson AB 2006-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2006-2011. All Rights Reserved.
*
* The contents of this file are subject to the Erlang Public License,
* Version 1.1, (the "License"); you may not use this file except in
@@ -146,7 +146,7 @@ BIF_RETTYPE erl_ddll_try_load_3(Process *p, Eterm path_term,
Eterm name_term, Eterm options)
{
char *path = NULL;
- int path_len;
+ Uint path_len;
char *name = NULL;
DE_Handle *dh;
erts_driver_t *drv;
@@ -221,9 +221,7 @@ BIF_RETTYPE erl_ddll_try_load_3(Process *p, Eterm path_term,
goto error;
}
- path_len = io_list_len(path_term);
-
- if (path_len <= 0) {
+ if (erts_iolist_size(path_term, &path_len)) {
goto error;
}
path = erts_alloc(ERTS_ALC_T_DDLL_TMP_BUF, path_len + 1 /* might need path separator */ + sys_strlen(name) + 1);
@@ -1878,7 +1876,7 @@ static Eterm mkatom(char *str)
static char *pick_list_or_atom(Eterm name_term)
{
char *name = NULL;
- int name_len;
+ Uint name_len;
if (is_atom(name_term)) {
Atom *ap = atom_tab(atom_val(name_term));
if (ap->len == 0) {
@@ -1890,8 +1888,7 @@ static char *pick_list_or_atom(Eterm name_term)
memcpy(name,ap->name,ap->len);
name[ap->len] = '\0';
} else {
- name_len = io_list_len(name_term);
- if (name_len <= 0) {
+ if (erts_iolist_size(name_term, &name_len)) {
goto error;
}
name = erts_alloc(ERTS_ALC_T_DDLL_TMP_BUF, name_len + 1);
diff --git a/erts/emulator/beam/erl_bif_info.c b/erts/emulator/beam/erl_bif_info.c
index e50fc18e64..f264bf44df 100644
--- a/erts/emulator/beam/erl_bif_info.c
+++ b/erts/emulator/beam/erl_bif_info.c
@@ -1732,14 +1732,14 @@ info_1_tuple(Process* BIF_P, /* Pointer to current process. */
# define ERTS_ERROR_CHECKER_PRINTF_XML VALGRIND_PRINTF_XML
# endif
#endif
- int buf_size = 8*1024; /* Try with 8KB first */
+ Uint buf_size = 8*1024; /* Try with 8KB first */
char *buf = erts_alloc(ERTS_ALC_T_TMP, buf_size);
int r = io_list_to_buf(*tp, (char*) buf, buf_size - 1);
if (r < 0) {
erts_free(ERTS_ALC_T_TMP, (void *) buf);
- buf_size = io_list_len(*tp);
- if (buf_size < 0)
+ if (erts_iolist_size(*tp, &buf_size)) {
goto badarg;
+ }
buf_size++;
buf = erts_alloc(ERTS_ALC_T_TMP, buf_size);
r = io_list_to_buf(*tp, (char*) buf, buf_size - 1);
diff --git a/erts/emulator/beam/erl_bif_port.c b/erts/emulator/beam/erl_bif_port.c
index fbc92b9730..3fd35dd963 100644
--- a/erts/emulator/beam/erl_bif_port.c
+++ b/erts/emulator/beam/erl_bif_port.c
@@ -1,7 +1,7 @@
/*
* %CopyrightBegin%
*
- * Copyright Ericsson AB 2001-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2001-2011. All Rights Reserved.
*
* The contents of this file are subject to the Erlang Public License,
* Version 1.1, (the "License"); you may not use this file except in
@@ -996,6 +996,7 @@ static byte* convert_environment(Process* p, Eterm env)
Eterm* hp;
Uint heap_size;
int n;
+ Uint size;
byte* bytes;
if ((n = list_length(env)) < 0) {
@@ -1039,15 +1040,15 @@ static byte* convert_environment(Process* p, Eterm env)
if (is_not_nil(env)) {
goto done;
}
- if ((n = io_list_len(all)) < 0) {
+ if (erts_iolist_size(all, &size)) {
goto done;
}
/*
* Put the result in a binary (no risk for a memory leak that way).
*/
- (void) erts_new_heap_binary(p, NULL, n, &bytes);
- io_list_to_buf(all, (char*)bytes, n);
+ (void) erts_new_heap_binary(p, NULL, size, &bytes);
+ io_list_to_buf(all, (char*)bytes, size);
done:
erts_free(ERTS_ALC_T_TMP, temp_heap);
diff --git a/erts/emulator/beam/erl_bif_re.c b/erts/emulator/beam/erl_bif_re.c
index d4a8a3aaa7..26891c4348 100644
--- a/erts/emulator/beam/erl_bif_re.c
+++ b/erts/emulator/beam/erl_bif_re.c
@@ -1,7 +1,7 @@
/*
* %CopyrightBegin%
*
- * Copyright Ericsson AB 2008-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2008-2011. All Rights Reserved.
*
* The contents of this file are subject to the Erlang Public License,
* Version 1.1, (the "License"); you may not use this file except in
@@ -417,7 +417,7 @@ build_compile_result(Process *p, Eterm error_tag, pcre *result, int errcode, con
BIF_RETTYPE
re_compile_2(BIF_ALIST_2)
{
- int slen;
+ Uint slen;
char *expr;
pcre *result;
int errcode = 0;
@@ -444,7 +444,7 @@ re_compile_2(BIF_ALIST_2)
BIF_TRAP2(ucompile_trap_exportp, BIF_P, BIF_ARG_1, BIF_ARG_2);
}
- if ((slen = io_list_len(BIF_ARG_1)) < 0) {
+ if (erts_iolist_size(BIF_ARG_1, &slen)) {
BIF_ERROR(BIF_P,BADARG);
}
expr = erts_alloc(ERTS_ALC_T_RE_TMP_BUF, slen + 1);
@@ -795,8 +795,8 @@ build_capture(Eterm capture_spec[CAPSPEC_SIZE], const pcre *code)
memcpy(tmpb,ap->name,ap->len);
tmpb[ap->len] = '\0';
} else {
- int slen = io_list_len(val);
- if (slen < 0) {
+ Uint slen;
+ if (erts_iolist_size(val, &slen)) {
goto error;
}
if ((slen + 1) > tmpbsiz) {
@@ -851,7 +851,7 @@ re_run_3(BIF_ALIST_3)
const pcre *code_tmp;
RestartContext restart;
byte *temp_alloc = NULL;
- int slength;
+ Uint slength;
int startoffset = 0;
int options = 0, comp_options = 0;
int ovsize;
@@ -875,7 +875,7 @@ re_run_3(BIF_ALIST_3)
if (is_not_tuple(BIF_ARG_2) || (arityval(*tuple_val(BIF_ARG_2)) != 4)) {
if (is_binary(BIF_ARG_2) || is_list(BIF_ARG_2) || is_nil(BIF_ARG_2)) {
/* Compile from textual RE */
- int slen;
+ Uint slen;
char *expr;
pcre *result;
int errcode = 0;
@@ -889,7 +889,7 @@ re_run_3(BIF_ALIST_3)
BIF_TRAP3(urun_trap_exportp, BIF_P, BIF_ARG_1, BIF_ARG_2, BIF_ARG_3);
}
- if ((slen = io_list_len(BIF_ARG_2)) < 0) {
+ if (erts_iolist_size(BIF_ARG_2, &slen)) {
BIF_ERROR(BIF_P,BADARG);
}
@@ -1027,7 +1027,7 @@ re_run_3(BIF_ALIST_3)
restart.flags |= RESTART_FLAG_SUBJECT_IN_BINARY;
} else {
handle_iolist:
- if ((slength = io_list_len(BIF_ARG_1)) < 0) {
+ if (erts_iolist_size(BIF_ARG_1, &slength)) {
erts_free(ERTS_ALC_T_RE_SUBJECT, restart.ovector);
erts_free(ERTS_ALC_T_RE_SUBJECT, restart.code);
if (restart.ret_info != NULL) {
diff --git a/erts/emulator/beam/erl_nif.c b/erts/emulator/beam/erl_nif.c
index 8b48444904..68421b4387 100644
--- a/erts/emulator/beam/erl_nif.c
+++ b/erts/emulator/beam/erl_nif.c
@@ -472,7 +472,7 @@ static void tmp_alloc_dtor(struct enif_tmp_obj_t* obj)
int enif_inspect_iolist_as_binary(ErlNifEnv* env, Eterm term, ErlNifBinary* bin)
{
struct enif_tmp_obj_t* tobj;
- int sz;
+ Uint sz;
if (is_binary(term)) {
return enif_inspect_binary(env,term,bin);
}
@@ -483,7 +483,7 @@ int enif_inspect_iolist_as_binary(ErlNifEnv* env, Eterm term, ErlNifBinary* bin)
bin->ref_bin = NULL;
return 1;
}
- if ((sz = io_list_len(term)) < 0) {
+ if (erts_iolist_size(term, &sz)) {
return 0;
}
diff --git a/erts/emulator/beam/global.h b/erts/emulator/beam/global.h
index 96da894d90..7d5b1853e6 100644
--- a/erts/emulator/beam/global.h
+++ b/erts/emulator/beam/global.h
@@ -1653,10 +1653,14 @@ struct Sint_buf {
};
char* Sint_to_buf(Sint, struct Sint_buf*);
+#define ERTS_IOLIST_OK 0
+#define ERTS_IOLIST_OVERFLOW 1
+#define ERTS_IOLIST_TYPE 2
+
Eterm buf_to_intlist(Eterm**, char*, int, Eterm); /* most callers pass plain char*'s */
int io_list_to_buf(Eterm, char*, int);
int io_list_to_buf2(Eterm, char*, int);
-int io_list_len(Eterm);
+int erts_iolist_size(Eterm, Uint *);
int is_string(Eterm);
void erl_at_exit(void (*) (void*), void*);
Eterm collect_memory(Process *);
diff --git a/erts/emulator/beam/io.c b/erts/emulator/beam/io.c
index f619c6f88b..d9df90fe7d 100644
--- a/erts/emulator/beam/io.c
+++ b/erts/emulator/beam/io.c
@@ -82,6 +82,9 @@ static void driver_monitor_unlock_pdl(Port *p);
#define DRV_MONITOR_UNLOCK_PDL(Port) /* nothing */
#endif
+#define ERL_SMALL_IO_BIN_LIMIT (4*ERL_ONHEAP_BIN_LIMIT)
+#define SMALL_WRITE_VEC 16
+
static ERTS_INLINE ErlIOQueue*
drvport2ioq(ErlDrvPort drvport)
{
@@ -954,13 +957,14 @@ do { \
int _bitoffs; \
int _bitsize; \
ERTS_GET_REAL_BIN(obj, _real, _offset, _bitoffs, _bitsize); \
- ASSERT(_bitsize == 0); \
+ if (_bitsize != 0) goto L_type_error; \
if (thing_subtag(*binary_val(_real)) == REFC_BINARY_SUBTAG && \
_bitoffs == 0) { \
b_size += _size; \
+ if (b_size < _size) goto L_overflow_error; \
in_clist = 0; \
v_size++; \
- if (_size >= bin_limit) { \
+ if (_size >= ERL_SMALL_IO_BIN_LIMIT) { \
p_in_clist = 0; \
p_v_size++; \
} else { \
@@ -972,6 +976,7 @@ do { \
} \
} else { \
c_size += _size; \
+ if (c_size < _size) goto L_overflow_error; \
if (!in_clist) { \
in_clist = 1; \
v_size++; \
@@ -986,29 +991,30 @@ do { \
/*
-** Size of a io list in bytes
-** return -1 if error
-** returns: - Total size of io list
-** vsize - SysIOVec size needed for a writev
-** csize - Number of bytes not in binary (in the common binary)
-** pvsize - SysIOVec size needed if packing small binaries
-** pcsize - Number of bytes in the common binary if packing
-*/
+ * Returns 0 if successful and a non-zero value otherwise.
+ *
+ * Return values through pointers:
+ * *vsize - SysIOVec size needed for a writev
+ * *csize - Number of bytes not in binary (in the common binary)
+ * *pvsize - SysIOVec size needed if packing small binaries
+ * *pcsize - Number of bytes in the common binary if packing
+ * *total_size - Total size of iolist in bytes
+ */
static int
-io_list_vec_len(Eterm obj, int* vsize, int* csize,
- int bin_limit, /* small binaries limit */
- int * pvsize, int * pcsize)
+io_list_vec_len(Eterm obj, Uint* vsize, Uint* csize,
+ Uint* pvsize, Uint* pcsize, Uint* total_size)
{
DECLARE_ESTACK(s);
Eterm* objp;
- int v_size = 0;
- int c_size = 0;
- int b_size = 0;
- int in_clist = 0;
- int p_v_size = 0;
- int p_c_size = 0;
- int p_in_clist = 0;
+ Uint v_size = 0;
+ Uint c_size = 0;
+ Uint b_size = 0;
+ Uint in_clist = 0;
+ Uint p_v_size = 0;
+ Uint p_c_size = 0;
+ Uint p_in_clist = 0;
+ Uint total;
goto L_jump_start; /* avoid a push */
@@ -1022,6 +1028,9 @@ io_list_vec_len(Eterm obj, int* vsize, int* csize,
if (is_byte(obj)) {
c_size++;
+ if (c_size == 0) {
+ goto L_overflow_error;
+ }
if (!in_clist) {
in_clist = 1;
v_size++;
@@ -1061,32 +1070,31 @@ io_list_vec_len(Eterm obj, int* vsize, int* csize,
}
}
+ total = c_size + b_size;
+ if (total < c_size) {
+ goto L_overflow_error;
+ }
+ *total_size = total;
+
DESTROY_ESTACK(s);
- if (vsize != NULL)
- *vsize = v_size;
- if (csize != NULL)
- *csize = c_size;
- if (pvsize != NULL)
- *pvsize = p_v_size;
- if (pcsize != NULL)
- *pcsize = p_c_size;
- return c_size + b_size;
+ *vsize = v_size;
+ *csize = c_size;
+ *pvsize = p_v_size;
+ *pcsize = p_c_size;
+ return 0;
L_type_error:
+ L_overflow_error:
DESTROY_ESTACK(s);
- return -1;
+ return 1;
}
-#define ERL_SMALL_IO_BIN_LIMIT (4*ERL_ONHEAP_BIN_LIMIT)
-#define SMALL_WRITE_VEC 16
-
-
/* write data to a port */
int erts_write_to_port(Eterm caller_id, Port *p, Eterm list)
{
char *buf;
erts_driver_t *drv = p->drv_ptr;
- int size;
+ Uint size;
int fpe_was_unmasked;
ERTS_SMP_LC_ASSERT(erts_lc_is_port_locked(p));
@@ -1094,10 +1102,10 @@ int erts_write_to_port(Eterm caller_id, Port *p, Eterm list)
p->caller = caller_id;
if (drv->outputv != NULL) {
- int vsize;
- int csize;
- int pvsize;
- int pcsize;
+ Uint vsize;
+ Uint csize;
+ Uint pvsize;
+ Uint pcsize;
int blimit;
SysIOVec iv[SMALL_WRITE_VEC];
ErlDrvBinary* bv[SMALL_WRITE_VEC];
@@ -1106,9 +1114,8 @@ int erts_write_to_port(Eterm caller_id, Port *p, Eterm list)
ErlDrvBinary* cbin;
ErlIOVec ev;
- if ((size = io_list_vec_len(list, &vsize, &csize,
- ERL_SMALL_IO_BIN_LIMIT,
- &pvsize, &pcsize)) < 0) {
+ if (io_list_vec_len(list, &vsize, &csize,
+ &pvsize, &pcsize, &size)) {
goto bad_value;
}
/* To pack or not to pack (small binaries) ...? */
@@ -1183,7 +1190,7 @@ int erts_write_to_port(Eterm caller_id, Port *p, Eterm list)
else {
ASSERT(r == -1); /* Overflow */
erts_free(ERTS_ALC_T_TMP, buf);
- if ((size = io_list_len(list)) < 0) {
+ if (erts_iolist_size(list, &size)) {
goto bad_value;
}
@@ -2147,7 +2154,7 @@ erts_port_control(Process* p, Port* prt, Uint command, Eterm iolist)
byte* to_port = NULL; /* Buffer to write to port. */
/* Initialization is for shutting up
warning about use before set. */
- int to_len = 0; /* Length of buffer. */
+ Uint to_len = 0; /* Length of buffer. */
int must_free = 0; /* True if the buffer should be freed. */
char port_result[ERL_ONHEAP_BIN_LIMIT]; /* Default buffer for result from port. */
char* port_resp; /* Pointer to result buffer. */
@@ -2192,7 +2199,7 @@ erts_port_control(Process* p, Port* prt, Uint command, Eterm iolist)
} else {
ASSERT(r == -1); /* Overflow */
erts_free(ERTS_ALC_T_TMP, (void *) to_port);
- if ((to_len = io_list_len(iolist)) < 0) { /* Type error */
+ if (erts_iolist_size(iolist, &to_len)) { /* Type error */
return THE_NON_VALUE;
}
must_free = 1;
diff --git a/erts/emulator/beam/utils.c b/erts/emulator/beam/utils.c
index 6b4f3b3b36..a17de717bc 100644
--- a/erts/emulator/beam/utils.c
+++ b/erts/emulator/beam/utils.c
@@ -3021,13 +3021,25 @@ int io_list_to_buf(Eterm obj, char* buf, int len)
return -1;
}
-int io_list_len(Eterm obj)
+/*
+ * Return 0 if successful, and non-zero if unsuccessful.
+ */
+int erts_iolist_size(Eterm obj, Uint* sizep)
{
Eterm* objp;
- Sint len = 0;
+ Uint size = 0;
DECLARE_ESTACK(s);
goto L_again;
+#define SAFE_ADD(Var, Val) \
+ do { \
+ Uint valvar = (Val); \
+ Var += valvar; \
+ if (Var < valvar) { \
+ goto L_overflow_error; \
+ } \
+ } while (0)
+
while (!ESTACK_ISEMPTY(s)) {
obj = ESTACK_POP(s);
L_again:
@@ -3037,9 +3049,12 @@ int io_list_len(Eterm obj)
/* Head */
obj = CAR(objp);
if (is_byte(obj)) {
- len++;
+ size++;
+ if (size == 0) {
+ goto L_overflow_error;
+ }
} else if (is_binary(obj) && binary_bitsize(obj) == 0) {
- len += binary_size(obj);
+ SAFE_ADD(size, binary_size(obj));
} else if (is_list(obj)) {
ESTACK_PUSH(s, CDR(objp));
goto L_iter_list; /* on head */
@@ -3051,23 +3066,29 @@ int io_list_len(Eterm obj)
if (is_list(obj))
goto L_iter_list; /* on tail */
else if (is_binary(obj) && binary_bitsize(obj) == 0) {
- len += binary_size(obj);
+ SAFE_ADD(size, binary_size(obj));
} else if (is_not_nil(obj)) {
goto L_type_error;
}
} else if (is_binary(obj) && binary_bitsize(obj) == 0) { /* Tail was binary */
- len += binary_size(obj);
+ SAFE_ADD(size, binary_size(obj));
} else if (is_not_nil(obj)) {
goto L_type_error;
}
}
+#undef SAFE_ADD
DESTROY_ESTACK(s);
- return len;
+ *sizep = size;
+ return ERTS_IOLIST_OK;
+
+ L_overflow_error:
+ DESTROY_ESTACK(s);
+ return ERTS_IOLIST_OVERFLOW;
L_type_error:
DESTROY_ESTACK(s);
- return -1;
+ return ERTS_IOLIST_TYPE;
}
/* return 0 if item is not a non-empty flat list of bytes */
diff --git a/erts/emulator/test/binary_SUITE.erl b/erts/emulator/test/binary_SUITE.erl
index 7e409f053e..4e82381fba 100644
--- a/erts/emulator/test/binary_SUITE.erl
+++ b/erts/emulator/test/binary_SUITE.erl
@@ -23,12 +23,12 @@
%% Tests binaries and the BIFs:
%% list_to_binary/1
%% iolist_to_binary/1
-%% bitstr_to_list/1
+%% list_to_bitstring/1
%% binary_to_list/1
%% binary_to_list/3
%% binary_to_term/1
%% binary_to_term/2
-%% bitstr_to_list/1
+%% bitstring_to_list/1
%% term_to_binary/1
%% erlang:external_size/1
%% size(Binary)
@@ -275,12 +275,33 @@ bad_list_to_binary(Config) when is_list(Config) ->
?line test_bad_bin(fun(X, Y) -> X*Y end),
?line test_bad_bin([1,fun(X) -> X + 1 end,2|fun() -> 0 end]),
?line test_bad_bin([fun(X) -> X + 1 end]),
+
+ %% Test iolists that do not fit in the address space.
+ %% Unfortunately, it would be too slow to test in a 64-bit emulator.
+ case erlang:system_info(wordsize) of
+ 4 -> huge_iolists();
+ _ -> ok
+ end.
+
+huge_iolists() ->
+ FourGigs = 1 bsl 32,
+ ?line Sizes = [FourGigs+N || N <- lists:seq(0, 64)] ++
+ [1 bsl N || N <- lists:seq(33, 37)],
+ ?line Base = <<0:(1 bsl 20)/unit:8>>,
+ [begin
+ L = build_iolist(Sz, Base),
+ ?line {'EXIT',{system_limit,_}} = (catch list_to_binary([L])),
+ ?line {'EXIT',{system_limit,_}} = (catch list_to_bitstring([L])),
+ ?line {'EXIT',{system_limit,_}} = (catch binary:list_to_bin([L])),
+ ?line {'EXIT',{system_limit,_}} = (catch iolist_to_binary(L))
+ end || Sz <- Sizes],
ok.
test_bad_bin(List) ->
{'EXIT',{badarg,_}} = (catch list_to_binary(List)),
{'EXIT',{badarg,_}} = (catch iolist_to_binary(List)),
- {'EXIT',{badarg,_}} = (catch list_to_bitstring(List)).
+ {'EXIT',{badarg,_}} = (catch list_to_bitstring(List)),
+ {'EXIT',{badarg,_}} = (catch iolist_size(List)).
bad_binary_to_list(doc) -> "Tries binary_to_list/1,3 with bad arguments.";
bad_binary_to_list(Config) when is_list(Config) ->
@@ -516,18 +537,65 @@ external_size_1(Term, Size0, Limit) when Size0 < Limit ->
external_size_1(_, _, _) -> ok.
t_iolist_size(Config) when is_list(Config) ->
- %% Build a term whose external size only fits in a big num (on 32-bit CPU).
- Bin = iolist_to_binary(lists:seq(0, 254)),
- ?line ok = t_iolist_size_1(Bin, 0, 16#7FFFFFFF),
- ?line ok = t_iolist_size_1(make_unaligned_sub_binary(Bin), 0, 16#7FFFFFFF).
+ ?line Seed = now(),
+ ?line io:format("Seed: ~p", [Seed]),
+ ?line random:seed(Seed),
+ ?line Base = <<0:(1 bsl 20)/unit:8>>,
+ ?line Powers = [1 bsl N || N <- lists:seq(2, 37)],
+ ?line Sizes0 = [[N - random:uniform(N div 2),
+ lists:seq(N-2, N+2),
+ N+N div 2,
+ N + random:uniform(N div 2)] ||
+ N <- Powers],
+ %% Test sizes around 1^32 more thoroughly.
+ FourGigs = 1 bsl 32,
+ ?line Sizes1 = [FourGigs+N || N <- lists:seq(-8, 40)] ++ Sizes0,
+ ?line Sizes2 = lists:flatten(Sizes1),
+ ?line Sizes = lists:usort(Sizes2),
+ io:format("~p sizes:", [length(Sizes)]),
+ io:format("~p\n", [Sizes]),
+ ?line [Sz = iolist_size(build_iolist(Sz, Base)) || Sz <- Sizes],
+ ok.
-t_iolist_size_1(IOList, Size0, Limit) when Size0 < Limit ->
- case iolist_size(IOList) of
- Size when is_integer(Size), Size0 < Size ->
- io:format("~p", [Size]),
- t_iolist_size_1([IOList|IOList], Size, Limit)
+build_iolist(N, Base) when N < 16 ->
+ case random:uniform(3) of
+ 1 ->
+ <<Bin:N/binary,_/binary>> = Base,
+ Bin;
+ _ ->
+ lists:seq(1, N)
+ end;
+build_iolist(N, Base) when N =< byte_size(Base) ->
+ case random:uniform(3) of
+ 1 ->
+ <<Bin:N/binary,_/binary>> = Base,
+ Bin;
+ 2 ->
+ <<Bin:N/binary,_/binary>> = Base,
+ [Bin];
+ 3 ->
+ case N rem 2 of
+ 0 ->
+ L = build_iolist(N div 2, Base),
+ [L,L];
+ 1 ->
+ L = build_iolist(N div 2, Base),
+ [L,L,45]
+ end
end;
-t_iolist_size_1(_, _, _) -> ok.
+build_iolist(N0, Base) ->
+ Small = random:uniform(15),
+ Seq = lists:seq(1, Small),
+ N = N0 - Small,
+ case N rem 2 of
+ 0 ->
+ L = build_iolist(N div 2, Base),
+ [L,L|Seq];
+ 1 ->
+ L = build_iolist(N div 2, Base),
+ [47,L,L|Seq]
+ end.
+
bad_binary_to_term_2(doc) -> "OTP-4053.";
bad_binary_to_term_2(suite) -> [];
@@ -1183,34 +1251,7 @@ deep(Config) when is_list(Config) ->
deep_roundtrip(T) ->
B = term_to_binary(T),
- true = deep_eq(T, binary_to_term(B)).
-
-%%
-%% FIXME: =:= runs out of stack.
-%%
-deep_eq([H1|T1], [H2|T2]) ->
- deep_eq(H1, H2) andalso deep_eq(T1, T2);
-deep_eq(T1, T2) when tuple_size(T1) =:= tuple_size(T2) ->
- deep_eq_tup(T1, T2, tuple_size(T1));
-deep_eq(T1, T2) when is_function(T1), is_function(T2) ->
- {uniq,U1} = erlang:fun_info(T1, uniq),
- {index,I1} = erlang:fun_info(T1, index),
- {arity,A1} = erlang:fun_info(T1, arity),
- {env,E1} = erlang:fun_info(T1, env),
- {uniq,U2} = erlang:fun_info(T2, uniq),
- {index,I2} = erlang:fun_info(T2, index),
- {arity,A2} = erlang:fun_info(T2, arity),
- {env,E2} = erlang:fun_info(T2, env),
- U1 =:= U2 andalso I1 =:= I2 andalso A1 =:= A2 andalso
- deep_eq(E1, E2);
-deep_eq(T1, T2) ->
- T1 =:= T2.
-
-deep_eq_tup(_T1, _T2, 0) ->
- true;
-deep_eq_tup(T1, T2, N) ->
- deep_eq(element(N, T1), element(N, T2)) andalso
- deep_eq_tup(T1, T2, N-1).
+ T = binary_to_term(B).
obsolete_funs(Config) when is_list(Config) ->
erts_debug:set_internal_state(available_internal_state, true),
diff --git a/erts/emulator/test/driver_SUITE.erl b/erts/emulator/test/driver_SUITE.erl
index 7600a44988..520e3e8c76 100644
--- a/erts/emulator/test/driver_SUITE.erl
+++ b/erts/emulator/test/driver_SUITE.erl
@@ -38,7 +38,7 @@
timer_change/1,
timer_delay/1,
queue_echo/1,
- fun_to_port/1,
+ outputv_errors/1,
driver_unloaded/1,
io_ready_exit/1,
use_fallback_pollset/1,
@@ -129,7 +129,7 @@ end_per_testcase(Case, Config) ->
suite() -> [{ct_hooks,[ts_install_cth]}].
all() ->
- [fun_to_port, outputv_echo, queue_echo, {group, timer},
+ [outputv_errors, outputv_echo, queue_echo, {group, timer},
driver_unloaded, io_ready_exit, use_fallback_pollset,
bad_fd_in_pollset, driver_event, fd_change,
steal_control, otp_6602, 'driver_system_info_ver1.0',
@@ -165,37 +165,89 @@ init_per_group(_GroupName, Config) ->
end_per_group(_GroupName, Config) ->
Config.
-
-fun_to_port(doc) -> "Test sending a fun to port with an outputv-capable driver.";
-fun_to_port(Config) when is_list(Config) ->
+outputv_errors(doc) -> "Test sending bad types to port with an outputv-capable driver.";
+outputv_errors(Config) when is_list(Config) ->
?line Path = ?config(data_dir, Config),
?line erl_ddll:start(),
?line ok = load_driver(Path, outputv_drv),
- ?line fun_to_port_1(fun() -> 33 end),
- ?line fun_to_port_1([fun() -> 42 end]),
- ?line fun_to_port_1([1|fun() -> 42 end]),
- L = build_io_list(65536),
- ?line fun_to_port_1([L,fun() -> 42 end]),
- ?line fun_to_port_1([L|fun() -> 42 end]),
+ outputv_bad_types(fun(T) ->
+ ?line outputv_errors_1(T),
+ ?line outputv_errors_1([1|T]),
+ ?line L = [1,2,3],
+ ?line outputv_errors_1([L,T]),
+ ?line outputv_errors_1([L|T])
+ end),
+ outputv_errors_1(42),
+
+ %% Test iolists that do not fit in the address space.
+ %% Unfortunately, it would be too slow to test in a 64-bit emulator.
+ case erlang:system_info(wordsize) of
+ 4 -> outputv_huge_iolists();
+ _ -> ok
+ end.
+
+outputv_bad_types(Test) ->
+ Types = [-1,256,atom,42.0,{a,b,c},make_ref(),fun() -> 42 end,
+ [1|2],<<1:1>>,<<1:9>>,<<1:15>>],
+ _ = [Test(Type) || Type <- Types],
ok.
-fun_to_port_1(Term) ->
- Port = open_port({spawn,outputv_drv}, []),
+outputv_huge_iolists() ->
+ FourGigs = 1 bsl 32,
+ ?line Sizes = [FourGigs+N || N <- lists:seq(0, 64)] ++
+ [1 bsl N || N <- lists:seq(33, 37)],
+ ?line Base = <<0:(1 bsl 20)/unit:8>>,
+ [begin
+ ?line L = build_iolist(Sz, Base),
+ ?line outputv_errors_1(L)
+ end || Sz <- Sizes],
+ ok.
+
+outputv_errors_1(Term) ->
+ Port = open_port({spawn_driver,outputv_drv}, []),
{'EXIT',{badarg,_}} = (catch port_command(Port, Term)),
port_close(Port).
-build_io_list(0) -> [];
-build_io_list(1) -> [7];
-build_io_list(N) ->
- L = build_io_list(N div 2),
+build_iolist(N, Base) when N < 16 ->
+ case random:uniform(3) of
+ 1 ->
+ <<Bin:N/binary,_/binary>> = Base,
+ Bin;
+ _ ->
+ lists:seq(1, N)
+ end;
+build_iolist(N, Base) when N =< byte_size(Base) ->
+ case random:uniform(3) of
+ 1 ->
+ <<Bin:N/binary,_/binary>> = Base,
+ Bin;
+ 2 ->
+ <<Bin:N/binary,_/binary>> = Base,
+ [Bin];
+ 3 ->
+ case N rem 2 of
+ 0 ->
+ L = build_iolist(N div 2, Base),
+ [L,L];
+ 1 ->
+ L = build_iolist(N div 2, Base),
+ [L,L,45]
+ end
+ end;
+build_iolist(N0, Base) ->
+ Small = random:uniform(15),
+ Seq = lists:seq(1, Small),
+ N = N0 - Small,
case N rem 2 of
- 0 -> [L|L];
- 1 -> [7,L|L]
+ 0 ->
+ L = build_iolist(N div 2, Base),
+ [L,L|Seq];
+ 1 ->
+ L = build_iolist(N div 2, Base),
+ [47,L,L|Seq]
end.
-
-
outputv_echo(doc) -> ["Test echoing data with a driver that supports outputv."];
outputv_echo(Config) when is_list(Config) ->
?line Dog = test_server:timetrap(test_server:minutes(10)),