aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_client/httpc_cookie.erl
diff options
context:
space:
mode:
authorMikael Pettersson <[email protected]>2015-02-04 20:27:37 +0100
committerMikael Pettersson <[email protected]>2015-02-04 20:27:37 +0100
commit7e147a05683c709128b6777d0c360fcde067f567 (patch)
tree370b8fd2856d4e4b1fd88697ea4e7bee0658b59a /lib/inets/src/http_client/httpc_cookie.erl
parent42d6afe554e11813385dbf175fce58f995c2f9e5 (diff)
downloadotp-7e147a05683c709128b6777d0c360fcde067f567.tar.gz
otp-7e147a05683c709128b6777d0c360fcde067f567.tar.bz2
otp-7e147a05683c709128b6777d0c360fcde067f567.zip
don't create oversize bignums in binary matching
Bignums are artifically restricted in size. Arithmetic and logical operations check the sizes of resulting bignums, and turn oversize results into system_limit exceptions. However, this check is not performed when bignums are constructed by binary matching. The consequence is that such matchings can construct oversize bignums that satisfy is_integer/1 yet don't work. Performing arithmetic such as Term - 0 fails with a system_limit exception. Worse, performing a logical operation such as Term band Term results in []. The latter occurs because the size checking (e.g. in erts_band()) is a simple ASSERT(is_not_nil(...)) on the result of the bignum operation, which internally is [] (NIL) in the case of oversize results. However, ASSERT is a no-op in release builds, so the error goes unnoticed and [] is returned as the result of the band/2. This patch addresses this by preventing oversize bignums from entering the VM via binary matching: - the internal bytes_to_big() procedure is augmented to return NIL for oversize results, just like big_norm() - callers of bytes_to_big() are augmented to check for NIL returns and signal errors in those cases - erts_bs_get_integer_2() can only fail with badmatch, so that is the Erlang-level result of oversize bignums from binary matches - big_SUITE.erl is extended with a test case that fails without this fix (no error signalled) and passes with it (badmatch occurs) Credit goes to Nico Kruber for the initial bug report.
Diffstat (limited to 'lib/inets/src/http_client/httpc_cookie.erl')
0 files changed, 0 insertions, 0 deletions