aboutsummaryrefslogtreecommitdiffstats
path: root/erts
diff options
context:
space:
mode:
Diffstat (limited to 'erts')
-rw-r--r--erts/doc/src/erl_nif.xml7
-rw-r--r--erts/doc/src/erlang.xml13
-rw-r--r--erts/doc/src/notes.xml17
-rw-r--r--erts/emulator/beam/atom.c77
-rw-r--r--erts/emulator/beam/atom.h8
-rw-r--r--erts/emulator/nifs/common/socket_nif.c46
-rw-r--r--erts/emulator/test/bif_SUITE.erl10
7 files changed, 154 insertions, 24 deletions
diff --git a/erts/doc/src/erl_nif.xml b/erts/doc/src/erl_nif.xml
index f88d255296..d74ae23a93 100644
--- a/erts/doc/src/erl_nif.xml
+++ b/erts/doc/src/erl_nif.xml
@@ -1495,6 +1495,9 @@ enif_free_iovec(iovec);]]></code>
<c>term</c>.</p>
<p>Returns <c>true</c> on success, or <c>false</c> if <c>term</c> is
not a handle to a resource object of type <c>type</c>.</p>
+ <p><c>enif_get_resource</c> does not add a reference to the resource
+ object. However, the pointer received in <c>*objp</c> is guaranteed to
+ be valid at least as long as the resource handle <c>term</c> is valid.</p>
</desc>
</func>
@@ -2947,6 +2950,10 @@ enif_map_iterator_destroy(env, &amp;iter);</code>
References made by <seealso marker="#enif_make_resource">
<c>enif_make_resource</c></seealso>
can only be removed by the garbage collector.</p>
+ <p>There are no guarantees exactly when the destructor of an
+ unreferenced resource is called. It could be called directly by
+ <c>enif_release_resource</c> but it could also be scheduled to be
+ called at a later time possibly by another thread.</p>
</desc>
</func>
diff --git a/erts/doc/src/erlang.xml b/erts/doc/src/erlang.xml
index a879cce840..f41ed87048 100644
--- a/erts/doc/src/erlang.xml
+++ b/erts/doc/src/erlang.xml
@@ -3105,6 +3105,7 @@ false</code>
Map = #{42 => value_two,1337 => "value one","a" => 1},
map_get(Key,Map).
"value one"</code>
+ <p>Allowed in guard tests.</p>
</desc>
</func>
@@ -9412,6 +9413,18 @@ Metadata = #{ pid => pid(),
<p>Returns the previous system monitor settings just like
<seealso marker="#system_monitor/0">
<c>erlang:system_monitor/0</c></seealso>.</p>
+ <p>The arguments to <c>system_monitor/2</c> specifies how all
+ system monitoring on the node should be done, not how it should be
+ changed. This means only one process at a time
+ (<c><anno>MonitorPid</anno></c>) can be the receiver of system monitor
+ messages. Also, the way to clear a specific monitor option
+ is to not include it in the list <c><anno>Options</anno></c>. All
+ system monitoring will, however, be cleared if the process identified by
+ <c><anno>MonitorPid</anno></c> terminates.</p>
+ <p>There are no special option values (like zero) to clear an option.
+ Some of the options have a unspecified minimum value. Lower values
+ will be adjusted to the minimum value. For example, it is currently not
+ possible to monitor all garbage collections with <c>{long_gc, 0}</c>.</p>
<note>
<p>If a monitoring process gets so large that it itself
starts to cause system monitor messages when garbage
diff --git a/erts/doc/src/notes.xml b/erts/doc/src/notes.xml
index aad7e27f80..51c1ecc8b1 100644
--- a/erts/doc/src/notes.xml
+++ b/erts/doc/src/notes.xml
@@ -514,6 +514,23 @@
</section>
+<section><title>Erts 10.3.5.1</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>Fixed a buffer overflow when
+ <c>binary_to_existing_atom/2</c> and
+ <c>list_to_existing_atom/2</c> was used with the
+ <c>latin1</c> encoding.</p>
+ <p>
+ Own Id: OTP-15819 Aux Id: ERL-944 </p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
<section><title>Erts 10.3.5</title>
<section><title>Fixed Bugs and Malfunctions</title>
diff --git a/erts/emulator/beam/atom.c b/erts/emulator/beam/atom.c
index 59b51fd15e..5a70509ffd 100644
--- a/erts/emulator/beam/atom.c
+++ b/erts/emulator/beam/atom.c
@@ -200,11 +200,15 @@ atom_free(Atom* obj)
ASSERT(obj->slot.index == atom_val(am_ErtsSecretAtom));
}
-static void latin1_to_utf8(byte* conv_buf, const byte** srcp, int* lenp)
+static void latin1_to_utf8(byte* conv_buf, Uint buf_sz,
+ const byte** srcp, Uint* lenp)
{
byte* dst;
const byte* src = *srcp;
- int i, len = *lenp;
+ Uint i, len = *lenp;
+
+ ASSERT(len <= MAX_ATOM_CHARACTERS);
+ ASSERT(buf_sz >= MAX_ATOM_SZ_FROM_LATIN1);
for (i=0 ; i < len; ++i) {
if (src[i] & 0x80) {
@@ -234,11 +238,11 @@ need_convertion:
* erts_atom_put_index() may fail. Returns negative indexes for errors.
*/
int
-erts_atom_put_index(const byte *name, int len, ErtsAtomEncoding enc, int trunc)
+erts_atom_put_index(const byte *name, Sint len, ErtsAtomEncoding enc, int trunc)
{
byte utf8_copy[MAX_ATOM_SZ_FROM_LATIN1];
const byte *text = name;
- int tlen = len;
+ Uint tlen;
Sint no_latin1_chars;
Atom a;
int aix;
@@ -247,13 +251,16 @@ erts_atom_put_index(const byte *name, int len, ErtsAtomEncoding enc, int trunc)
erts_atomic_inc_nob(&atom_put_ops);
#endif
- if (tlen < 0) {
- if (trunc)
- tlen = 0;
- else
- return ATOM_MAX_CHARS_ERROR;
+ if (len < 0) {
+ if (trunc) {
+ len = 0;
+ } else {
+ return ATOM_MAX_CHARS_ERROR;
+ }
}
+ tlen = len;
+
switch (enc) {
case ERTS_ATOM_ENC_7BIT_ASCII:
if (tlen > MAX_ATOM_CHARACTERS) {
@@ -277,7 +284,7 @@ erts_atom_put_index(const byte *name, int len, ErtsAtomEncoding enc, int trunc)
return ATOM_MAX_CHARS_ERROR;
}
no_latin1_chars = tlen;
- latin1_to_utf8(utf8_copy, &text, &tlen);
+ latin1_to_utf8(utf8_copy, sizeof(utf8_copy), &text, &tlen);
break;
case ERTS_ATOM_ENC_UTF8:
/* First sanity check; need to verify later */
@@ -338,7 +345,7 @@ erts_atom_put_index(const byte *name, int len, ErtsAtomEncoding enc, int trunc)
* erts_atom_put() may fail. If it fails THE_NON_VALUE is returned!
*/
Eterm
-erts_atom_put(const byte *name, int len, ErtsAtomEncoding enc, int trunc)
+erts_atom_put(const byte *name, Sint len, ErtsAtomEncoding enc, int trunc)
{
int aix = erts_atom_put_index(name, len, enc, trunc);
if (aix >= 0)
@@ -348,7 +355,7 @@ erts_atom_put(const byte *name, int len, ErtsAtomEncoding enc, int trunc)
}
Eterm
-am_atom_put(const char* name, int len)
+am_atom_put(const char* name, Sint len)
{
/* Assumes 7-bit ascii; use erts_atom_put() for other encodings... */
return erts_atom_put((byte *) name, len, ERTS_ATOM_ENC_7BIT_ASCII, 1);
@@ -379,23 +386,57 @@ int atom_table_sz(void)
}
int
-erts_atom_get(const char *name, int len, Eterm* ap, ErtsAtomEncoding enc)
+erts_atom_get(const char *name, Uint len, Eterm* ap, ErtsAtomEncoding enc)
{
byte utf8_copy[MAX_ATOM_SZ_FROM_LATIN1];
Atom a;
int i;
int res;
- a.len = (Sint16) len;
- a.name = (byte *)name;
- if (enc == ERTS_ATOM_ENC_LATIN1) {
- latin1_to_utf8(utf8_copy, (const byte**)&a.name, &len);
- a.len = (Sint16) len;
+ switch (enc) {
+ case ERTS_ATOM_ENC_LATIN1:
+ if (len > MAX_ATOM_CHARACTERS) {
+ return 0;
+ }
+
+ latin1_to_utf8(utf8_copy, sizeof(utf8_copy), (const byte**)&name, &len);
+
+ a.name = (byte*)name;
+ a.len = (Sint16)len;
+ break;
+ case ERTS_ATOM_ENC_7BIT_ASCII:
+ if (len > MAX_ATOM_CHARACTERS) {
+ return 0;
+ }
+
+ for (i = 0; i < len; i++) {
+ if (name[i] & 0x80) {
+ return 0;
+ }
+ }
+
+ a.len = (Sint16)len;
+ a.name = (byte*)name;
+ break;
+ case ERTS_ATOM_ENC_UTF8:
+ if (len > MAX_ATOM_SZ_LIMIT) {
+ return 0;
+ }
+
+ /* We don't need to check whether the encoding is legal as all atom
+ * names are stored as UTF-8 and we know a lookup with a badly encoded
+ * name will fail. */
+
+ a.len = (Sint16)len;
+ a.name = (byte*)name;
+ break;
}
+
atom_read_lock();
i = index_get(&erts_atom_table, (void*) &a);
res = i < 0 ? 0 : (*ap = make_atom(i), 1);
atom_read_unlock();
+
return res;
}
diff --git a/erts/emulator/beam/atom.h b/erts/emulator/beam/atom.h
index ca920679c6..f51c5a8c62 100644
--- a/erts/emulator/beam/atom.h
+++ b/erts/emulator/beam/atom.h
@@ -133,14 +133,14 @@ typedef enum {
int atom_table_size(void); /* number of elements */
int atom_table_sz(void); /* table size in bytes, excluding stored objects */
-Eterm am_atom_put(const char*, int); /* ONLY 7-bit ascii! */
-Eterm erts_atom_put(const byte *name, int len, ErtsAtomEncoding enc, int trunc);
-int erts_atom_put_index(const byte *name, int len, ErtsAtomEncoding enc, int trunc);
+Eterm am_atom_put(const char*, Sint); /* ONLY 7-bit ascii! */
+Eterm erts_atom_put(const byte *name, Sint len, ErtsAtomEncoding enc, int trunc);
+int erts_atom_put_index(const byte *name, Sint len, ErtsAtomEncoding enc, int trunc);
void init_atom_table(void);
void atom_info(fmtfn_t, void *);
void dump_atoms(fmtfn_t, void *);
Uint erts_get_atom_limit(void);
-int erts_atom_get(const char* name, int len, Eterm* ap, ErtsAtomEncoding enc);
+int erts_atom_get(const char* name, Uint len, Eterm* ap, ErtsAtomEncoding enc);
void erts_atom_get_text_space_sizes(Uint *reserved, Uint *used);
#endif
diff --git a/erts/emulator/nifs/common/socket_nif.c b/erts/emulator/nifs/common/socket_nif.c
index ee3b9f2a98..1298ae4dba 100644
--- a/erts/emulator/nifs/common/socket_nif.c
+++ b/erts/emulator/nifs/common/socket_nif.c
@@ -5253,6 +5253,7 @@ ERL_NIF_TERM naccept_listening_error(ErlNifEnv* env,
enif_set_pid_undefined(&descP->currentAcceptor.pid);
res = esock_make_error(env, atom_exmon);
} else {
+ ESOCK_ASSERT(!descP->currentAcceptor.env);
descP->currentAcceptor.env = esock_alloc_env("current acceptor");
descP->currentAcceptor.ref = CP_TERM(descP->currentAcceptor.env,
accRef);
@@ -5411,6 +5412,7 @@ ERL_NIF_TERM naccept_accepting_current_accept(ErlNifEnv* env,
esock_free_env("naccept_accepting_current_accept - "
"current-accept-env",
descP->currentAcceptor.env);
+ descP->currentAcceptor.env = NULL;
if (!activate_next_acceptor(env, descP, sockRef)) {
@@ -5422,6 +5424,7 @@ ERL_NIF_TERM naccept_accepting_current_accept(ErlNifEnv* env,
descP->state = SOCKET_STATE_LISTENING;
descP->currentAcceptorP = NULL;
+ ESOCK_ASSERT(!descP->currentAcceptor.env);
descP->currentAcceptor.env = NULL;
MON_INIT(&descP->currentAcceptor.mon);
}
@@ -5448,6 +5451,7 @@ ERL_NIF_TERM naccept_accepting_current_error(ErlNifEnv* env,
ESockRequestor req;
ERL_NIF_TERM res, reason;
+ req.env = NULL;
if (save_errno == ERRNO_BLOCK) {
/*
@@ -5475,6 +5479,7 @@ ERL_NIF_TERM naccept_accepting_current_error(ErlNifEnv* env,
req.pid) );
esock_send_abort_msg(env, sockRef, req.ref, req.env,
reason, &req.pid);
+ req.env = NULL;
DEMONP("naccept_accepting_current_error -> pop'ed writer",
env, descP, &req.mon);
}
@@ -14037,6 +14042,7 @@ ERL_NIF_TERM send_check_ok(ErlNifEnv* env,
DEMONP("send_check_ok -> current writer",
env, descP, &descP->currentWriter.mon);
esock_free_env("send_check_ok", descP->currentWriter.env);
+ descP->currentWriter.env = NULL;
}
SSDBG( descP,
@@ -14049,6 +14055,7 @@ ERL_NIF_TERM send_check_ok(ErlNifEnv* env,
if (!activate_next_writer(env, descP, sockRef)) {
descP->currentWriterP = NULL;
+ ESOCK_ASSERT(!descP->currentWriter.env);
descP->currentWriter.env = NULL;
descP->currentWriter.ref = esock_atom_undefined;
enif_set_pid_undefined(&descP->currentWriter.pid);
@@ -14074,6 +14081,7 @@ ERL_NIF_TERM send_check_fail(ErlNifEnv* env,
ESockRequestor req;
ERL_NIF_TERM reason;
+ req.env = NULL;
cnt_inc(&descP->writeFails, 1);
SSDBG( descP, ("SOCKET", "send_check_fail -> error: %d\r\n", saveErrno) );
@@ -14090,6 +14098,7 @@ ERL_NIF_TERM send_check_fail(ErlNifEnv* env,
("SOCKET", "send_check_fail -> abort %T\r\n", req.pid) );
esock_send_abort_msg(env, sockRef, req.ref, req.env,
reason, &req.pid);
+ req.env = NULL;
DEMONP("send_check_fail -> pop'ed writer", env, descP, &req.mon);
}
}
@@ -14131,6 +14140,7 @@ ERL_NIF_TERM send_check_retry(ErlNifEnv* env,
enif_set_pid_undefined(&descP->currentWriter.pid);
return esock_make_error(env, atom_exmon);
} else {
+ ESOCK_ASSERT(!descP->currentWriter.env);
descP->currentWriter.env = esock_alloc_env("current-writer");
descP->currentWriter.ref = CP_TERM(descP->currentWriter.env, sendRef);
descP->currentWriterP = &descP->currentWriter;
@@ -14260,7 +14270,7 @@ char* recv_init_current_reader(ErlNifEnv* env,
enif_set_pid_undefined(&descP->currentReader.pid);
return str_exmon;
} else {
-
+ ESOCK_ASSERT(!descP->currentReader.env);
descP->currentReader.env = esock_alloc_env("current-reader");
descP->currentReader.ref = CP_TERM(descP->currentReader.env,
recvRef);
@@ -14341,6 +14351,7 @@ void recv_error_current_reader(ErlNifEnv* env,
{
ESockRequestor req;
+ req.env = NULL;
if (descP->currentReaderP != NULL) {
DEMONP("recv_error_current_reader -> current reader",
@@ -14352,6 +14363,7 @@ void recv_error_current_reader(ErlNifEnv* env,
req.pid) );
esock_send_abort_msg(env, sockRef, req.ref, req.env,
reason, &req.pid);
+ req.env = NULL;
DEMONP("recv_error_current_reader -> pop'ed reader",
env, descP, &req.mon);
}
@@ -17647,6 +17659,7 @@ int esock_select_cancel(ErlNifEnv* env,
esock_send_abort_msg(env, sockRef, \
reqP->ref, reqP->env, \
reason, &reqP->pid); \
+ reqP->env = NULL; \
\
} else { \
\
@@ -17745,7 +17758,7 @@ REQ_SEARCH4PID_FUNCS
reqP->pid = pid; \
if (MONP("reader_push -> " #F " request", \
env, descP, &pid, &reqP->mon) != 0) { \
- FREE(reqP); \
+ FREE(e); \
return esock_make_error(env, atom_exmon); \
} \
reqP->env = esock_alloc_env(#F "_push"); \
@@ -17822,6 +17835,9 @@ BOOLEAN_T requestor_pop(ESockRequestQueue* q,
{
ESockRequestQueueElement* e = qpop(q);
+ if (reqP->env)
+ esock_free_env("requestor_pop", reqP->env);
+
if (e != NULL) {
reqP->pid = e->data.pid;
reqP->mon = e->data.mon;
@@ -17933,6 +17949,8 @@ BOOLEAN_T qunqueue(ErlNifEnv* env,
}
}
+ if (e->data.env)
+ esock_free_env("qunqueue", e->data.env);
FREE(e);
return TRUE;
@@ -18074,6 +18092,18 @@ ERL_NIF_TERM esock_make_monitor_term(ErlNifEnv* env, const ESockMonitor* monP)
* ----------------------------------------------------------------------
*/
+
+static void free_request_queue(ESockRequestQueue* q)
+{
+ while (q->first) {
+ ESockRequestQueueElement* free_me = q->first;
+ q->first = free_me->nextP;
+ if (free_me->data.env)
+ esock_free_env("dtor", free_me->data.env);
+ FREE(free_me);
+ }
+}
+
/* =========================================================================
* socket_dtor - Callback function for resource destructor
*
@@ -18089,6 +18119,16 @@ void socket_dtor(ErlNifEnv* env, void* obj)
MDESTROY(descP->accMtx);
MDESTROY(descP->closeMtx);
MDESTROY(descP->cfgMtx);
+
+ if (descP->currentReader.env)
+ esock_free_env("dtor reader", descP->currentReader.env);
+ if (descP->currentWriter.env)
+ esock_free_env("dtor writer", descP->currentWriter.env);
+ if (descP->currentAcceptor.env)
+ esock_free_env("dtor acceptor", descP->currentAcceptor.env);
+ free_request_queue(&descP->readersQ);
+ free_request_queue(&descP->writersQ);
+ free_request_queue(&descP->acceptorsQ);
#endif
}
@@ -18321,6 +18361,7 @@ void socket_stop_handle_current(ErlNifEnv* env,
"current %s %T\r\n",
reqP->ref, role, reqP->pid);
}
+ reqP->env = NULL;
}
}
@@ -18376,6 +18417,7 @@ void inform_waiting_procs(ErlNifEnv* env,
currentP->data.pid);
}
+ currentP->data.env = NULL,
DEMONP("inform_waiting_procs -> current 'request'",
env, descP, &currentP->data.mon);
diff --git a/erts/emulator/test/bif_SUITE.erl b/erts/emulator/test/bif_SUITE.erl
index 43975d1800..c5abd04e07 100644
--- a/erts/emulator/test/bif_SUITE.erl
+++ b/erts/emulator/test/bif_SUITE.erl
@@ -612,6 +612,16 @@ binary_to_existing_atom(Config) when is_list(Config) ->
UnlikelyAtom = binary_to_atom(id(UnlikelyBin), latin1),
UnlikelyAtom = binary_to_existing_atom(UnlikelyBin, latin1),
+
+ %% ERL-944; a binary that was too large would overflow the latin1-to-utf8
+ %% conversion buffer.
+ OverflowAtom = <<0:511/unit:8,
+ 196, 133, 196, 133, 196, 133, 196, 133, 196, 133,
+ 196, 133, 196, 133, 196, 133, 196, 133, 196, 133,
+ 196, 133, 196, 133, 196, 133, 196, 133, 196, 133,
+ 196, 133, 196, 133, 196, 133, 196, 133, 196, 133>>,
+ {'EXIT', _} = (catch binary_to_existing_atom(OverflowAtom, latin1)),
+
ok.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 18:24:28 +0000