Age | Commit message (Collapse) | Author |
|
OTP-10106
OTP-10107
|
|
|
|
|
|
|
|
Don't know why the 1 was there, it does however cause the
buffer to overflow when decoding the atoms from rex.
OTP-9799
|
|
Removed symbolic links from repository.
|
|
Still does not run, just compiles.
|
|
* dev:
Update copyright years
|
|
|
|
Conflicts:
erts/aclocal.m4
erts/include/internal/ethread_header_config.h.in
|
|
* ac/fix-erl_interface-docs:
Make comment reflect code in erl_interface/src/misc/ei_decode_term.c
ei_decode_ei_term() returns 1 if index is incremented
OTP-9559
|
|
* cr/cppcheck:
Changes inspired by running cppcheck(1)
OTP-9557
|
|
|
|
* ms/ei-int-overflow-in-string-atom-enc:
ei: integer overflow in string/atom encoding
OTP-9530
|
|
Note that ei_decode_term.h has the correct behaviour described!
Also removed extraneous '/* return 0; */' comments.
|
|
|
|
|
|
|
|
ei_encode_atom() and ei_encode_string() use strlen() to get the length
of the buffer. As strlen() returns an unsigned long long and both ei
functions take a signed integer, the length fields may overflow.
Check the results of strlen can be held in a signed integer.
|
|
|
|
|
|
* gl/erl_do_receive_msg/OTP-9241:
The function 'erl_xreceive_msg' returned garbage in the 'to' and 'to_name' members of the message. The reason for that was found in the 'erl_do_receive_msg' function. When no 'pid' is provided by the sender, like when doing rpc calls as those uses registered name sends, it doesn't initialize the 'to' member and also the 'to_name' member is copied by the function.
|
|
members of the message. The reason for that was found in the 'erl_do_receive_msg' function. When no 'pid' is provided by the sender, like when doing rpc calls as those uses registered name sends, it doesn't initialize the 'to' member and also the 'to_name' member is copied by the function.
|
|
|
|
* cg/fix-sizeof-array-arg:
Fix using sizeof() for array given as function argument
OTP-9151
|
|
|
|
When using the sizeof() operator for an array given as function argument it
returns the size of the pointer.
In this case, the affected function hex(char digest[16], char buff[33]) will
just print 4 or 8 byte instead of the full length of 16 bytes, on 32bit and
64bit systems respectively.
|
|
|
|
|
|
* vb/ei-exts:
Fix testcases erl_global_whereis, erl_global_names
Fix wrong erl_compare_ext result comparing lists
Correct erl_global{register, unregister} functions
Add PID (~p) type parameters to ei_format
Add char (~c) type parameters to ei_format
OTP-9015
Conflicts:
lib/erl_interface/include/ei.h
|
|
|
|
Function erl_compare_ext of erl_interface library returns
1 instead -1 when comparing lists like [0] and [0, 1000].
Credits to: Evgeny Khirin <evgeny.khirin <at> erlios.com>
|
|
C node needs DFLAG_DIST_MONITOR flag set when connecting,
and support for processing monitoring start/end messages
received from counterpart, to make global registration
actually work.
|
|
|
|
|
|
From R14B integers use all 32 bits of external format
INTEGER_EXT. erl_term_len still had the 28-bit check and therefor
returned a too large values (7 instead of 5) for integers of 29-32
bits.
erl_term_len also returned a 2 bytes too small value for references.
|
|
* ms/ei-fixes:
ei: check memory was allocated
ei: error if return value of ei_alloc_big is NULL
OTP-8943
|
|
* ms/ei-fix-node-name-overflow:
ei: check the length of the node name
OTP-8943
|
|
|
|
|
|
|
|
|
|
Check the length of the node name to prevent an overflow.
|
|
* ms/fix-zero-byte-allocation:
registry: fix zero byte allocation
OTP-8893
|
|
* sv/ei-number-parsing:
teach ei_x_format to handle unary - and +
OTP-8891
|
|
Teach the format string parser used for ei_x_format() and
ei_x_format_wo_ver() about unary negative and positive operators on
numbers. Previously, passing a negative numeric constant or a positive
numeric constant with an explicit leading plus sign within the format
string would cause these functions to fail.
Augment the format_wo_ver unit test in the ei_format suite with a
regression test for these cases.
An easy way to reproduce the problem is to use erl_call:
erl_call -s foo@bar -a 'erlang list_to_integer [-1]'
Without this change, erl_call fails with a -1 exit status. With this
change, it properly prints "-1".
|
|
Pasto in code results in 0 bytes (instead of length bytes) being allocated
when the length of the key exceeds the static buffer.
|
|
get_hostent does not properly handle IPv4 addresses on little endian
platforms and fails with hostnames beginning with a number. Remove
get_hostent and use ei_gethostbyname directly since gethostbyname supports
IPv4 addresses.
Reported-By: Julien Barbot
|
|
* pan/epmd-vulnerabilities/OTP-8780:
Teach testcases to survive TIME_WAIT overload
Update erl_interface doc and testsuite for epmd changes
Restore null termination of input buffer
Teach testcase epmd_SUITE:too_large to accept econnaborted
Teach epmd_cli.c to not respond 'Killed' when killing denied
Calculate minimal packet size for ALIVE2 requests correctly
Document epmd and it's options properly and fixup help text
Fix anomalies in epmd not yet reported as security issues
Remove two buffer overflow vulnerabilities in EPMD
Remove all support for ancient EPMD protocol
Remove very old protocol from EPMD
Conflicts:
lib/erl_interface/src/epmd/epmd_port.c
|
|
* sv/ei-writev:
fix incorrect writev iovec buffer handling in ei
OTP-8837
|