diff --git a/LOG b/LOG index 0977ded28c..f8a9f1809e 100644 --- a/LOG +++ b/LOG @@ -495,5 +495,19 @@ 4.ms - added date-dst? to access the previously-hidden DST information in date records, and added date-zone-name to provide a time zone name. - date.ss, primdata.ss, stats.c, date.ms, root-experr*, - patch-compile*, system.stex + date.ss, primdata.ss, + stats.c, + date.ms, root-experr*, patch-compile*, + system.stex +- fixed a bug in flonum-extractor, which on 64-bit machines was using an + 8-byte read instead of a 4-byte read to pick up the 4 highest-order + bytes of a little-endian flonum, potentially reading past the end of + mapped memory for flonums produced by taking the imaginary part of an + inexact complexnum (which, unlike other flonums, are not aligned on + 16-byte boundaries). The 8-byte load would also have failed to produce + correct results on 64-bit big-endian machines (of which we presently + have none) because the offsets passed to flonum-extractor assume the + bits are in the lowest-order 4 bytes of the extracted field. + cp0.ss, + misc.ms, + release_notes.stex diff --git a/mats/misc.ms b/mats/misc.ms index 8750b7142e..893424dbfd 100644 --- a/mats/misc.ms +++ b/mats/misc.ms @@ -604,6 +604,12 @@ 17)))]) (cons v ls))) '(3 17 17)) + ; regression test for bug in which $flonum-exponent read past mapped memory + (eq? + (do ([n 2000 (- n 1)] [ls (iota 2000)]) + ((= n 0) 'fini) + (map (lambda (x) (let ([x (exact (sqrt -2.0))]) x)) ls)) + 'fini) ) (mat compiler3 diff --git a/release_notes/release_notes.stex b/release_notes/release_notes.stex index e33446858f..d2a50b6fd9 100644 --- a/release_notes/release_notes.stex +++ b/release_notes/release_notes.stex @@ -1498,20 +1498,25 @@ in fasl files does not generally make sense. %----------------------------------------------------------------------------- \section{Bug Fixes}\label{section:bugfixes} -\subsection{Overflow detection for \protect\scheme{fxsll}, -\protect\scheme{fxarithmetic-shift-left}, and -\protect\scheme{fxarithmetic-shift}} +\subsection{Invalid memory references involving complex numbers (9.4.1)} + +A bug on 64-bit platforms that occasionally caused invalid memory +references when operating on inexact complex numbers or the imaginary parts +of inexact complex numbers has been fixed. +[This bug dated back to Version 8.9.1.] + +\subsection{Overflow detection for left-shift operations on fixnums (9.4.1)} A bug that caused \scheme{fxsll}, \scheme{fxarithmetic-shift-left}, and \scheme{fxarithmetic-shift} to fail to detect overflow in certain -cases was fixed. -[This bug dated back to Version 7.1 or earlier.] +cases has been fixed. +[This bug dated back to Version 4.0.] -\subsection{Invalid memory reference when \protect\scheme{enum-set-indexer} procedure is not passed a symbol} +\subsection{Missing \protect\scheme{enum-set-indexer} argument check (9.4.1)} -A bug that caused the procedure returned by \scheme{enum-set-indexer} -to perform an invalid memory reference when passed an argument that is -not a symbol has been fixed. +A missing argument check that resulted in the procedure returned by \scheme{enum-set-indexer} +causing an invalid memory reference when passed a non-symbol argument has been fixed. +[This bug dated back to Version 7.5.] \subsection{Storage for inaccessible mutexes and conditions is reclaimed (9.4.1)} diff --git a/s/cpnanopass.ss b/s/cpnanopass.ss index 964405612f..512533a979 100644 --- a/s/cpnanopass.ss +++ b/s/cpnanopass.ss @@ -6313,9 +6313,10 @@ (let ([cnt (- pos (constant fixnum-offset))] [mask (* (- (expt 2 size) 1) (expt 2 (constant fixnum-offset)))]) (%inline logand - ,(let ([body (%mref ,e1 ,(constant-case native-endianness - [(little) (fx+ (constant flonum-data-disp) 4)] - [(big) (constant flonum-data-disp)]))]) + ,(let ([body `(inline ,(make-info-load 'integer-32 #f) ,%load ,e1 ,%zero + (immediate ,(constant-case native-endianness + [(little) (fx+ (constant flonum-data-disp) 4)] + [(big) (constant flonum-data-disp)])))]) (let ([body (if (fx> cnt 0) (%inline srl ,body (immediate ,cnt)) body)])