suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed a bug in flonum-extractor, which on 64-bit machines was using an

Browse Source 
8-byte read instead of a 4-byte read to pick up the 4 highest-order
bytes of a little-endian flonum, potentially reading past the end of
mapped memory for flonums produced by taking the imaginary part of an
inexact complexnum (which, unlike other flonums, are not aligned on
16-byte boundaries).  The 8-byte load would also have failed to produce
correct results on 64-bit big-endian machines (of which we presently
have none) because the offsets passed to flonum-extractor assume the
bits are in the lowest-order 4 bytes of the extracted field.
  cp0.ss,
  misc.ms,
  release_notes.stex

original commit: 97bd75bcedbcf32b77c59615a638ea1528ebe26b
This commit is contained in:
dyb 2017-06-09 21:21:08 -04:00
parent 0e41c9d8be
commit dacb66ac72
4 changed files with 40 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
LOG
View File

@ -495,5 +495,19 @@
4.ms 4.ms
- added date-dst? to access the previously-hidden DST information in - added date-dst? to access the previously-hidden DST information in
date records, and added date-zone-name to provide a time zone name. date records, and added date-zone-name to provide a time zone name.
date.ss, primdata.ss, stats.c, date.ms, root-experr*, date.ss, primdata.ss,
patch-compile*, system.stex stats.c,
date.ms, root-experr*, patch-compile*,
system.stex
- fixed a bug in flonum-extractor, which on 64-bit machines was using an
8-byte read instead of a 4-byte read to pick up the 4 highest-order
bytes of a little-endian flonum, potentially reading past the end of
mapped memory for flonums produced by taking the imaginary part of an
inexact complexnum (which, unlike other flonums, are not aligned on
16-byte boundaries). The 8-byte load would also have failed to produce
correct results on 64-bit big-endian machines (of which we presently
have none) because the offsets passed to flonum-extractor assume the
bits are in the lowest-order 4 bytes of the extracted field.
cp0.ss,
misc.ms,
release_notes.stex

6
mats/misc.ms
View File

@ -604,6 +604,12 @@
17)))]) 17)))])
(cons v ls))) (cons v ls)))
'(3 17 17)) '(3 17 17))
; regression test for bug in which $flonum-exponent read past mapped memory
(eq?
(do ([n 2000 (- n 1)] [ls (iota 2000)])
((= n 0) 'fini)
(map (lambda (x) (let ([x (exact (sqrt -2.0))]) x)) ls))
'fini)
) )
(mat compiler3 (mat compiler3

23
release_notes/release_notes.stex
View File

@ -1498,20 +1498,25 @@ in fasl files does not generally make sense.
%----------------------------------------------------------------------------- %-----------------------------------------------------------------------------
\section{Bug Fixes}\label{section:bugfixes} \section{Bug Fixes}\label{section:bugfixes}
\subsection{Overflow detection for \protect\scheme{fxsll}, \subsection{Invalid memory references involving complex numbers (9.4.1)}
\protect\scheme{fxarithmetic-shift-left}, and
\protect\scheme{fxarithmetic-shift}} A bug on 64-bit platforms that occasionally caused invalid memory
references when operating on inexact complex numbers or the imaginary parts
of inexact complex numbers has been fixed.
[This bug dated back to Version 8.9.1.]
\subsection{Overflow detection for left-shift operations on fixnums (9.4.1)}
A bug that caused \scheme{fxsll}, \scheme{fxarithmetic-shift-left}, A bug that caused \scheme{fxsll}, \scheme{fxarithmetic-shift-left},
and \scheme{fxarithmetic-shift} to fail to detect overflow in certain and \scheme{fxarithmetic-shift} to fail to detect overflow in certain
cases was fixed. cases has been fixed.
[This bug dated back to Version 7.1 or earlier.] [This bug dated back to Version 4.0.]
\subsection{Invalid memory reference when \protect\scheme{enum-set-indexer} procedure is not passed a symbol} \subsection{Missing \protect\scheme{enum-set-indexer} argument check (9.4.1)}
A bug that caused the procedure returned by \scheme{enum-set-indexer} A missing argument check that resulted in the procedure returned by \scheme{enum-set-indexer}
to perform an invalid memory reference when passed an argument that is causing an invalid memory reference when passed a non-symbol argument has been fixed.
not a symbol has been fixed. [This bug dated back to Version 7.5.]
\subsection{Storage for inaccessible mutexes and conditions is reclaimed (9.4.1)} \subsection{Storage for inaccessible mutexes and conditions is reclaimed (9.4.1)}

7
s/cpnanopass.ss
View File

@ -6313,9 +6313,10 @@
(let ([cnt (- pos (constant fixnum-offset))] (let ([cnt (- pos (constant fixnum-offset))]
[mask (* (- (expt 2 size) 1) (expt 2 (constant fixnum-offset)))]) [mask (* (- (expt 2 size) 1) (expt 2 (constant fixnum-offset)))])
(%inline logand (%inline logand
,(let ([body (%mref ,e1 ,(constant-case native-endianness ,(let ([body `(inline ,(make-info-load 'integer-32 #f) ,%load ,e1 ,%zero
[(little) (fx+ (constant flonum-data-disp) 4)] (immediate ,(constant-case native-endianness
[(big) (constant flonum-data-disp)]))]) [(little) (fx+ (constant flonum-data-disp) 4)]
[(big) (constant flonum-data-disp)])))])
(let ([body (if (fx> cnt 0) (let ([body (if (fx> cnt 0)
(%inline srl ,body (immediate ,cnt)) (%inline srl ,body (immediate ,cnt))
body)]) body)])