Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory unsafety in withFilePath in 2.8.2.0 #295

Closed
bgamari opened this issue Sep 13, 2023 · 6 comments
Closed

Memory unsafety in withFilePath in 2.8.2.0 #295

bgamari opened this issue Sep 13, 2023 · 6 comments
Labels
status: needs triage type: bug

Comments

@bgamari
Copy link
Contributor

bgamari commented Sep 13, 2023

Your environment

All.

Steps to reproduce

ghci> :set -XOverloadedStrings
ghci> import qualified Data.ByteString.Short as BSS
ghci> import Data.ByteString.Internal (c_strlen)
ghci> BSS.useAsCStringLen "ScriptEnv0.hs" $ \(ptr, len) -> c_strlen ptr >>= \clen -> print (clen, len)

Expected behaviour

(13,13)

Actual behaviour

ghci> :set -XOverloadedStrings
ghci> import qualified Data.ByteString.Short as BSS
ghci> import Data.ByteString.Internal (c_strlen)
ghci> BSS.useAsCStringLen "ScriptEnv0.hs" $ \(ptr, len) -> c_strlen ptr >>= \clen -> print (clen, len)
(13,13)
ghci> BSS.useAsCStringLen "ScriptEnv0.hs" $ \(ptr, len) -> c_strlen ptr >>= \clen -> print (clen, len)
(38,13)
ghci> BSS.useAsCStringLen "ScriptEnv0.hs" $ \(ptr, len) -> c_strlen ptr >>= \clen -> print (clen, len)
(29,13)
ghci> BSS.useAsCStringLen "ScriptEnv0.hs" $ \(ptr, len) -> c_strlen ptr >>= \clen -> print (clen, len)
(38,13)

This is due to https://github.com/haskell/unix/pull/279/files#diff-e155a859a7a42c152728c6296887607bcfe0a7b0213d98573053e137ed8ebb32R157, which incorrectly relies on strlen on a string produced with useCString. This was originally noted in haskell/cabal#9241.
@bgamari
Copy link
Contributor Author

bgamari commented Sep 13, 2023

This is fixed in #294.

@bgamari bgamari mentioned this issue Sep 13, 2023
Merged
@gbaz
Copy link

gbaz commented Sep 13, 2023

Should the bytestring documentation be updated to more clearly warn about this footgun with the useAsCStringLen function?

This was referenced Sep 15, 2023
Merged
Merged
@hasufell hasufell mentioned this issue Sep 16, 2023
Merged
@hasufell
Copy link
Member

Fixed in #294

@Bodigrim are you making the 2.8.2.1 release?

@Bodigrim
Copy link
Contributor

If you have a moment, please do, otherwise I'll release in the morning.

@hasufell
Copy link
Member

https://hackage.haskell.org/package/unix-2.8.2.1

@hasufell
Copy link
Member

@bgamari pushed tag for your submodules: https://github.com/haskell/unix/releases/tag/v2.8.2.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: needs triage type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bgamari @gbaz @hasufell @Bodigrim