-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
int overflow when allocating large vector (new in vector-0.11.0.0) #98
Comments
Argh. I thought we did some work to fix that for 0.11. On Friday, September 18, 2015, rwbarton notifications@github.com wrote:
|
This is actually a primitive bug. The memset operations will overflow. It's fixed in primitive head, but somehow I neglected to release it, even though I specifically fixed this issue in it in preparation for releasing 0.11. I'll get primitive release out, and we should increase the required version of vector 0.11.x to use it. Do people prefer a separate release for that, or editing the bounds on hackage? |
Oh, an existing bug in a function in primitive that is only used by the new version of vector? I was confused at first, since I have only one version of primitive installed under 7.8.4. |
Yes, exactly.
0.10 just lets you see uninitialized memory with |
I've released a new primitive that fixes this, version 0.6.1.0. There were no API changes, so a minor version increase was fine, and no vector changes are necessary. |
Did you/could you set impossible bounds for the broken version? |
Which ones? The bug goes back at least to primitive 0.5, from 3 years ago. But actually there is already bad C code in 0.3, from 5 1/2 years ago. I'm unsure if it will actually cause problems, but its function signatures for memcpy/memmove/etc. wrappers use |
So essentially it's impossible to shield users from hr bug unless we force On Tuesday, September 22, 2015, dolio notifications@github.com wrote:
|
In some form, yes. If they use 0.5 - 0.6, memset will be bugged, and for vector 0.11, new will be bugged because it uses memset. If they use 0.3 - 0.5 or so, there's probably some undefined behavior about what happens when you memcpy and stuff with large enough arrays, because it's passing signed 64-bit sizes into signed 32-bit C ints (provided you're on a 64-bit system). vector can't build with any of those versions, but someone could. |
vector segfaults when allocating a mutable unboxed vector larger than 4GB. Reported on StackOverflow.
The segfault is in
UM.new
.Tested with GHC 7.8.4 and 7.10.1. vector-0.10.12.2 did not segfault, also tested with the same GHC versions.
The text was updated successfully, but these errors were encountered: