Opened 12 years ago
Closed 12 years ago
#67 closed defect (fixed)
deftransform for replace is unsafe
Reported by: | Raymond Toy | Owned by: | somebody |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Core | Version: | 2012-12 |
Keywords: | Cc: |
Description
Consider this function
(defun bad (s) (declare (simple-string s)) (replace s s :start2 100 :end2 105))
After compiling this,
(bad (copy-seq "1234567890"))
Produces a totally bogus result, filling in the first 4 characters of the resulting string with garbage.
The problem is that the deftransform for replace just calls BIT-BASH-COPY
without verifying that the start and end indices make sense for the given string. Note that it also doesn't check to see that end >= start, but this gets handled by BIT-BASH-COPY
which gets a negative length and signals an error.
Note: See
TracTickets for help on using
tickets.
commit 3be4fc215fa2a4d23dc145e6cfa9519492525bc1 Author: Raymond Toy <toy.raymond@…> Date: Sat Dec 22 12:46:45 2012 -0800