[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

make-string uninitialized memory eposure considered harmful

From: Greg Troxel
Subject: make-string uninitialized memory eposure considered harmful
Date: Fri, 10 Jan 2003 14:54:02 -0500

In guile 1.6, NetBSD 1.6-stable/i386, I found that make-string returns
random stuff if you don't give it a second arg.  

guile> (make-string 100)
"traced-stack-ids set of stack ids for which tracing is active. executable is 
in no way restricted"

This I took to be a sign of brokenness.  So I read the docs:

guile> (help make-string)
`make-string' is a primitive procedure in the (guile) module.

 - Scheme Procedure: make-string k [chr]
     Return a newly allocated string of length K.  If CHR is given,
     then all elements of the string are initialized to CHR, otherwise
     the contents of the STRING are unspecified.

and tried again.

guile> (make-string 1000)

 - Scheme Procedure: make-stack obj . args
     Create a new stack. If OBJ is `#t', the current evaluation stack
     is used for creating the stack frames, otherwise the frames are
     taken from OBJ (which must be either a debug object or a

     ARGS should be a list containing any combination of integer,
     procedure and `#t' values.

     These values specify various ways of cutting away uninteresting
     stack frames from the top and bottom of the stack that
     `make-stack' returns.  They come in pairs like this: `(INNER_CUT_1

     Each INNER_CUT_N can be `#t', an integer, or a procedure.  `#t'
     means to cut away all frames up to but excluding the first user
     module frame.  An integer means to cut away exactly that number of
     frames.  A procedure means to cut away all frames up to but
     excluding the application frame whose procedure matches the
     specified one.

     Each OUT"

At this point, I get what is going on.  This is confusing, and exposes
the contents of random memory locations, perhaps exposing a password
that somone thought had been garbage collected.  So, I'd argue that
the default behavior should be to fill with nulls, or something, even
though the spec should remain unspecified.  If we are afraid people
will depend on that, it can fill with something chosen arbitrarily,
but it shouldn't expose the existing contents of free memory.

Anyone want to call me paranoid?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]