[erlang-bugs] Seg fault in binary_to_term on bad data
Bjorn Gustavsson
bjorn@REDACTED
Tue Apr 15 10:05:24 CEST 2008
"Matthew Dempsky" <matthew@REDACTED> writes:
> Calling binary_to_term can cause a segmentation fault. The binary
> below is an EXPORT_EXT encoding, but with the Module, Function, and
> Arity parts all set to SMALL_INTEGER_EXT encoding for 13. I expect
> binary_to_term to instead just raise an exception in the calling
> process.
Thanks! We will correct it in R12B-3. Here is a patch:
*** erts/emulator/beam/external.c@@/OTP_R12B-2 Mon Apr 7 15:57:52 2008
--- erts/emulator/beam/external.c Tue Apr 15 09:08:51 2008
***************
*** 1396,1403 ****
Eterm temp;
Sint arity;
! ep = dec_atom(dep, ep, &mod);
! ep = dec_atom(dep, ep, &name);
*hpp = hp;
ep = dec_term(dep, hpp, ep, off_heap, &temp);
hp = *hpp;
--- 1396,1407 ----
Eterm temp;
Sint arity;
! if ((ep = dec_atom(dep, ep, &mod)) == NULL) {
! goto error;
! }
! if ((ep = dec_atom(dep, ep, &name)) == NULL) {
! goto error;
! }
*hpp = hp;
ep = dec_term(dep, hpp, ep, off_heap, &temp);
hp = *hpp;
/Bjorn
--
Björn Gustavsson, Erlang/OTP, Ericsson AB
More information about the erlang-bugs
mailing list