run sometimes executed on corrupted data

YAMASHINA Hio <>
Thu Dec 24 09:33:54 CET 2009


Hi all.

Following snnipet

  case re:run(Data, "[\\x00\\x01]", [{capture,[0],binary}]) of
  nomatch ->
    ok;
  {match,X} ->
    throw({"source text", Data, "contains invalid sequence", X})
  end,

rarely raises strange excepion

  {"source text",<<"xxx!x">>,"contains invalid sequence",[<<"!">>]}

This message is just outputed one with no masking of secret data.


It looks like this problem happens when:
- Subject is just binary term (RESTART_FLAG_SUBJECT_IN_BINARY),
- erts_pcre_exec is interrupted with PCRE_ERROR_LOOP_LIMIT,
- run garbage collection
- and erts_pcre_exec is restarted.

Although Subject binary (BIF_ARG_2) is not destroyed,
but shurink process moves the memory block where actual data is stored.

Restart context only has memory address and there is not any notice from
garbage collection.
Then re:run is restarted on corrupted garbage collected Subject.

Patch for R13B03 is attached.
Sorry for not providing any code snippet to reproduce the problem.
This problem was found on R13B01.

Regards.

-- 
YAMASHINA Hio <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: otp_src_R13B03.fix-re.patch
Type: application/octet-stream
Size: 3463 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-patches/attachments/20091224/955a150b/attachment.obj>


More information about the erlang-patches mailing list