binary_to_term can crash the VM
Matthias Lang
matthias@REDACTED
Thu Feb 2 00:13:21 CET 2006
Hi,
I recall binary_to_list being fixed to be able to cope with 'bad'
binaries a few years ago. But I stumbled across another way to crash
it:
2> binary_to_term(<<131,109,255,255,255,255>>).
Segmentation fault
This can bite when code such as 'rb' calls binary_to_term on corrupt
data:
/usr/local/src/otp_src_R10B-8/bin/erl -boot start_sasl
...
Eshell V5.4.10 (abort with ^G)
1> c(crash).
{ok,crash}
2> crash:go().
rb: reading report...Segmentation fault
I haven't tried making dets fail, but I bet 'rb' isn't the only thing
which uses binary_to_term on data it can't be sure it created.
Matthias
(FWIW: I don't use 'log_mf_handler' or 'rb' in production systems
because of past problems. This seems like another good reason to give
them a miss.)
%%----------------------------------------------------------------------
-module(crash).
-export([go/0]).
go() ->
file:make_dir("/tmp/zap"),
file:write_file("/tmp/zap/index", <<1>>),
%% simulate a corrupt logfile
file:write_file("/tmp/zap/1", <<0,6,131,109,255,255,255,255>>),
rb:start([{report_dir, "/tmp/zap"}]),
rb:list().
More information about the erlang-questions
mailing list