[erlang-questions] Issue with using enif_binary_to_term
Vincent Siliakus
zambal@REDACTED
Tue May 15 17:02:06 CEST 2018
Hi Sverker,
Thanks for the reply including the fix. Will there be an OTP 20 release
that will include this patch, or will it only be included in OTP 21? For
internal usage it doesn't really matter, but I'm hoping to release the
library I'm working on as open source in the near future.
Regarding testing the return value: I'm actually doing this in the code
where I stumbled upon this issue, which is reading terms in external term
format from an embedded kv store. I just wanted to make the example as
simple as possible to highlight the issue.
Best,
Vincent
> This is a bug in enif_binary_to_term which causes heap corruption when the term
> is an immediate (atom, small integer, pid, port, empty list).
>
> This should fix it:
>
> diff --git a/erts/emulator/beam/erl_nif.c b/erts/emulator/beam/erl_nif.c
> index e208792..0fbf0eb 100644
> --- a/erts/emulator/beam/erl_nif.c
> +++ b/erts/emulator/beam/erl_nif.c
> @@ -1255,8 +1255,10 @@ size_t enif_binary_to_term(ErlNifEnv *dst_env,
> if (is_non_value(*term)) {
> return 0;
> }
> - erts_factory_close(&factory);
> - cache_env(dst_env);
> + if (size > 0) {
> + erts_factory_close(&factory);
> + cache_env(dst_env);
> + }
>
> ASSERT(bp > data);
> return bp - data;
>
>
>
> Your usage looks correct. The only nitpick is to test the return value from
> enif_binary_to_term, either to handle broken binary or assert it's correct.
>
> /Sverker
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180515/5de085e6/attachment.htm>
More information about the erlang-questions
mailing list