[RPL/2] RPL/2-4.00pre7n

Lun 25 Oct 11:39:59 CEST 2004

On Mon, Oct 25, 2004 at 03:43:54AM -0400, Stuart Moore wrote:
> Joel,
> 
> Hi.
> 
> > It catches stack overflows (mainly due to recursion).
> 
> Do these overflows have a security impact?
> 
> Y a't'il un impact de sécurité?

	No, Stuart, there is no security impact. It's only a cosmetic patch
	to allow the sequencer to close (and delete) all temporary files
	when a segfault occurs, or to avoid segfault if it is possible.
	Example :

	+++do 1 until false end

	If you enter a ctrl+C to return to the sequencer, with an old
	release, you can obtain a segmentation fault due to a stack
	overflow (the function that displays the stack is a recursive
	function). In this case, the sequencer does not display all elements
	in the stack and does not crash.

	The same result can be done with something like this :

#!/usr/apps/bin/rpl -c

ROTONDITE
<<
    6375000 // mètres
    10000   // mètres
    1.33    // correction
    -> R D K
    <<
        1
        2 R K * *
        7 D sq * 8 R K * * / + neg
        'X' sq 3 D 3 ** * 16 R sq K sq * * / 'X' * +
        -> A B C
        <<
            B sq 4 A C * * - dup disp
            -> D
            <<
                B neg D sqrt - 2 A * / steq

                'X' 0 D 3 ->list indep // problem
                { X Y } autoscale
                10 res
                EQ disp
                draw // segfault !
				drax persist
            >>
        >>
    >>
>>

	due to the recursion X=f(D) and D=g(X) ! In this case, there is a
	bug in my source file (two 'D' variables, the first masked by the
	second that contains a X function), and the sequencer hangs with a
	regular error message and not with a segfault.

	The limit of the size of the stack is a limit given by the C
	compiler (gcc on i386 uses a 8MB stack). Thus, the sequencer waits
	for a stack overflow, uses another stack for POSIX signals, and sees
	if it can catch this overflow.

	Regards,

	JKB