#621 closed defect (fixed)
"numbers" egg dumps core if base argument to string->number is too large
| Reported by: | pdh | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 4.9.0 |
| Component: | extensions | Version: | 4.7.x |
| Keywords: | Cc: | ||
| Estimated difficulty: |
Description
After loading the "numbers" egg, if the base is too large for
string->number, csi dumps core.
Looks like this:
$ csi
...
Version 4.7.0
openbsd-unix-gnu-x86-64 [ 64bit manyargs dload ptables ]
#;1> (use numbers)
...
#;2> (string->number "10" (- (expt 2 (/ (- (* 8 8) 2) 2)) 1))
2147483647
#;3> (string->number "10" (expt 2 (/ (- (* 8 8) 2) 2)))
Abort trap (core dumped)
It is failing in string_to_big() in numbers-c.c at line 2328:
BIGNUM_ASSERT ((radix > 1) && (radix <= BIGNUM_RADIX_ROOT));
BIGNUM_ASSERT just calls "abort" if the test fails, which causes the
core dump.
Observed in the "numbers" egg Version 2.6. (That is, the version
that I installed today.)
Note: See
TracTickets for help on using
tickets.
It even failed for negative or zero bases. Turns out the original C assert was wrong too since bignum_destructive_scale_up can only deal with numbers strictly *smaller* than BIGNUM_RADIX_ROOT. I've added a check so that it throws a "bad base" exception when you pass in a base that's smaller than 1 or larger/equal to BIGNUM_RADIX_ROOT.
It's fixed in numbers trunk, changeset [24227]