Skip to content
This repository has been archived by the owner on Jun 1, 2023. It is now read-only.

signature return value in list aligned #395

Closed
AlexBurnes opened this issue Mar 19, 2019 · 2 comments
Closed

signature return value in list aligned #395

AlexBurnes opened this issue Mar 19, 2019 · 2 comments
Assignees
@rurban
Labels
bug
Milestone
v5.30.0c

Comments

@AlexBurnes
Copy link

Return value for variable in list from signature function is wrong aligned by 8 bits left

The code was taken from an asn1 decoder library, the code in both functions are the same except the way function arguments are initiated:

use strict;
my $buf = pack("CCC",0x5f,0x81,0x3a);

my ($pos, $etag, $id) = decode_tl(0, $buf);
printf unpack("H*", $etag)." id => $id\n";

my ($pos, $etag, $id) = decode_tl_signature(0, $buf);
printf unpack("H*", $etag)." id => $id";

$id >>=8;
printf ", shifted id => $id\n";

sub decode_tl {
    my ($pos) = @_;

    my $etag = substr($_[-1], $pos++, 1);

    my $tag = ord($etag);
    my $id = $tag & 0x1f;

    if($id == 0x1f) {
        my $b;
        my $n=1;
        $id = 0;
        do {
            $tag = substr($_[-1], $pos++, 1);
            $etag .= $tag;
            $b = ord substr($tag,-1);
            $id = ($id << 7) + ($b & 0x7f);
        }
        while($b & 0x80);
    }

    return ($pos, $etag, $id);
}

sub decode_tl_signature ($pos, \$buf) {

    my $etag = substr($buf, $pos++, 1);

    my $tag = ord($etag);
    my $id = $tag & 0x1f;

    if($id == 0x1f) {
        my $b;
        my $n=1;
        $id = 0;
        do {
            $tag = substr($buf, $pos++, 1);
            $etag .= $tag;
            $b = ord substr($tag,-1);
            $id = ($id << 7) + ($b & 0x7f);
        }
        while($b & 0x80);
    }

    return ($pos, $etag, $id);
}

/opt/cperl-5.28.2/bin/cperl ./test_signature.pl
5f813a id => 186
5f813a id => 47616, shifted id => 186

The same for cperl 5.24.4, 5.26.5.
Perl 5.26.1 has no issue.
If variable $etag remove from return list than value in variable id is ok.
@rurban rurban self-assigned this Mar 19, 2019
@rurban rurban added the bug label Mar 19, 2019
@rurban rurban added this to the v5.30.0c milestone Jun 24, 2019
@rurban
Copy link
Member

rurban commented Jun 24, 2019
edited
Loading

With DEBUGGING at least I get a proper crash. Looking at it. Nice test case, thanks!
The problem is that the \$buf arg is freed in leavesub, leave_scope, and not properly assigned back to the original value as planned.

rurban added a commit that referenced this issue Jun 27, 2019
@rurban
WIP fix sigref stack corruption
9a2d7ae 
setting undef to the last stack element ($id here).
see cperl #395. This is not the proper fix though.
rurban added a commit that referenced this issue Jun 27, 2019
@rurban
WIP fix sigref stack corruption
36665ea 
setting undef to the last stack element ($id here).
see cperl #395. This is not the proper fix though.
rurban added a commit that referenced this issue Jun 27, 2019
@rurban
WIP fix sigref stack corruption
4681411 
setting undef to the last stack element ($id here).
see cperl #395. This is not the proper fix though.
rurban added a commit that referenced this issue Jun 27, 2019
@rurban
fix sigref stack corruption #395
178a393 
It was setting undef to the last stack element ($id here).
save_pushptrptr takes one ptr and one element to restore.
But we must use it similar to save_generic_svref, not save_sptr.
Fixes cperl #395.
@rurban
Copy link
Member

rurban commented Jul 3, 2019

Fixed with 5.30.0c, thanks for the nice test case.

@rurban rurban closed this as completed Jul 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rurban rurban

Labels
bug
Projects
None yet
Milestone
v5.30.0c
Development

No branches or pull requests
2 participants
@rurban @AlexBurnes