View on GitHub

IRAF Community Distribution

IRAF maintained by the community

Home | Installation | Packages | X11IRAF | PyRAF | Forum ↗

iraf-v216 · Code · Issues (50) · Pull requests (81)

iraf.net Issue #129

noao.digiphot.photcal parser buggy on 64 bit

closed closed olebole opened this issue on 2018-01-31


olebole commented on 2018-01-31

The code in noao$digiphot/photcal/prcode.x and noao$digiphot/photcal/preval.gx intermix access to the Memi and Memr fields with the same pointers. For example the following lines in prcode.x:

Memi[code + cp - 1] = PEV_NUMBER  
cp = cp + 1  
Memr[code + cp - 1] = value  

or in preval.gx:

case PEV_NUMBER:  
    ip = ip + 1  
    sp = sp + 1  
    stack[sp] = Memr[code + ip]  
    if (IS_INDEFR (stack[sp]))  
        break  
  
case PEV_CATVAR:  
    ip = ip + 1  
    sp = sp + 1  
    stack[sp] = vdata[Memi[code + ip]]  
    if (IS_INDEFR (stack[sp]))  
        break  

This works on 32 bit, when the length of real and int are equal (4 bytes). On 64 bit (ILP64), however, real is still 4 bytes, while int has 8 bytes, and so one cannot use Memr and Memi access from the same pointer: Memr[ptr] will get the value from a different place in memory than Memi[ptr]. Depending on how the pointer was created, either the first or the second will cause an illegal memory access.

On 64 bit, this could be avoided by accessing Memd instead of Memr, since double also has a length of 8 bytes. This, however, does not solve #128; therefore it is an independent bug.


Fixed in #130


Last updated on 2018-02-01