[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #42651] Incorrect input validation for strings
From: |
Rik |
Subject: |
[Octave-bug-tracker] [bug #42651] Incorrect input validation for strings |
Date: |
Sun, 29 Jun 2014 22:57:21 +0000 |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 |
URL:
<http://savannah.gnu.org/bugs/?42651>
Summary: Incorrect input validation for strings
Project: GNU Octave
Submitted by: rik5
Submitted on: Sun 29 Jun 2014 03:57:20 PM PDT
Category: Interpreter
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Inaccurate Result
Status: None
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: dev
Operating System: GNU/Linux
_______________________________________________________
Details:
A number of input validation code blocks in libinterp are using an incorrect
pattern which does not result in the correct validation of string input.
The list of occurrences is
corefcn/data.cc:6549: error ("sort: MODE must be a string");
corefcn/help.cc:1387: error ("__list_functions__: DIRECTORY argument
must be a string");
corefcn/matrix_type.cc:225: error ("matrix_type: TYPE must be a
string");
corefcn/matrix_type.cc:425: error ("matrix_type: TYPE must be a
string");
corefcn/qz.cc:407: error ("qz: OPT must be a string");
corefcn/balance.cc:250: error ("balance: OPT argument must be a
string");
corefcn/file-io.cc:578: ::error ("%s: architecture type must be a
string", fcn);
corefcn/file-io.cc:581: ::error ("%s: file mode must be a string",
fcn);
corefcn/file-io.cc:584: ::error ("%s: file name must be a string", fcn);
corefcn/file-io.cc:925: ::error ("%s: format TEMPLATE must be a
string", who.c_str ());
corefcn/file-io.cc:1264: ::error ("%s: argument STRING must be a
string", who.c_str ());
corefcn/file-io.cc:1388: ::error ("fread: ARCH architecture
type must be a string");
corefcn/file-io.cc:1397: ::error ("fread: PRECISION must be a
string");
corefcn/file-io.cc:1656: ::error ("fwrite: ARCH architecture
type must be a string");
corefcn/file-io.cc:1665: ::error ("fwrite: PRECISION must be a string");
corefcn/file-io.cc:1872: ::error ("popen: MODE must be a string");
corefcn/file-io.cc:1875: ::error ("popen: COMMAND must be a string");
corefcn/file-io.cc:1937: ::error ("PREFIX must be a string");
corefcn/file-io.cc:1940: ::error ("DIR argument must be a string");
corefcn/file-io.cc:2079: error ("mkstemp: TEMPLATE argument must be a
string");
corefcn/schur.cc:150: error ("schur: second argument must be a
string");
corefcn/syscalls.cc:239: error ("exec: FILE must be a string");
corefcn/syscalls.cc:372: error ("popen2: COMMAND argument must be a
string");
corefcn/sysdep.cc:600: error ("putenv: VALUE must be a string");
corefcn/sysdep.cc:603: error ("putenv: VAR must be a string");
corefcn/time.cc:481: error ("strftime: FMT must be a string");
corefcn/time.cc:530: error ("strptime: FMT must be a string");
corefcn/time.cc:533: error ("strptime: argument STR must be a
string");
corefcn/toplev.cc:1224: error ("atexit: FCN argument must be a
string");
corefcn/utils.cc:334: error ("file_in_loadpath: FILE argument must be a
string");
corefcn/utils.cc:417: error ("file_in_path: PATH must be a string");
corefcn/utils.cc:791: error ("undo_string_escapes: S argument must be a
string");
corefcn/variables.cc:184: error ("%s: expecting first argument to be a
string",
corefcn/variables.cc:347: error ("isglobal: NAME must be a string");
corefcn/variables.cc:2072: error ("munlock: FCN must be a string");
corefcn/variables.cc:2108: error ("mislocked: FCN must be a string");
octave-value/ov-fcn-handle.cc:1858: error ("str2func: FCN_NAME must be
a string");
octave-value/ov-java.cc:2062: error ("javaObject: CLASSNAME must be
a string");
octave-value/ov-java.cc:2138: error ("javaMethod: METHODNAME must
be a string");
octave-value/ov-java.cc:2207: error ("__java_get__: NAME must be a
string");
octave-value/ov-java.cc:2269: error ("__java_set__: NAME must be a
string");
The problem is that the code uses this sequence for input validation.
std::string tmp = args(0).string_value ();
if (! error_state)
...
else
error ("ARG must be a string")
But Octave will coerce numeric arrays into strings so despite there being
incorrect input the error message is never given. This code runs in Octave
without an error message, but is certainly not what you want.
exec (1)
The fix is to use the is_string() predicate test instead. The code should
look like this
if (args(0).is_string ())
tmp = args(0).string_value ();
...
else
error ("ARG must be a string")
These are easy changes, but there are so many of them, that I thought I would
post this to the bug tracker and also put it on the list of easy bug fixes.
For people who want to experiment with learning Octave's internals and how the
C++ code is written this is an easy first step
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42651>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #42651] Incorrect input validation for strings,
Rik <=