[GHC] #229: Integer overflow in array allocation
GHC
ghc-devs at haskell.org
Thu Jun 5 04:50:29 UTC 2014
#229: Integer overflow in array allocation
--------------------------------------+------------------------------------
Reporter: josefs | Owner: rwbarton
Type: bug | Status: new
Priority: normal | Milestone: ⊥
Component: libraries (other) | Version: 7.8.1
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture: Unknown/Multiple
Type of failure: None/Unknown | Difficulty: Unknown
Test Case: | Blocked By:
Blocking: | Related Tickets:
--------------------------------------+------------------------------------
Changes (by rwbarton):
* owner: => rwbarton
* priority: low => normal
* version: 6.4.1 => 7.8.1
* component: libraries/base => libraries (other)
Comment:
This bug still exists. With a little more care you can read and write
arbitrary memory.
{{{
import Data.Array.MArray
import Data.Array.IO
import Data.Word
main = do
m <- newArray_ (0,2^62-1) :: IO (IOUArray Int Word32) -- allocates 0
bytes
writeArray m 17 12345 -- write wherever you like
}}}
The `unsafeNewArray_` definitions in `Data.Array.Base` need to check for
integer overflow when computing the size in bytes to be allocated.
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/229#comment:15>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list