bug in a cffi? (crossposting from cffi-devel)

[budden]

Hi!
I know that posting to devel-lists often fails, so I'm crossposting
it here.
It looks like lisp-string-to-foreign might overflow buffer if
offset>0.

(defun lisp-string-to-foreign (string buffer bufsize &key (start 0)
end offset
(encoding *default-foreign-encoding*))
(check-type string string)
(when offset
; here should also be (setq buffer-size (- buffer-size
offset)) ???
(setq buffer (inc-pointer buffer offset)))
(with-checked-simple-vector ((string (coerce string 'babel:unicode-
string))
(start start) (end end))
(declare (type simple-string string))
(let ((mapping (lookup-mapping *foreign-string-mappings*
encoding))
(nul-len (null-terminator-len encoding)))
(assert (plusp bufsize))
(multiple-value-bind (size end)
(funcall (octet-counter mapping) string start end (- bufsize
nul-len))
(funcall (encoder mapping) string start end buffer 0)
(dotimes (i nul-len)
(setf (mem-ref buffer :char (+ size i)) 0))))
buffer))

--
Best regards,
budden mailto:budde...@mail.ru

[Luís Oliveira]

budden <budde...@mail.ru> writes:

> I know that posting to devel-lists often fails, so I'm crossposting
> it here.

You have to subscribe first.

> It looks like lisp-string-to-foreign might overflow buffer if
> offset>0.
>
> (defun lisp-string-to-foreign (string buffer bufsize &key (start 0)
> end offset

While it's probably not very intuitive, it works as advertised:
LISP-STRING-TO-FOREIGN copies at most BUFSIZE-1 bytes into
BUFFER+OFFSET. Feel free to complain about how unintuitive that is, but
please use cffi-devel. :-)

--
Luís Oliveira
http://student.dei.uc.pt/~lmoliv/

[budden]

Ok, thanks.