[fpc-pascal] Bugs in StrToHostAddr6 in sockets unit

Michael Van Canneyt michael at freepascal.org
Sun May 3 09:57:46 CEST 2020 


On Sun, 3 May 2020, Noel Duffy via fpc-pascal wrote:

> Using fpc 3.0.4 on Fedora 30.
>
> I've just started using the StrToHostAddr6 function in the sockets unit 
> to parse IPv6 addresses. I've found a couple of issues with it.
>
> 1. Even if address parsing fails, StrToHostAddr6 doesn't return an 
> all-zero result in the in6_addr return value. The documentation states 
> that it does, but my tests show it doesn't.

I fixed that.

>
> The problem is that the StrToHostAddr6 function doesn't set its return 
> value until the end of the function. If a parse error occurs 
> mid-function, it zeroes the record in which it's writing the result but 
> exits without setting the function return value. What gets returned 
> depends on what's on the stack.
>
> I could have sworn that fpc would detect a function exiting without 
> setting a return value, but clearly 3.0.4 doesn't.

It checks if the result is assigned. This is done;
But it does not check this for every exit, as far as I know it never has.

>
> 2. The second problem is that a colon-separated string containing 
> hexadecimal values of any length will be parsed and treated as valid by 
> StrToHostAddr6. E.g, it will parse a string like 
> "fe80ca2f1::906e:9d2f:a520:4172". The sample program produces this 
> output for this string:
>
> "fe80ca2f1::906e:9d2f:a520:4172" -> 
> A2-F1-00-00-00-00-00-00-90-6E-9D-2F-A5-20-41-72-
>
> For the part before the first colon, it has discarded all but the last 
> two bytes, A2 and F1. But it should not have accepted this string at 
> all. There can be only four characters between the colons.

If you send a patch for this, I'll apply it.

>
> Neither of these are difficult to fix. But I am curious to know why the 
> compiler lets a function return without setting a return value and 
> doesn't at least issue a warning. I know it does in some cases, because 
> I've often seen the message "Function result doesn't appear to be set". 
> But maybe that's only if you never set the result, as opposed to setting 
> it only for some paths through the code.

Exactly.

Michael.

More information about the fpc-pascal mailing list