Greetings,

Yes, I keep spamming this trying to find an appropriate mailing list. I don't remember how or why I initially stumbled across this bug report (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that
I have some familiarity with GNU bc, I decided to fix some of the issues.
Turns out, this also seems to fix the crashes reported here (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would
be a lot more useful to share this, as there isn't a lot to review. There are three bug fixes and some self-defensive checks in the runtime for malformed bytecode. Address Sanitizer tells me that these previously invalid memory references now just leak memory. I don't appear to have broken anything in the process, either. I'm not a member of any Debian mailing list, but I will try
to watch for responses.

Just trying to be somewhat helpful,
Thomas DiModica

RnJvbSAzZWNmZTIxYzk2NTk1NmYzOTEzZTliYzM0MGRmNzI5MjM0ZTQ0NTNiIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBUaG9tYXMgRGlNb2RpY2EgPHJpY2lud2ljaEB5YWhvby5jb20+ CkRhdGU6IFR1ZSwgMTkgSnVsIDIwMjIgMTk6Mjg6MTIgLTA2MDAKU3ViamVjdDogW1BBVENIXSBS ZXNvbHZpbmcgdGhlIGNyYXNoZXMgZm91bmQgdGhyb3VnaCBmdXp6IHRlc3RpbmcgYnkKIEhvbmd4 dUNoZW4uCgotLS0KIGJjL2V4ZWN1dGUuYyB8IDU0ICsrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0KIGJjL3N0b3JhZ2UuYyB8IDM4ICsrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKystLQogYmMvdXRpbC5jICAgIHwgIDIgKy0KIDMgZmlsZXMg Y2hhbmdlZCwgNzEgaW5zZXJ0aW9ucygrKSwgMjMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEv YmMvZXhlY3V0ZS5jIGIvYmMvZXhlY3V0ZS5jCmluZGV4IDI1NmU0YjcuLmQzMGM2ZjUgMTAwNjQ0 Ci0tLSBhL2JjL2V4ZWN1dGUuYworKysgYi9iYy9leGVjdXRlLmMKQEAgLTEzMCw3ICsxMzAsNyBA QCBleGVjdXRlICh2b2lkKQogCSAgZ3AgPSBmdW5jdGlvbnNbcGMucGNfZnVuY10uZl9sYWJlbDsK IAkgIGxfZ3AgID0gbGFiZWxfbnVtID4+IEJDX0xBQkVMX0xPRzsKIAkgIGxfb2ZmID0gbGFiZWxf bnVtICUgQkNfTEFCRUxfR1JPVVA7Ci0JICB3aGlsZSAobF9ncC0tID4gMCkgZ3AgPSBncC0+bF9u ZXh0OworCSAgd2hpbGUgKChsX2dwLS0gPiAwKSAmJiAoZ3AgIT0gTlVMTCkpIGdwID0gZ3AtPmxf bmV4dDsKICAgICAgICAgICBpZiAoZ3ApCiAgICAgICAgICAgICBwYy5wY19hZGRyID0gZ3AtPmxf YWRyc1tsX29mZl07CiAgICAgICAgICAgZWxzZSB7CkBAIC0xNDYsNiArMTQ2LDEzIEBAIGV4ZWN1 dGUgKHZvaWQpCiAJaWYgKChuZXdfZnVuYyAmIDB4ODApICE9IDApIAogCSAgbmV3X2Z1bmMgPSAo KG5ld19mdW5jICYgMHg3ZikgPDwgOCkgKyBieXRlKCZwYyk7CiAKKwkvKiBDaGVjayB0byBtYWtl IHN1cmUgaXQgaXMgdmFsaWQuICovCisJaWYgKG5ld19mdW5jID49IGZfY291bnQpCisJICB7CisJ ICAgIHJ0X2Vycm9yICgiSW50ZXJuYWwgZXJyb3IuIik7CisJICAgIGJyZWFrOworCSAgfQorCiAJ LyogQ2hlY2sgdG8gbWFrZSBzdXJlIGl0IGlzIGRlZmluZWQuICovCiAJaWYgKCFmdW5jdGlvbnNb bmV3X2Z1bmNdLmZfZGVmaW5lZCkKIAkgIHsKQEAgLTIwNCwyNSArMjExLDMyIEBAIGV4ZWN1dGUg KHZvaWQpCiAKICAgICAgIGNhc2UgJ08nIDogLyogV3JpdGUgYSBzdHJpbmcgdG8gdGhlIG91dHB1 dCB3aXRoIHByb2Nlc3NpbmcuICovCiAJd2hpbGUgKChjaCA9IGJ5dGUoJnBjKSkgIT0gJyInKQot CSAgaWYgKGNoICE9ICdcXCcpCi0JICAgIG91dF9zY2hhciAoY2gpOwotCSAgZWxzZQotCSAgICB7 Ci0JICAgICAgY2ggPSBieXRlKCZwYyk7Ci0JICAgICAgaWYgKGNoID09ICciJykgYnJlYWs7Ci0J ICAgICAgc3dpdGNoIChjaCkKLQkJewotCQljYXNlICdhJzogIG91dF9zY2hhciAoMDA3KTsgYnJl YWs7Ci0JCWNhc2UgJ2InOiAgb3V0X3NjaGFyICgnXGInKTsgYnJlYWs7Ci0JCWNhc2UgJ2YnOiAg b3V0X3NjaGFyICgnXGYnKTsgYnJlYWs7Ci0JCWNhc2UgJ24nOiAgb3V0X3NjaGFyICgnXG4nKTsg YnJlYWs7Ci0JCWNhc2UgJ3EnOiAgb3V0X3NjaGFyICgnIicpOyBicmVhazsKLQkJY2FzZSAncic6 ICBvdXRfc2NoYXIgKCdccicpOyBicmVhazsKLQkJY2FzZSAndCc6ICBvdXRfc2NoYXIgKCdcdCcp OyBicmVhazsKLQkJY2FzZSAnXFwnOiBvdXRfc2NoYXIgKCdcXCcpOyBicmVhazsKLQkJZGVmYXVs dDogIGJyZWFrOwotCQl9Ci0JICAgIH0KKwkgIHsKKwkgICAgaWYgKHBjLnBjX2FkZHIgPT0gZnVu Y3Rpb25zW3BjLnBjX2Z1bmNdLmZfY29kZV9zaXplKQorCSAgICAgIHsKKwkJcnRfZXJyb3IgKCJC cm9rZW4gU3RyaW5nLiIpOworCQlicmVhazsKKwkgICAgICB9CisJICAgIGlmIChjaCAhPSAnXFwn KQorCSAgICAgIG91dF9zY2hhciAoY2gpOworCSAgICBlbHNlCisJICAgICAgeworCQljaCA9IGJ5 dGUoJnBjKTsKKwkJaWYgKGNoID09ICciJykgYnJlYWs7CisJCXN3aXRjaCAoY2gpCisJCSAgewor CQkgIGNhc2UgJ2EnOiAgb3V0X3NjaGFyICgwMDcpOyBicmVhazsKKwkJICBjYXNlICdiJzogIG91 dF9zY2hhciAoJ1xiJyk7IGJyZWFrOworCQkgIGNhc2UgJ2YnOiAgb3V0X3NjaGFyICgnXGYnKTsg YnJlYWs7CisJCSAgY2FzZSAnbic6ICBvdXRfc2NoYXIgKCdcbicpOyBicmVhazsKKwkJICBjYXNl ICdxJzogIG91dF9zY2hhciAoJyInKTsgYnJlYWs7CisJCSAgY2FzZSAncic6ICBvdXRfc2NoYXIg KCdccicpOyBicmVhazsKKwkJICBjYXNlICd0JzogIG91dF9zY2hhciAoJ1x0Jyk7IGJyZWFrOwor CQkgIGNhc2UgJ1xcJzogb3V0X3NjaGFyICgnXFwnKTsgYnJlYWs7CisJCSAgZGVmYXVsdDogIGJy ZWFrOworCQkgIH0KKwkgICAgICB9CisJICB9CiAJZmZsdXNoIChzdGRvdXQpOwogCWJyZWFrOwog CmRpZmYgLS1naXQgYS9iYy9zdG9yYWdlLmMgYi9iYy9zdG9yYWdlLmMKaW5kZXggYzc5ZGI4Mi4u MjhlOTMzYiAxMDA2NDQKLS0tIGEvYmMvc3RvcmFnZS5jCisrKyBiL2JjL3N0b3JhZ2UuYwpAQCAt MzQ5LDYgKzM0OSw3IEBAIGdldF92YXIgKGludCB2YXJfbmFtZSkKICAgICB7CiAgICAgICB2YXJf cHRyID0gdmFyaWFibGVzW3Zhcl9uYW1lXSA9IGJjX21hbGxvYyAoc2l6ZW9mIChiY192YXIpKTsK ICAgICAgIGJjX2luaXRfbnVtICgmdmFyX3B0ci0+dl92YWx1ZSk7CisgICAgICB2YXJfcHRyLT52 X25leHQgPSBOVUxMOwogICAgIH0KICAgcmV0dXJuIHZhcl9wdHI7CiB9CkBAIC0zNzAsNiArMzcx LDEyIEBAIGdldF9hcnJheV9udW0gKGludCB2YXJfaW5kZXgsIHVuc2lnbmVkIGxvbmcgaWR4KQog ICB1bnNpZ25lZCBpbnQgaXgsIGl4MTsKICAgaW50IHN1YiBbTk9ERV9ERVBUSF07CiAKKyAgaWYg KHZhcl9pbmRleCA+PSBhX2NvdW50KQorICAgIHsKKyAgICAgIHJ0X2Vycm9yICgiSW50ZXJuYWwg RXJyb3IuIik7CisgICAgICByZXR1cm4gTlVMTDsKKyAgICB9CisKICAgLyogR2V0IHRoZSBhcnJh eSBlbnRyeS4gKi8KICAgYXJ5X3B0ciA9IGFycmF5c1t2YXJfaW5kZXhdOwogICBpZiAoYXJ5X3B0 ciA9PSBOVUxMKQpAQCAtNTg4LDYgKzU5NSwxMiBAQCBzdG9yZV9hcnJheSAoaW50IHZhcl9uYW1l KQogICBiY19udW0gKm51bV9wdHI7CiAgIGxvbmcgaWR4OwogCisgIGlmICh2YXJfbmFtZSA+PSBh X2NvdW50KQorICAgIHsKKyAgICAgIHJ0X2Vycm9yICgiSW50ZXJuYWwgRXJyb3IuIik7CisgICAg ICByZXR1cm47CisgICAgfQorCiAgIGlmICghY2hlY2tfc3RhY2soMikpIHJldHVybjsKICAgaWR4 ID0gYmNfbnVtMmxvbmcgKGV4X3N0YWNrLT5zX25leHQtPnNfbnVtKTsKICAgaWYgKGlkeCA8IDAg fHwgaWR4ID4gQkNfRElNX01BWCB8fApAQCAtNjY2LDYgKzY3OSwxMiBAQCBsb2FkX2FycmF5IChp bnQgdmFyX25hbWUpCiAgIGJjX251bSAqbnVtX3B0cjsKICAgbG9uZyAgIGlkeDsKIAorICBpZiAo dmFyX25hbWUgPj0gYV9jb3VudCkKKyAgICB7CisgICAgICBydF9lcnJvciAoIkludGVybmFsIEVy cm9yLiIpOworICAgICAgcmV0dXJuOworICAgIH0KKwogICBpZiAoIWNoZWNrX3N0YWNrKDEpKSBy ZXR1cm47CiAgIGlkeCA9IGJjX251bTJsb25nIChleF9zdGFjay0+c19udW0pOwogICBpZiAoaWR4 IDwgMCB8fCBpZHggPiBCQ19ESU1fTUFYIHx8CkBAIC03NDYsNiArNzY1LDEyIEBAIGRlY3JfYXJy YXkgKGludCB2YXJfbmFtZSkKICAgYmNfbnVtICpudW1fcHRyOwogICBsb25nICAgaWR4OwogCisg IGlmICh2YXJfbmFtZSA+PSBhX2NvdW50KQorICAgIHsKKyAgICAgIHJ0X2Vycm9yICgiSW50ZXJu YWwgRXJyb3IuIik7CisgICAgICByZXR1cm47CisgICAgfQorCiAgIC8qIEl0IGlzIGFuIGFycmF5 IHZhcmlhYmxlLiAqLwogICBpZiAoIWNoZWNrX3N0YWNrICgxKSkgcmV0dXJuOwogICBpZHggPSBi Y19udW0ybG9uZyAoZXhfc3RhY2stPnNfbnVtKTsKQEAgLTgyOCw2ICs4NTMsMTIgQEAgaW5jcl9h cnJheSAoaW50IHZhcl9uYW1lKQogICBiY19udW0gKm51bV9wdHI7CiAgIGxvbmcgICBpZHg7CiAK KyAgaWYgKHZhcl9uYW1lID49IGFfY291bnQpCisgICAgeworICAgICAgcnRfZXJyb3IgKCJJbnRl cm5hbCBFcnJvci4iKTsKKyAgICAgIHJldHVybjsKKyAgICB9CisKICAgaWYgKCFjaGVja19zdGFj ayAoMSkpIHJldHVybjsKICAgaWR4ID0gYmNfbnVtMmxvbmcgKGV4X3N0YWNrLT5zX251bSk7CiAg IGlmIChpZHggPCAwIHx8IGlkeCA+IEJDX0RJTV9NQVggfHwKQEAgLTEwMTgsNyArMTA0OSwxMSBA QCBwcm9jZXNzX3BhcmFtcyAocHJvZ3JhbV9jb3VudGVyICpwcm9nY3RyLCBpbnQgZnVuYykKIAkK IAkJLyogQ29tcHV0ZSBzb3VyY2UgaW5kZXggYW5kIG1ha2Ugc3VyZSBzb21lIHN0cnVjdHVyZSBl eGlzdHMuICovCiAJCWl4ID0gKGludCkgYmNfbnVtMmxvbmcgKGV4X3N0YWNrLT5zX251bSk7Ci0J CSh2b2lkKSBnZXRfYXJyYXlfbnVtIChpeCwgMCk7ICAgIAorCQlpZiAoZ2V0X2FycmF5X251bSAo aXgsIDApID09IE5VTEwpCisJCSAgeworCQkgICAgcnRfZXJyb3IgKCJJbnRlcm5hbCBFcnJvci4i KTsKKwkJICAgIHJldHVybjsKKwkJICB9CiAJCiAJCS8qIFB1c2ggYSBuZXcgYXJyYXkgYW5kIENv bXB1dGUgRGVzdGluYXRpb24gaW5kZXggKi8KIAkJYXV0b192YXIgKHBhcmFtcy0+YXZfbmFtZSk7 ICAKQEAgLTEwNDksNyArMTA4NCw2IEBAIHByb2Nlc3NfcGFyYW1zIChwcm9ncmFtX2NvdW50ZXIg KnByb2djdHIsIGludCBmdW5jKQogCQllbHNlCiAJCSAgcnRfZXJyb3IgKCJQYXJhbWV0ZXIgdHlw ZSBtaXNtYXRjaCwgcGFyYW1ldGVyICVzLiIsCiAJCQkgICAgdl9uYW1lc1twYXJhbXMtPmF2X25h bWVdKTsKLQkJcGFyYW1zKys7CiAJICAgICAgfQogCSAgcG9wICgpOwogCX0KZGlmZiAtLWdpdCBh L2JjL3V0aWwuYyBiL2JjL3V0aWwuYwppbmRleCA4ZWJhMDkzLi41ZmY5M2UwIDEwMDY0NAotLS0g YS9iYy91dGlsLmMKKysrIGIvYmMvdXRpbC5jCkBAIC02MTAsNyArNjEwLDcgQEAgbG9va3VwIChj aGFyICpuYW1lLCBpbnQgIG5hbWVraW5kKQogCXsKIAkgIGlmIChpZC0+dl9uYW1lID49IHZfY291 bnQpCiAJICAgIG1vcmVfdmFyaWFibGVzICgpOwotICAgICAgICAgIHZfbmFtZXNbaWQtPnZfbmFt ZSAtIDFdID0gbmFtZTsKKyAgICAgICAgICB2X25hbWVzW2lkLT52X25hbWVdID0gbmFtZTsKIAkg IHJldHVybiAoaWQtPnZfbmFtZSk7CiAJfQogICAgICAgeXllcnJvciAoIlRvbyBtYW55IHZhcmlh YmxlcyIpOwotLSAKMi4zNS4xLndpbmRvd3MuMgoK

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Aug 06, 2022 at 05:12:13AM +0000, Thomas DiModica wrote:

Yes, I keep spamming this trying to find an appropriate mailing list. I don't remember how or why I initially stumbled across this bug report (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that I have some familiarity with GNU bc, I decided to fix some of the issues. Turns out, this also seems to fix the crashes reported here (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would be a lot more useful to share this, as there isn't a lot to review. There are three bug fixes and some self-defensive checks in the runtime for malformed bytecode. Address Sanitizer tells me that these previously invalid memory references now just leak memory. I don't appear to have broken anything in the
process, either. I'm not a member of any Debian mailing list, but I will try to watch for responses.

Please send such patches upstream.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmLuGXAtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh GV0P/ihP4fD7g0WiATVQJX+7yU4f/eJYOb2CDpnhKMgXPvUpkYKe1TXF7M/P9qaf 9QYUIVpKrseJjiS5D+Um+g1fysNc9KxVWpCyeC678CjwuosGbulPIsD8xWVTdBMy x3RN44yUYaLJTShdhn/d+I0lhbZWtlbdCi1yqH8h6nvO7eu7jTq3vTnFpax2da6e w7cwEuuHRIsqPuHbHQcrwkysqKF7jBObChGdhh6Vs6tEQk42+w9JjQa4ImqTdnHK 1p4nmNwbN3iEsno2hLBNabzI8SkM3YRUS7r8VAgG01alVNSG858GvqxykpFmpvvC d1WsSm77aK8/uDE6vx7aFrlr1djF+MwHY260qtURavVSUxswf2B2UUCSsd7QI/LE z2CMnMZsWs0vZBbfo2Y9GS8jZG8+jmkDqim9qL1t73n4pBRN5B02YUbxRTYvmbVg WSgOG5PwoNj6zOL3IXNlK1HdnBf0uwArium8HEllWZe0LqDFXRKZkaoNbK74UIjV wk1yPenqR1Jt+dqZV0hvuX7p16hRUfy8bOHkPNhD9zl+yDXURsfym5Jrop6SxtLA CAB1S01D/IcKZavIu1eLR+8iCKM/P/l6YwW0ix0SrgFeMznJ12UbJAQ1Y3l2xz/k lh7VUNEpzFs12JJq4P1e9IA84+K4sSMVrEg+boUlNs9Qxka4
=zStx
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Thomas,

Thomas DiModica <ricinwich@yahoo.com> writes:

Greetings,

Yes, I keep spamming this trying to find an appropriate mailing list. I don't remember how or why I initially stumbled across this bug report (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that I have some familiarity with GNU bc, I decided to fix some of the issues. Turns out, this also seems to fix the crashes reported here (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would be a lot more useful to share this, as there isn't a lot to review. There are three bug fixes and some self-defensive checks in the runtime for malformed bytecode. Address Sanitizer tells me that these previously invalid memory references now just leak memory. I don't appear to have broken anything in the
process, either. I'm not a member of any Debian mailing list, but I will try to watch for responses.

Just trying to be somewhat helpful,

I took your patch, and created a merge request on our gitlab instance:

https://salsa.debian.org/debian/bc/-/merge_requests/4

The patch has been slightly modified, to make it cleanly apply -- perhaps
you'd be kind enough to check that I've not broken anything:

https://salsa.debian.org/philh/bc/-/blob/ricinwich/debian/patches/09_crash-fixes.diff

I note that bc doesn't see much activity, so I've no idea how long it
might be before this makes its way into a release of the package, but at
least this way it will not simply be forgotten on the mailing-list.

BTW you are welcome to create an account on salsa.debian.org if you wish
to contribute directly there.

Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmLuH4sACgkQ0EujoAEl 1cDzgw/8CzKypmK3ZJWjyGzlgfaTwVKomAANogXn3W1+z1RmWAXi/DYgA6V913a6 uUaazd2WPo6MSh7HwOJ/WJJFZ7Kpf/TSa2q1dSK2jxLrwbb0VkJep5Fj2VyQJlEF Kn4FSYm+on74oypPR8JeecmqnqDvooGWxvVwMRmjpBNuNnYcgi//VntFpSPtyDX2 YoqC1S7AkXa0X/yo616Mp3oA2tyJAJ7Wdzn97SUN7THh7XX0fqHhFhzjpQTHb2Xm J3nLX6kDWu7bHdwarAhsRUfjnL4dbbtLIzoHZAwi2zIRhD4CgYkZTKu39JyaGKj/ VsZd1dhGC4f81IL5q3zHVyUEelTXlyv9BTN8/xQt9R4gW3Qt5jrRv6g/j313XbyJ RC2v2IJwYq05EvLTh3Y/oXsOHDC33HbpLIrLRzL7nhJ7WFIT572rIYLMdXg7c565 BbxybWgSgm+MU2BLtUUPQNazr/ITwYWs5fMuwBPjslUZHrvNzBNjXfBx6aI03/hG INTP1vs0rGNnTRpsmssDv4qZ4MElDu0SGr3C22IIjpuaQ/EyTnppEAxGfobcgb0m 5Y1Ud3+ffGZStpZeDNknEw/247yfgEK6n3lruy7yJP4Kcbv5W8X3uj58inf6t3C2 8YkQ96eY36zE8x5

Philip, thank you,

I'm sorry: I have sent this to upstream, but haven't heard anything from them. At least with a mailing list, I get feedback as to whether or not my mail was eaten by the void of the Internet. Also, if it gets into Debian, then the patches filter through to everything based on Debian.

Philip, your change to the patch looks right. Sorry, I based the patch off upstream. You do say it needs a better description, so I'm going to try to
give you a sense of what's going on.

What I think is happening is that, somewhere in the parser, "that an error occurred" is getting suppressed, and the parser continues to generate bytecode with the previous instruction incomplete, and then it tries to execute that. Sometimes, the bytecode reads an instruction while trying to read a reference. This appears to be most catastrophic in array handling. While what ought to be fixed is the code generation to not generate these erroneous references, it is easier to fix the bytecode interpreter to defend itself from them.

To begin, starting in execute.c: for change one, it has read a label number, but then walks off the list looking for it. In change two, sometimes the function number is invalid. And change three protects from the string not
being terminated. Looking at this again, if I had just added an 'else' to
"if (ch != '\\')" then I could have made a less invasive change. Also: if you want to give any of these error messages better text, or if I've broken the internationalization with them, please change them to suite your preferences. What I gave you is better than the "DANGER, WILL ROBINSON!" that I had before.

In storage.c, initializing 'v_next' is one of the things I consider a bug. Sometimes, it has a "valid" pointer in it. The next six changes are defensive error checks to ensure that the array being requested is plausible. The line "params++;" looks like a hold-over from an earlier version of the code, where the parameters were stored in an array. With the linked-list, the proper way
to advance to the next parameter is "params = params->next;", which always occurs a few lines later.

That leaves util.c. I think they were trying to save memory, at some point. Possibly: variable names are treated differently from array and function
names, and I don't see the reason for that. What happens is that the value
from lookup() is used to initialize av_name in nextarg(). Then, av_name is directly used to index v_names right above that removed "params++;" line. In this retrospective dive through the code, that may be it. The line in
storage.c could be changed, I think, but, in my opinion, it is better to move the code so that it more consistently handles all types. In addition, while
the line "if (id->v_name <= MAX_STORE)" is annoying in that it is different,
it isn't guarding against an invalid access.

Thank you again,
Thomas DiModica

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thomas DiModica <ricinwich@yahoo.com> writes:
...

You do say it needs a better description, so I'm going to try to
give you a sense of what's going on.

I was really saying that whoever feels competent to decide to accept the
Merge Request for the bc package ought to come up with a better
description for why they think the patch should be applied to the Debian package, but I'm sure your description will help too.

Given that the patch references this thread, I'm sure it'll be found
whenever needed.

Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmLuvXIACgkQ0EujoAEl 1cDjRhAAl4bvft7sBp9mjANW4zc/9z2i4qpBo8D302oMNPBjimgaUw/ueeW0OGCv I47FfglNEDo4VF+IcTEy3HDA13IEmq6YM5ygP2cnJZ66DYoi+Ioi5wH4kX8lf6gn jg4SATx2QeRgtMFw/DXySelaeYIgiYwMIMelu8ReQe0rk0y7rLOUfOBCHRfY/i/I Ymqv8+UGXQKgnP25aGNdVfdtiI6vcHNfpHOSS1rzjmT7pT1WN0R+2Lx5ACOu++u/ e/zhNJl+lY0SllGOfZLzNclxfkAMbLHh73RPZCviajgBL7nPtDTmHWMxoYzrg0Nt 6bg15grGfOx6eQM4gNZGPTJXqlk4Xw/9LtIimazoZUC4wWBgmcuNU1JxEeCebDRh n+JULChdKiuJ0O5Pu8NmgSqGui23q53Cv66mV5MKN9pfFOcbGAafZdLWzK7om8MP zrh1M3WBtrfFb+itVKyKyJeptee/YnO52LdMYI6K9p2yIFemb7WRf1hvk8IZUIvg 3Nr4vEIfkwlg53WSTWdp0o7+SNUaQEzA8liUQcDdvnBLOxE+jWpRrDX5BwEhWgHf /p0x6YW/FyN6ILT2g0OOmj/NGybOSQuu5uaBdJIeltj4YhxcKsF2Z0j4OC4K6BWG gBRErUvE42H+a1W

On Saturday, August 6, 2022 at 01:14:05 PM MDT, Philip Hands <phil@hands.com> wrote:

I was really saying that whoever feels competent to decide to accept the Merge Request for the bc package ought to come up with a better
description for why they think the patch should be applied to the Debian package, but I'm sure your description will help too.

I'm sure that it ought to be applied upstream, however, I've had trouble contacting upstream. Maybe this will help with that.

Thanks again,
Thomas DiModica

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks, Thomas, for the patch, and Phil for the merge request. I'll take
a look at them and will try to get them reviewed/applied upstream as
well.

Best wishes,
Ryan

--
|)|/ Ryan Kavanagh | 4E46 9519 ED67 7734 268F
|\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)