|
00:04
librasteve_ left
01:05
kjp left
01:23
kjp joined
|
|||
| Geth | MoarVM: MasterDuke17++ created pull request #2004: Check results of explicitly allocating from libc |
02:05 | |
|
04:52
apogee_ntv left
04:53
apogee_ntv joined
05:57
librasteve_ joined
|
|||
| Geth | MoarVM/main: f2e25d78d5 | MasterDuke17++ (committed using GitHub Web editor) | 2 files Check results of explicitly allocating from libc (#2004) Otherwise we could leak and/or dereference NULLs. |
08:19 | |
| MoarVM: orbisai0security++ created pull request #2005: fix: the moarvm debug server accepts connections and... in debugserver.c |
08:56 | ||
|
12:01
disbot2 left
12:02
disbot3 joined
|
|||
| timo | something we could do for access control to the debug server socket is to require a "password" / token to be passed early on in a connection attempt which moar would write to a file umasked 077 in $TEMP so if a different user wants than the process owner wants to connect, they just have to "prove" they can read that file | 12:12 | |
| then a debug client can either try to read the file automatically and just send it, or tell the user where to find the file and ask for the contents to be copy-pasted | |||
| unix domain sockets would be possible, too. there is an equivalent on windows AFAIK but I'm not sure how it works | 12:13 | ||
| how does the java management interface or whatever it's called do it? I seem to recall you can set a host and port, probably also a password, right? potentially also TLS keys and certs and such? | 12:16 | ||
| how well would it work to have an anonymous socket as an FD that you have to pull out of /proc/$PID/fd/N? :D | 12:17 | ||
| [Coke] | seeing some buffer overflows in MoarVM/linenoise. how do we want to deal with those? | 14:05 | |
| timo | we have our own fork of linenoise? | 15:04 | |
| is it the same problem again where we don't have a proper struct definition for the standard library of your platform and that's why we write over our allocation? like we had with termios? i think that was tcgetattr and tcsetattr? | 15:05 | ||
| [Coke] | timo: github.com/MoarVM/linenoise | 16:24 | |
| but also not here: github.com/MoarVM/MoarVM/tree/main/3rdparty | 16:25 | ||
| timo | yeah, i'm not sure what we used that for, all those years ago | ||
| | * 0bff0279b - Remove linenoise/readline (11 years ago) <Rob Hoelz> | |||
| [Coke] | I'll stop scanning that repo, then. | 16:26 | |
| timo | we used to have a MVM_file_readline_interactive_fh | ||
| librasteve_ | rakudoweekly.blog/2026/05/11/2026-...f-failure/ | 18:34 | |
| lizmat | do we have an easy way to see what C gives with sprintf(q/X%3bX/,0) ? | 19:06 | |
| actually: sprintf(q/X%+3bX/,0) | |||
| timo | nativecall into it? :) | 19:31 | |
| lizmat | heh... interesting idea :-) | 19:37 | |
| m: use NativeCall; sub zprintf(str $format, *@a) is native is symbol<sprintf> {*}; say zprintf("%x",42) | 19:41 | ||
| evalable6 | (signal SIGSEGV) | ||
| lizmat | meh... guess varargs are not really supported yet ? patrickb? | ||
| patrickb | m: use NativeCall; sub printf(Str $format, *@a) is native is symbol<printf> {*}; pprintf("%x", 42); | 20:23 | |
| evalable6 | (exit code 1) ===SORRY!=== Error while compilin… | ||
| patrickb, Full output: gist.github.com/b3b1d4a10b677b0d90...c9fd46fc17 | |||
| patrickb | m: use NativeCall; sub pprintf(Str $format, *@a) is native is symbol<printf> {*}; pprintf("%x", 42); | ||
| evalable6 | Saw 1 occurrence of deprecated code. ==========… |
||
| patrickb, Full output: gist.github.com/5221e08e1438150903...22abd497f8 | |||
| patrickb | sprintf takes three args, not two. first is the outstring | 20:24 | |
| Iirc out strings kinda suck. (maybe I misremember) | 20:25 | ||
|
21:18
ShimmerFairy left
21:19
ShimmerFairy joined
|
|||
| lizmat | m: use NativeCall; sub zprintf(str $format, *@a) is native is symbol<printf> {*}; zprintf("%x",42) # whee | 21:29 | |
| evalable6 | Saw 1 occurrence of deprecated code. ==========… |
||
| lizmat, Full output: gist.github.com/1468520784f192ab79...d9c76df532 | |||
|
21:38
vrurg_ left
21:54
vrurg joined
22:02
vrurg_ joined
22:05
vrurg left
|
|||