Hello CHICKEN users, Recently, we fixed a problem related to the use of POSIX select(), which was assigned CVE-2012-6122. See http://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html for more details on the original bug.
We fixed the scheduler, but there remained other places in CHICKEN where select() was still in use: - The R5RS char-ready? procedure when invoked on stream ports or custom input ports created by the process procedure from unit posix (in *NIX) - The tcp-accept-ready? procedure from unit tcp - The file-select procedure from unit posix These have now also been rewritten in terms of POSIX poll(), where available. This is on all supported platforms except Windows. As before, there is no danger of buffer overrun on Windows, but there is a situation where threads may never wake up. There is no known workaround. A solution may be provided soon. Currently all released versions of CHICKEN have this bug. It has been fixed in git master, commit 556108092774086b6c86c2e27daf3f740ffec091. CHICKEN 4.9.0 will also include the bugfix. The known workaround is still to limit the maximum number of open descriptors using the Unix "ulimit -n" command, so that it matches the value of FD_SETSIZE. This value can be checked by compiling the following one-line program with csc and running the resulting binary: (print (foreign-value "FD_SETSIZE" int)) Kind regards, The CHICKEN Team _______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
