news@prles2.prl.philips.nl (news) (09/27/90)
Last week we finally received the Apollo version of Objective-C 4.0.
A bug in the expand method of the Set class is still not solved, despite
several bug reports since August 1988 ( Objective-C version 3.3 ).
I know that the expand method is private but this method is used
by the add: and find: methods, which are public and frequently used.
In method expand the variable 'limit' is set to a value that is 1 to
high, This can cause writing above the array bound of the contents.
An example is:
=========================================================================
#import "String.h"
#import "Set.h"
main()
{
id aString, seq;
id x = [String str:"1"];
id y = [String str:"1"];
id s = [Set new:2]; // capacity of set is 4
[x charAt:0 put:'G']; // hash number 71, 71 % 8 == 7
[y charAt:0 put:'O']; // hash number 79, 79 % 8 == 7
[s add:x]; // s has at slot 0: y
[s add:y]; // and at slot 3: x
printf( "contents of s before expansion:\n" );
seq = [s eachElement];
while ( aString = [seq next] ) {
printf( "%s\n", [aString str] );
}
[seq free];
[s expand];
// during expansion first y will be placed at slot 7, because the
// capacity of s is now 7; then x will be hashed to slot 7 also, but
// will be positioned to slot number 8 (Which does not exist), if
// this 'slot' contains a zero.
printf( "\ncontents of s after expansion:\n" );
seq = [s eachElement];
while ( aString = [seq next] ) {
printf( "%s\n", [aString str] );
}
[seq free];
}
=========================================================================
The result:
=========================================================================
contents of s before expansion:
O
G
contents of s after expansion:
O
+++++++++++++++++++++++++++++++++++++++
Rinie van Haperen
Philips Research Laboratories Eindhoven