From 7e381828f1628d67ada5bc71e2c0df34393b09ce Mon Sep 17 00:00:00 2001 From: Marius Gerbershagen Date: Sat, 21 Dec 2019 23:03:07 +0100 Subject: [PATCH] cmp: fix segmentation faults from coerce compiler macro si::coerce-to-vector assumed that the to be coerced object had the same length as that specified by the type. This lead to segmentation faults even in safe code, for example in (coerce '(a b c) '(vector * 4)) (coerce.error.3 test in ansi-tests) Actually, si::coerce-to-vector had some checks for a correct length previously, but they did not work correctly and were removed in commit baaab018410a6fd31f77840816e32905c62ec413. --- src/cmp/cmpopt.lsp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/cmp/cmpopt.lsp b/src/cmp/cmpopt.lsp index 6d1954aaf..e4de366fe 100644 --- a/src/cmp/cmpopt.lsp +++ b/src/cmp/cmpopt.lsp @@ -288,10 +288,12 @@ ((subtypep type 'sequence) (multiple-value-bind (elt-type length) (si::closest-sequence-type type) - (if (eq elt-type 'list) - `(si::coerce-to-list ,value) - `(si::coerce-to-vector ,value ',elt-type ',length - ,(and (subtypep type 'simple-array) t))))) + (if (or (eq length '*) (policy-assume-right-type)) + (if (eq elt-type 'list) + `(si::coerce-to-list ,value) + `(si::coerce-to-vector ,value ',elt-type ',length + ,(and (subtypep type 'simple-array) t))) + form))) ;; ;; There are no other atomic types to optimize ((atom type)