Kudos to the maintainers of this port, it's nice to see Q in Fedora. But, AFAICS, the Q version currently included is 7.6, which is almost 1 year old. The latest version, Q 7.8, has many important improvements and bugfixes, so it would be nice if the Fedora package would be upgraded to that. Note: Fedora package mod_q includes the mod_q Apache module, which is built from the same source. This is not included in q-7.8.tar.gz anymore, but now available as a separate tarball mod_q-1.1.tar.gz. All mentioned source packages are available from http://q-lang.sourceforge.net/download.html. Here are the direct download links: http://prdownloads.sourceforge.net/q-lang/q-7.8.tar.gz?download http://prdownloads.sourceforge.net/q-lang/mod_q-1.1.tar.gz?download
I updated to 7.8. For now, I leave out the mod_q package. It think it should go into a separate package. So if someone needs it, he or she must submit it for review. There is a buffer overflow problem when invoking as "q --help". It happens in the sprintf call in line 2238 of q.c. What is the status of 64-bit compatibility. Up to now x86_64 has been excluded, since it failed in the past. The ppc64 build however succeeded. I am not able to test it, though.
Created attachment 236701 [details] The crash dump when invoking with "q --help"
Thanks for the update. About the buffer overflow: I cannot reproduce that here, and the dump doesn't tell me much. Could you please explain the steps needed to reproduce this bug? 64 bit compatibility: That's the next big item on my TODO list. :) I expect to have Q working on 64 bit some time early next year.
When conventionally compiled, the problem does probably not appear. However on Fedora everything is compiled with a series of flags such as FORTIFY which catches such bugs. If you don't use Fedora, you may have to try to compile it yourself. This build.log may help you, it also shows the flags used: http://koji.fedoraproject.org/koji/getfile?taskID=212595&name=build.log So, the ppc64 build is probably incorrect, even it seems build fine?
> This build.log may help you, it also shows the flags used: Thanks for the info, I will try with these flags asap. > So, the ppc64 build is probably incorrect, even it seems build fine? Right. I haven't checked it myself yet, but various users have reported that the interpreter builds fine and runs, but has some problems with symbol table lookup at startup. I suspect some non-portable pointer arithmetic, probably other parts of the system will be affected as well. I will look into this as soon as I have some time.
The opts string is of length 1024 and too small to take the help string, hence the buffer overflow. Better would be to use snprintf instead of sprintf anyway.
Oops, you're right. I enlarged the buffer size in both q.c and qc.y to 4096, to be on the safe side. Thanks for reporting. I'll follow up with some patches against the 7.8 release, so that you can add them to your RPM. Sorry for the hassle.
Created attachment 240611 [details] fix for the reported buffer overflow
Created attachment 240621 [details] bugfix for Q declaration semantics
Created attachment 240631 [details] minor fixes in the documentation
Created attachment 240641 [details] updated ChangeLog
Well, it seems that the documentation patch is in fact already in the q-7.8 tarball available at q-lang.sf.net, so you can skip that. The patch to qctables.c is unrelated to the buffer overflow; it fixes a minor issue of the bytecode compiler with the parsing of some Q declarations.
I just wanted to add that I released Q 7.10 which now includes all the aforementioned bugfixes and some more. See http://sourceforge.net/project/showfiles.php?group_id=96881&package_id=103965&release_id=562359