From 0cd50a578156c11f15ecc9fc4b6909c835113694 Mon Sep 17 00:00:00 2001 From: anth64 Date: Sun, 8 Mar 2026 10:12:51 +0100 Subject: [PATCH] fix: stale slot indices, cascade OOB, pending over-alloc, collect_dependents bounds, size_t format on Windows - stk_poll: unify load loops to always append on compacted array, removing stale pre-compaction slot indices - stk_poll: heap-allocate cascade_indices per iteration, removing fixed 256-slot stack bound - stk_pending_retry: shrink module array to actual count after retry loop completes - stk_collect_dependents: add capacity parameter and bounds guard before index write - stk_log_modules: cast module_count to unsigned long for C89 portable %lu on Windows --- CHANGELOG.md | 12 ++++++++- README.md | 4 +-- src/module.c | 7 ++++- src/stk.c | 74 ++++++++++++++++++---------------------------------- 4 files changed, 45 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 035c309..5c5acfb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.0.0-pre.8] - 2026-03-08 + +### Fixed +- `stk_poll()`: stale index corruption when simultaneous load and unload events occurred in the same poll cycle. New modules were previously loaded into pre-compaction slot indices; they now always append to the compacted array via `module_count + successful_appends`, matching the `append_modules` path. The two load loops have been unified into one. +- `stk_poll()`: `cascade_indices` was a fixed-size stack array of `STK_PATH_MAX` (256) elements with no bounds check. It is now heap-allocated to `module_count` entries per iteration, eliminating the silent overflow risk. +- `stk_pending_retry()`: module array was pre-allocated to `module_count + stk_pending_count` but never shrunk when fewer entries loaded than were pending. Now calls `stk_module_realloc_memory(module_count)` after the retry loop completes. +- `stk_collect_dependents()`: missing bounds guard on the `indices` write: `(*count)++` had no check against the buffer capacity before writing. Added `capacity` parameter (passed as `module_count` from the call site) and a guard that skips the write if the capacity is reached, preventing a silent overflow. +- `stk_log_modules()`: `%lu` format specifier used with `size_t` is undefined behaviour on platforms where `unsigned long` is narrower than `size_t` (e.g. MSVC 64-bit). Fixed with an explicit `(unsigned long)` cast, preserving C89 compatibility. + ## [1.0.0-pre.7] - 2026-03-07 ### Fixed @@ -183,7 +192,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Dependency management and versioning not yet implemented - API is unstable and subject to change in future releases -[Unreleased]: https://github.com/anth64/stk/compare/v1.0.0-pre.7...HEAD +[Unreleased]: https://github.com/anth64/stk/compare/v1.0.0-pre.8...HEAD +[1.0.0-pre.8]: https://github.com/anth64/stk/compare/v1.0.0-pre.7...v1.0.0-pre.8 [1.0.0-pre.7]: https://github.com/anth64/stk/compare/v1.0.0-pre.6...v1.0.0-pre.7 [1.0.0-pre.6]: https://github.com/anth64/stk/compare/v1.0.0-pre.5...v1.0.0-pre.6 [1.0.0-pre.5]: https://github.com/anth64/stk/compare/v1.0.0-pre.4...v1.0.0-pre.5 diff --git a/README.md b/README.md index db834aa..2c7a573 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ It is designed to run on modern systems running POSIX and Windows using C89. - **Hot-swapping** of modules at runtime - **Cross-platform** (Linux, BSD, Windows, macOS) - **Optional WASM support** for multi-language modules (planned) -- **Developer tools**: lightweight metadata, logging/tracing, and dependency management (in progress) +- **Developer tools**: lightweight metadata, logging/tracing, and dependency management - **Minimal, portable API** --- @@ -234,7 +234,7 @@ stk_init(); ## Project Status -**Current Version:** 1.0.0-pre.7 +**Current Version:** 1.0.0-pre.8 ### What Works - Cross-platform module loading and hot-reloading diff --git a/src/module.c b/src/module.c index 2cba0cb..6166535 100644 --- a/src/module.c +++ b/src/module.c @@ -747,7 +747,7 @@ cleanup: free(result); } -void stk_collect_dependents(size_t *indices, size_t *count) +void stk_collect_dependents(size_t *indices, size_t *count, size_t capacity) { size_t i, d; int in_set, changed; @@ -778,6 +778,8 @@ void stk_collect_dependents(size_t *indices, size_t *count) for (k = 0; k < *count; k++) { if (indices[k] == (size_t)dep_index) { + if (*count >= capacity) + goto next_module; indices[(*count)++] = i; changed = 1; goto next_module; @@ -1093,6 +1095,9 @@ size_t stk_pending_retry(void) if (stk_pending_count == 0) stk_pending_free(); + if (loaded > 0) + stk_module_realloc_memory(module_count); + return loaded; } diff --git a/src/stk.c b/src/stk.c index 4c34a15..784b834 100644 --- a/src/stk.c +++ b/src/stk.c @@ -63,7 +63,7 @@ void stk_pending_add_batch(const char (*paths)[STK_PATH_MAX_OS], size_t count); void stk_pending_remove(const char *id); size_t stk_pending_retry(void); void stk_sort_unload_order(size_t *indices, size_t n); -void stk_collect_dependents(size_t *indices, size_t *count); +void stk_collect_dependents(size_t *indices, size_t *count, size_t capacity); void stk_sort_load_order(int *file_indices, size_t n, char (*file_names)[STK_PATH_MAX], const char *tmp_dir); @@ -123,7 +123,8 @@ static void stk_log_module(size_t index) static void stk_log_modules(void) { size_t i; - stk_log(STK_LOG_INFO, "Loaded modules (%lu):", module_count); + stk_log(STK_LOG_INFO, + "Loaded modules (%lu):", (unsigned long)module_count); for (i = 0; i < module_count; i++) stk_log_module(i); } @@ -308,7 +309,7 @@ size_t stk_poll(void) unload_count = 0; int *reloaded_mod_indices = NULL, *reloaded_mod_file_indices = NULL, *unloaded_mod_indices = NULL, *loaded_mod_indices = NULL; - size_t remaining_loads, new_capacity, holes_to_fill; + size_t new_capacity; char full_path[STK_PATH_MAX_OS], tmp_path[STK_PATH_MAX_OS]; char mod_id[STK_MOD_ID_BUFFER]; int load_result; @@ -321,10 +322,8 @@ size_t stk_poll(void) size_t index, oi; int is_orig; size_t write; - size_t li; - int fi; - int file_index, mod_index, target_index; - size_t cascade_indices[STK_PATH_MAX]; + int file_index, mod_index; + size_t *cascade_indices = NULL; size_t cascade_count; size_t j, k, cascade_write; char (*dep_batch)[STK_PATH_MAX_OS] = NULL; @@ -408,8 +407,7 @@ size_t stk_poll(void) goto begin_operations; handle_grow: - remaining_loads = load_count - unload_count; - new_capacity = module_count + remaining_loads; + new_capacity = module_count + load_count; if (stk_module_realloc_memory(new_capacity) != STK_MOD_INIT_SUCCESS) goto free_poll; @@ -421,7 +419,8 @@ begin_operations: for (i = 0; i < unload_count; i++) unload_order[i] = (size_t)unloaded_mod_indices[i]; - stk_collect_dependents(unload_order, &expanded_count); + stk_collect_dependents(unload_order, &expanded_count, + module_count); stk_sort_unload_order(unload_order, expanded_count); dep_batch = malloc(expanded_count * sizeof(*dep_batch)); @@ -513,14 +512,12 @@ begin_operations: stk_error_string(load_result)); } - holes_to_fill = (load_count < unload_count) ? load_count : unload_count; - - for (li = 0; li < load_count; li++) { - fi = loaded_mod_indices[li]; + for (i = 0; i < load_count; i++) { + file_index = loaded_mod_indices[i]; build_path(full_path, sizeof(full_path), stk_mod_dir, - file_list[fi]); + file_list[file_index]); build_path(tmp_path, sizeof(tmp_path), stk_tmp_dir, - file_list[fi]); + file_list[file_index]); platform_copy_file(full_path, tmp_path); } @@ -531,35 +528,7 @@ begin_operations: load_batch = malloc(load_count * sizeof(*load_batch)); load_batch_count = 0; - for (i = 0; i < holes_to_fill; ++i) { - target_index = unloaded_mod_indices[i]; - file_index = loaded_mod_indices[i]; - - build_path(tmp_path, sizeof(tmp_path), stk_tmp_dir, - file_list[file_index]); - - load_result = stk_module_load(tmp_path, target_index); - if (load_result == STK_MOD_DEP_NOT_FOUND_ERROR || - load_result == STK_MOD_DEP_VERSION_MISMATCH_ERROR) { - if (load_batch) - memcpy(load_batch[load_batch_count++], tmp_path, - STK_PATH_MAX_OS); - } else if (load_result != STK_MOD_INIT_SUCCESS) { - stk_log(STK_LOG_ERROR, "Failed to load module %s: %s", - file_list[file_index], - stk_error_string(load_result)); - } else { - module_count++; - } - } - - if (load_count > unload_count) - goto append_modules; - - goto finish_loads; - -append_modules: - for (; i < load_count; ++i) { + for (i = 0; i < load_count; ++i) { file_index = loaded_mod_indices[i]; build_path(tmp_path, sizeof(tmp_path), stk_tmp_dir, @@ -583,10 +552,9 @@ append_modules: module_count += successful_appends; - if (successful_appends < (load_count - holes_to_fill)) + if (successful_appends < load_count) stk_module_realloc_memory(module_count); -finish_loads: if (load_batch_count > 0) stk_pending_add_batch( (const char (*)[STK_PATH_MAX_OS])load_batch, @@ -604,6 +572,10 @@ validate_deps: do { cascade_count = 0; + cascade_indices = malloc(module_count * sizeof(size_t)); + if (!cascade_indices) + break; + for (j = 0; j < module_count; j++) { if (stk_modules[j].dep_count == 0) continue; @@ -616,8 +588,11 @@ validate_deps: } } - if (cascade_count == 0) + if (cascade_count == 0) { + free(cascade_indices); + cascade_indices = NULL; break; + } cascade_batch = malloc(cascade_count * sizeof(*cascade_batch)); cascade_batch_count = 0; @@ -661,6 +636,9 @@ validate_deps: } module_count = cascade_write; + free(cascade_indices); + cascade_indices = NULL; + } while (cascade_count > 0); if (module_count > 0)