id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc	lang	patch	platform
1802	PMC Creation Functions Can Cause Segfaults	chromatic		"The exported Parrot_pmc_new(), Parrot_pmc_new_noinit(), Parrot_pmc_new_init(), Parrot_pmc_new_init_int(), Parrot_pmc_new_constant_noinit(), Parrot_pmc_new_constant(), Parrot_pmc_new_constant_init(), and Parrot_pmc_new_constant_init() functions all take an INTVAL base_type parameter.  The functions use this parameter as an index into the given interpreter's vtable array to determine which PMC to create.

These functions perform no appropriate checking to determine if the base_type is positive or within the appropriate range of values for the known vtable types.  Any extension could crash Parrot by passing in an invalid value.

We should consider changing the type of the base_type to UINTVAL, but we should also perform bounds checking against interp->n_vtable_alloced in all of these functions (probably with a static function)."	bug	new	major	2.10	embed/extend	2.8.0	medium		gci				all