Fix runtime error inside m3quake QScanner

[VictorMiasnikov]

Fix runtime error inside m3quake QScanner

...

---

*** runtime error:
*** An enumeration or subrange value was out of range.
*** file "../src/QScanner.m3", line 49

---

*** execution of [<function _BuildGlobalFunction at 0x0000000002F2DD68>, <function _ShipFunction at 0x0000000002F2DDD8>] failed ***
...

...
t.buflen := M3File.Read (f, t.buffer^, size); (* VVM: it is line 49 *)
...

[jaykrell]

Are you sure you have everything up to date?
It seems like you are hitting things I already fixed, like the slashes (long ago, not today).
In this case, the problem I hit months ago when first running DJGPP is that stat.size does not account for text conversion (\r\n to \n) and reading does, so the sizes would mismatch. Open should always be binary. I thought I made it so. Maybe I missed some.
I don't think this is the right fix.
The right fix is to always open binary.
I agree it is wonky, the entire text mode feature of stdio.

[VictorMiasnikov]

} I don't think this is the right fix. It do not "bad things". But I am not sure that it ( path)  do "good things" 

…

 19.04.2022, 13:51, "Jay Krell" ***@***.******@***.*** commented on this pull request.In m3-sys/m3quake/src/QScanner.m3:> @@ -46,7 +46,7 @@ PROCEDURE Init (t: T;  f: File.T;  map: Quake.IDMap): T =      DO       size := VAL(stat.size, INTEGER);       t.buffer := NEW (REF ARRAY OF CHAR, MAX (0, size) + 1); -      t.buflen := M3File.Read (f, t.buffer^, size); What is size when this fails? Is it negative? I don't think this is the right fix.

[VictorMiasnikov]

  19.04.2022, 13:49, "Jay Krell" ***@***.***>:  Are you sure you have everything up to date?It seems like you are hitting things I already fixed, like the slashes (long ago, not today).In this case, the problem I hit months ago when first running DJGPP is that stat.size does not account for text conversion (\r\n to \n) and reading does, so the sizes would mismatch. Open should always be binary. I thought I made it so. Maybe I missed some.I don't think this is the right fix.The right fix is to always open binary.I agree it is wonky.

} I don't think this is the right fix. Yes. In best case it is "temporary fix". } fixed, like the slashes (long ago, not today). I remember this fix. ( May be 'this', I am not sure) } DJGPP This patch also for other MinGw targets } text conversion (\r\n to \n) It is news for me. In this case "sizes would mismatch" of course . . .

[jaykrell]

@VictorMiasnikov this can be closed now right?

[VictorMiasnikov]

@VictorMiasnikov this can be closed now right?

This patch ( in any key) is part of:
https://github.com/VictorMiasnikov/cm3/releases/tag/d5.11.9-ZZYYXX-20220208_13-48

Nothing terrible happened with:
AMD64_LINUX
AMD64_MINGW
I386_DJGPP ( DOS)
AMD64_NT
I386_NT

But this patch is not be "a way to real solving of problem" ;-(

[VictorMiasnikov]

It is actual

[jaykrell]

How is the error produced?

[jaykrell]

We need to stop with manual releases at this point, and stick to automation.
There's been too many supply chain attacks in the larger world. Sorry.

[VictorMiasnikov]

How is the error produced?

I don't remember. ( See 2022 year) If need I try reproduce again In any key "my branch" is total good on AMD64_LINUX with GCC backend And 90/100 tests passed in anothers backend

…

 ---------------- Кому: modula3/cm3 ***@***.***); Копия: Mention ***@***.***); Тема: [modula3/cm3] Fix runtime error inside m3quake QScanner (PR #1024); 07.05.2026, 12:45, "Jay Krell" ***@***.***>: jaykrell left a comment (modula3/cm3#1024) How is the error produced?

[VictorMiasnikov]

We need to stop with manual releases at this point, and stick to automation. There's been too many supply chain attacks in the larger world. Sorry.

I don't understand that You want say... ( In any key "my branch" is total good on AMD64_LINUX with GCC backend And 90/100 tests passed in anothers backend  )

…

--------------- Кому: modula3/cm3 ***@***.***); Копия: Mention ***@***.***); Тема: [modula3/cm3] Fix runtime error inside m3quake QScanner (PR #1024); 07.05.2026, 12:46, "Jay Krell" ***@***.***>: jaykrell left a comment (modula3/cm3#1024) We need to stop with manual releases at this point, and stick to automation. There's been too many supply chain attacks in the larger world. Sorry.

[VictorMiasnikov]

} to stop with manual releases at this point, and stick to automation

Today / now it looks as fantastic: Boot1.py AMD64_LINUX c keep  ^^^^^^^ broken in cm3-d5.12.0It generate .tar.gz with outdated makefile } to stop with manual releases at this point, and stick to automation

…

---------------- Кому: modula3/cm3 ***@***.***); Копия: Mention ***@***.***); Тема: [modula3/cm3] Fix runtime error inside m3quake QScanner (PR #1024); 07.05.2026, 12:46, "Jay Krell" ***@***.***>: jaykrell left a comment (modula3/cm3#1024) We need to stop with manual releases at this point, and stick to automation. There's been too many supply chain attacks in the larger world. Sorry. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

[VictorMiasnikov]

AI / LLM understand You right?

(
} uploaded files to a server "by hand" (from their personal computer).

What exactly named files I upload to PR 1024 ?
)

Translation of the Quote:

"At this point, we need to stop doing manual releases and stick to automation. There have been too many supply chain attacks in the wider world recently. Sorry."

---

Explanation of the Meaning

This message was written by a developer or project manager explaining a change in the software release process. Here are the key points:

1. Stopping Manual Work ("manual releases")
Previously, the developer likely ran scripts or uploaded files to a server "by hand" (from their personal computer). While this is convenient for small fixes, it is risky.

2. Why Automation is Needed ("stick to automation")
Automation (usually via CI/CD pipelines) means that the process of building and deploying the software happens on a special, isolated server according to a pre-configured algorithm. This eliminates the "human factor" and prevents situations where attackers could compromise a developer's personal computer.

3. Supply Chain Attacks ("supply chain attacks")
This is the main reason for the decision.

• What it is: Attacks where hackers don't crack the final program code directly, but instead inject malicious code during the build process, via dependencies (libraries), or by replacing update files.
• Context: In recent years, there have been several high-profile incidents (e.g., the SolarWinds hack, incidents with npm or Python packages) where hackers injected viruses into legitimate software updates.
• The Connection: Manual releases often require access permissions that are hard to control, or they use signing keys stored on personal machines. Automated systems are safer because they can be strictly configured to verify digital signatures and code integrity before release.

4. "Sorry"
The author is apologizing because this change will likely cause inconvenience. The release process may now become more formal, slower, or more complex for colleagues/users who are used to quick "manual" responses, but security is now the priority.

Short Summary:
"We will no longer release updates manually because it is dangerous — hackers are increasingly attacking development processes. Now only a robot/server will do this so that no one can tamper with the code. Sorry for the inconvenience."