From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jan =?UTF-8?Q?Dj=C3=A4rv?= Newsgroups: gmane.emacs.bugs Subject: bug#9196: integer and memory overflow issues (e.g., cut-and-paste crashes Emacs) Date: Mon, 08 Aug 2011 20:01:48 +0200 Message-ID: <4E40248C.6060302@swipnet.se> References: <4E3256E9.3020208@cs.ucla.edu> <4E3284EB.1010308@swipnet.se> <4E32DE0E.5050208@cs.ucla.edu> <4E32E490.3050002@swipnet.se> <4E332009.3090909@cs.ucla.edu> <4E339C30.9090708@swipnet.se> <4E345892.8010200@cs.ucla.edu> <4E3518F0.4040002@swipnet.se> <4E3B5671.1040704@cs.ucla.edu> <4E3BB763.8040902@swipnet.se> <4E3C97D4.5020408@cs.ucla.edu> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1312826530 18194 80.91.229.12 (8 Aug 2011 18:02:10 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 8 Aug 2011 18:02:10 +0000 (UTC) Cc: 9196@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Aug 08 20:02:05 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QqU9N-0003ag-Jj for geb-bug-gnu-emacs@m.gmane.org; Mon, 08 Aug 2011 20:02:05 +0200 Original-Received: from localhost ([::1]:42973 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QqU9M-00071L-SQ for geb-bug-gnu-emacs@m.gmane.org; Mon, 08 Aug 2011 14:02:04 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:40610) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QqU9I-0006zd-KZ for bug-gnu-emacs@gnu.org; Mon, 08 Aug 2011 14:02:02 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QqU9H-0007St-HJ for bug-gnu-emacs@gnu.org; Mon, 08 Aug 2011 14:02:00 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:51209) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QqU9H-0007So-EW for bug-gnu-emacs@gnu.org; Mon, 08 Aug 2011 14:01:59 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1QqUAI-00026e-Hr; Mon, 08 Aug 2011 14:03:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jan =?UTF-8?Q?Dj=C3=A4rv?= Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 08 Aug 2011 18:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9196 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 9196-submit@debbugs.gnu.org id=B9196.13128265768079 (code B ref 9196); Mon, 08 Aug 2011 18:03:02 +0000 Original-Received: (at 9196) by debbugs.gnu.org; 8 Aug 2011 18:02:56 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QqUAB-00026F-5l for submit@debbugs.gnu.org; Mon, 08 Aug 2011 14:02:55 -0400 Original-Received: from smtprelay-b22.telenor.se ([195.54.99.213]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QqUA9-000265-0c for 9196@debbugs.gnu.org; Mon, 08 Aug 2011 14:02:53 -0400 Original-Received: from ipb2.telenor.se (ipb2.telenor.se [195.54.127.165]) by smtprelay-b22.telenor.se (Postfix) with ESMTP id 3D0E9EA35C for <9196@debbugs.gnu.org>; Mon, 8 Aug 2011 20:01:48 +0200 (CEST) X-SENDER-IP: [85.225.45.26] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApZtAIcjQE5V4S0aPGdsb2JhbABDDoQ5hEeeFwsBAQEBHhkNJYFAAQEFIw8BBR4iARALGAICBRYLAgIJAwIBAgEbDAoUBg0BBwEBh2usaJEogSyEC4EQBJgKiyk5 X-IronPort-AV: E=Sophos;i="4.67,338,1309730400"; d="scan'208";a="210508904" Original-Received: from c-1a2de155.25-1-64736c10.cust.bredbandsbolaget.se (HELO coolsville.localdomain) ([85.225.45.26]) by ipb2.telenor.se with ESMTP; 08 Aug 2011 20:01:48 +0200 Original-Received: from [172.20.199.13] (zeplin [172.20.199.13]) by coolsville.localdomain (Postfix) with ESMTPSA id 527DE7FA059; Mon, 8 Aug 2011 20:01:47 +0200 (CEST) User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:5.0) Gecko/20110624 Thunderbird/5.0 In-Reply-To: <4E3C97D4.5020408@cs.ucla.edu> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Mon, 08 Aug 2011 14:03:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:49953 Archived-At: Paul Eggert skrev 2011-08-06 03:24: > On 08/05/2011 02:26 AM, Jan Dj=C3=A4rv wrote: >>> + static char const xdefaults[] =3D ".Xdefaults-"; >> >> I think there might be problems with dumping and static variables. >> There is a reason for initializing static variables in init-functions >> rather in an initializer. I don't remember the details. > > In the old days, Emacs sometimes did '#define static /* empty */' as > part of its undumping scheme, which meant that static variables inside > functions didn't preserve their values from call to call. Emacs no > longer does that, so we're OK here. (And even if Emacs still did > that, this particular code would be safe, as this particular variable > would be reinitialized to the correct value on every call.) That is not what I meant. Tale a look at xterm.c, syms_of_xterm. Static= =20 variables are initialized there. The manual says: " You must not use C initializers for static or global variables unless the variables are never written once Emacs is dumped. These variables with initializers are allocated in an area of memory that becomes read-only (on certain operating systems) as a result of dumping Emacs. " So I guess this usage is ok. > >>> + char *home =3D gethomedir (); >>> + char const *host =3D get_system_name (); >>> + ptrdiff_t pathsize =3D strlen (home) + sizeof xdefaults + strl= en (host); >>> + path =3D (char *) xrealloc (home, pathsize); >>> + strcat (strcat (path, xdefaults), host); >>> p =3D path; >>> } >>> >>> db =3D XrmGetFileDatabase (p); >>> >>> xfree (path); >>> - xfree (home); >> >> Since home isn't free:d, you have introduced a memory leak. > > No, we should be OK here -- the realloc frees 'home'. Right, missed that. Jan D.