From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#63063: CVE-2021-36699 report Date: Tue, 25 Apr 2023 10:55:36 +0300 Message-ID: <83fs8owg3r.fsf@gnu.org> References: <40-63e3c600-3-2d802d00@111202636> <01070187b503303f-1657dcaa-4f53-47da-9679-2f68a682d447-000000@eu-central-1.amazonses.com> <01070187b52a3165-eeb31a4e-fba7-4290-850a-c73ab11eb43f-000000@eu-central-1.amazonses.com> <83mt2wwi0y.fsf@gnu.org> <87v8hkctlc.fsf@yahoo.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8601"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 63063@debbugs.gnu.org, fuo@fuo.fi To: Po Lu Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Apr 25 09:56:24 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1prDXC-0001wX-PA for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 25 Apr 2023 09:56:22 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1prDWw-0001de-Bi; Tue, 25 Apr 2023 03:56:06 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prDWt-0001bo-OO for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 03:56:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1prDWs-0000BT-Tj for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 03:56:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1prDWs-0003Jd-Fo for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 03:56:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 25 Apr 2023 07:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63063 X-GNU-PR-Package: emacs Original-Received: via spool by 63063-submit@debbugs.gnu.org id=B63063.168240931712473 (code B ref 63063); Tue, 25 Apr 2023 07:56:02 +0000 Original-Received: (at 63063) by debbugs.gnu.org; 25 Apr 2023 07:55:17 +0000 Original-Received: from localhost ([127.0.0.1]:51166 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prDW9-0003F4-H3 for submit@debbugs.gnu.org; Tue, 25 Apr 2023 03:55:17 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:55514) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prDW7-0003ED-HM for 63063@debbugs.gnu.org; Tue, 25 Apr 2023 03:55:15 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prDW2-0008Tq-42; Tue, 25 Apr 2023 03:55:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=5bjeSOGnt2Y3/q2oK9GH5FjME0mPtJYnVO7y+Ou7Fm8=; b=a3Oq+0GzA3O8 mrvTpyH6bpH7s+7lu29j6uMNbjPh8Jq7RMxHdMQHL67D6OThwxJXvD4RqASzB042iyFOduhT6bTjP ZOGXgLxPBgzrFpQQvaKfSEPkHVpyOEK6kkUX0WNcqGdiea8usXdN/+N0D3ATIF7W0XzLpKrLBMIi9 7biCqg2SHYyQY4/PuePfohHQrpRs+YqD0azfDdDUlyRuKewVQR1Ah19ZdSVybiFrg4Xe3cEB/zTF8 6cFabXEVABJDGDk3Dv6AZ8u7lpRUWYsQK3GI6+YXof/6fLWdquGFX32IvGC/v4xbayflikzjR7mik 6IigDG0itAUpNV4J13XX9Q==; Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prDW1-0007wB-Jz; Tue, 25 Apr 2023 03:55:09 -0400 In-Reply-To: <87v8hkctlc.fsf@yahoo.com> (message from Po Lu on Tue, 25 Apr 2023 15:24:31 +0800) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:260599 Archived-At: > From: Po Lu > Cc: fuomag9 , 63063@debbugs.gnu.org > Date: Tue, 25 Apr 2023 15:24:31 +0800 > > Eli Zaretskii writes: > > > Please tell more about the buffer overflow: where does it happen in > > the Emacs sources, which buffer overflows, and why. I cannot find > > these details in your report. > > It happens because the dump file is deliberately edited to be invalid. I didn't ask about the root cause, I asked about the details of the problem: where it happens in our sources, and what exactly happens. > It is not a dump file that Emacs will generate under any circumstance, > and as such it's not a bug; by the same means, a pointer to an invalid > Lisp object could be created, causing a similar crash. Emacs is not > expected to operate from a corrupt dump file any more than it is > expected to operate from a corrupt executable. Noted. But please let me make up my own mind about this issue, once I understand the details. OK?