From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Chong Yidong <cyd@stupidchicken.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#9412: sprintf-related integer and memory overflow issues
Date: Tue, 30 Aug 2011 22:08:13 -0400
Message-ID: <87vcteib8y.fsf@stupidchicken.com>
References: <4E5D6772.7060208@cs.ucla.edu>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1314756551 28116 80.91.229.12 (31 Aug 2011 02:09:11 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 31 Aug 2011 02:09:11 +0000 (UTC)
Cc: 9412@debbugs.gnu.org
To: Paul Eggert <eggert@cs.ucla.edu>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Aug 31 04:08:58 2011
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1QyaEb-0003yC-WB
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 31 Aug 2011 04:08:58 +0200
Original-Received: from localhost ([::1]:59819 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1QyaEb-0006MJ-DD
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 30 Aug 2011 22:08:57 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:52802)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1QyaEY-0006M3-Nx
	for bug-gnu-emacs@gnu.org; Tue, 30 Aug 2011 22:08:55 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1QyaEX-0006EH-HQ
	for bug-gnu-emacs@gnu.org; Tue, 30 Aug 2011 22:08:54 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:45713)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1QyaEX-0006ED-4A
	for bug-gnu-emacs@gnu.org; Tue, 30 Aug 2011 22:08:53 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1QyaHa-0007oA-JS; Tue, 30 Aug 2011 22:12:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Chong Yidong <cyd@stupidchicken.com>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-To: owner@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 31 Aug 2011 02:12:02 +0000
Resent-Message-ID: <handler.9412.B9412.131475669729981@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 9412
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Original-Received: via spool by 9412-submit@debbugs.gnu.org id=B9412.131475669729981
	(code B ref 9412); Wed, 31 Aug 2011 02:12:02 +0000
Original-Received: (at 9412) by debbugs.gnu.org; 31 Aug 2011 02:11:37 +0000
Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1QyaHA-0007nV-HV
	for submit@debbugs.gnu.org; Tue, 30 Aug 2011 22:11:36 -0400
Original-Received: from vm-emlprdomr-02.its.yale.edu ([130.132.50.143])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <cyd@stupidchicken.com>) id 1QyaH7-0007nM-I4
	for 9412@debbugs.gnu.org; Tue, 30 Aug 2011 22:11:34 -0400
Original-Received: from furball ([128.36.14.41]) (authenticated bits=0)
	by vm-emlprdomr-02.its.yale.edu (8.14.4/8.14.4) with ESMTP id
	p7V28Ehe003572
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
	Tue, 30 Aug 2011 22:08:14 -0400
In-Reply-To: <4E5D6772.7060208@cs.ucla.edu> (Paul Eggert's message of "Tue, 30
	Aug 2011 15:42:58 -0700")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)
X-Scanned-By: MIMEDefang 2.71 on 130.132.50.143
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
Resent-Date: Tue, 30 Aug 2011 22:12:02 -0400
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:50458
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/50458>

Paul Eggert <eggert@cs.ucla.edu> writes:

> Here's a patch to the Emacs trunk to fix some sprintf-related integer
> and memory overflow issues in Emacs proper.  These bugs can cause the
> wrong integer to be displayed, or a buffer overrun in sprintf output,
> that sort of thing.  Almost all the bugs can occur independently of
> whether --with-wide-int is used.  The bugs range from unlikely to
> extremely unlikely in normal use (otherwise they would have been fixed
> already....).  The patch is (I hope) routine.  I plan to install this
> patch after some more internal testing.

I don't much like the idea of using custom functions like esprintf and
esnprintf.  They make the code much less clear.

Also, I seem to recall that the reason we don't use snprintf is that
it's not available on all the platforms that Emacs supports.