From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#8545: issues with recent doprnt-related changes Date: Thu, 28 Apr 2011 02:10:55 -0400 Message-ID: References: <4DB50AB9.6060100@cs.ucla.edu> <83tydmaeo3.fsf@gnu.org> <4DB65FF1.5010003@cs.ucla.edu> <83aafb8p4a.fsf@gnu.org> <4DB8ABEA.3080503@cs.ucla.edu> <4DB8DAF8.7070408@cs.ucla.edu> <4DB8FB35.5090205@cs.ucla.edu> Reply-To: Eli Zaretskii NNTP-Posting-Host: lo.gmane.org X-Trace: dough.gmane.org 1303972625 1587 80.91.229.12 (28 Apr 2011 06:37:05 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 28 Apr 2011 06:37:05 +0000 (UTC) Cc: lekktu@gmail.com, 8545@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Apr 28 08:36:58 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QFKqP-000458-Q4 for geb-bug-gnu-emacs@m.gmane.org; Thu, 28 Apr 2011 08:36:57 +0200 Original-Received: from localhost ([::1]:33945 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFKqP-0000nF-Db for geb-bug-gnu-emacs@m.gmane.org; Thu, 28 Apr 2011 02:36:57 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:41698) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFKqK-0000ii-1F for bug-gnu-emacs@gnu.org; Thu, 28 Apr 2011 02:36:52 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QFKqI-000491-RZ for bug-gnu-emacs@gnu.org; Thu, 28 Apr 2011 02:36:51 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:40953) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFKqI-00048w-OF for bug-gnu-emacs@gnu.org; Thu, 28 Apr 2011 02:36:50 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1QFKSH-0005pE-QL; Thu, 28 Apr 2011 02:12:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 28 Apr 2011 06:12:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8545 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 8545-submit@debbugs.gnu.org id=B8545.130397106322306 (code B ref 8545); Thu, 28 Apr 2011 06:12:01 +0000 Original-Received: (at 8545) by debbugs.gnu.org; 28 Apr 2011 06:11:03 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QFKRK-0005nj-FR for submit@debbugs.gnu.org; Thu, 28 Apr 2011 02:11:02 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QFKRJ-0005nC-6d for 8545@debbugs.gnu.org; Thu, 28 Apr 2011 02:11:01 -0400 Original-Received: from eliz by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1QFKRD-0001nu-So; Thu, 28 Apr 2011 02:10:55 -0400 In-reply-to: <4DB8FB35.5090205@cs.ucla.edu> (message from Paul Eggert on Wed, 27 Apr 2011 22:29:25 -0700) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Thu, 28 Apr 2011 02:12:01 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:46058 Archived-At: > Date: Wed, 27 Apr 2011 22:29:25 -0700 > From: Paul Eggert > CC: lekktu@gmail.com, 8545@debbugs.gnu.org > > On 04/27/11 22:15, Eli Zaretskii wrote: > > As I explain in another message, we _can_ dereference this invalid > > pointer. > > Sorry, I'm not quite following, since I'm not sure what > the "another message" refers to. If you didn't receive it, you will find it filed in the bug tracker. > Hmm, perhaps you're talking about this pattern in the code? > > while (fmt < format_end) > { ... fmt++ ... } > switch (*fmt++) Yes, the loop (which increments the pointer more than once), the reference with postincrement in the switch statement, and the following dereference in fmt[-1] in the call to `error'. > Here, the code is dereferencing *format_end, > which means it's dereferencing one past the end of the > format string that is passed to it. No, it can dereference *(format_end+1). > If the intent here is that one should call doprnt with > the pattern (doprnt (A, ASIZE, B, B + BSIZE - 1, AP)) then > I suggest that the point be made clearly in doprnt's comment, > as part of doprnt's API, to prevent future confusion in > this area. No, it should be called as B+BSIZE.