From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: charles@aurox.ch (Charles A. Roelli) Newsgroups: gmane.emacs.bugs Subject: bug#6149: 24.0.50; shell buffer overflow when input longer than 4096 bytes Date: Fri, 28 Sep 2018 22:13:11 +0200 Message-ID: References: <87aas81jgh.fsf@jidanni.org> Reply-To: charles@aurox.ch NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1538165349 17605 195.159.176.226 (28 Sep 2018 20:09:09 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 28 Sep 2018 20:09:09 +0000 (UTC) Cc: 6149@debbugs.gnu.org To: jidanni@jidanni.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Sep 28 22:09:05 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g5z4S-0004V6-Vn for geb-bug-gnu-emacs@m.gmane.org; Fri, 28 Sep 2018 22:09:05 +0200 Original-Received: from localhost ([::1]:45696 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g5z6Z-0002dD-FV for geb-bug-gnu-emacs@m.gmane.org; Fri, 28 Sep 2018 16:11:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40379) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g5z6P-0002cv-OB for bug-gnu-emacs@gnu.org; Fri, 28 Sep 2018 16:11:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g5z6M-0000XG-Ja for bug-gnu-emacs@gnu.org; Fri, 28 Sep 2018 16:11:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:53758) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1g5z6M-0000X8-A8 for bug-gnu-emacs@gnu.org; Fri, 28 Sep 2018 16:11:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1g5z6M-0004bG-4B for bug-gnu-emacs@gnu.org; Fri, 28 Sep 2018 16:11:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: charles@aurox.ch (Charles A. Roelli) Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 28 Sep 2018 20:11:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 6149 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 6149-submit@debbugs.gnu.org id=B6149.153816541517616 (code B ref 6149); Fri, 28 Sep 2018 20:11:02 +0000 Original-Received: (at 6149) by debbugs.gnu.org; 28 Sep 2018 20:10:15 +0000 Original-Received: from localhost ([127.0.0.1]:58015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g5z5b-0004a3-6y for submit@debbugs.gnu.org; Fri, 28 Sep 2018 16:10:15 -0400 Original-Received: from sinyavsky.aurox.ch ([37.35.109.145]:51664) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g5z5a-0004Zp-3i for 6149@debbugs.gnu.org; Fri, 28 Sep 2018 16:10:14 -0400 Original-Received: from sinyavsky.aurox.ch (sinyavsky.aurox.ch [127.0.0.1]) by sinyavsky.aurox.ch (Postfix) with ESMTP id 8F42A2287E for <6149@debbugs.gnu.org>; Fri, 28 Sep 2018 20:14:03 +0000 (UTC) Authentication-Results: sinyavsky.aurox.ch (amavisd-new); dkim=pass reason="pass (just generated, assumed good)" header.d=aurox.ch DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aurox.ch; h= references:reply-to:subject:subject:in-reply-to:to:from:from :message-id:date:date; s=dkim; t=1538165641; x=1539029642; bh=N5 Qo+caOmQGTJHcBrO6QfqdFN6wjHIh/8A/SV/jZEa8=; b=S9/JBc58W8NzPSefj7 sEoyS6JTKZ0E62ODJHumbogR5rHERZVpwGW8nwm7sXHu1ci2s3IYN1HJg3DMv2/C +LukWJ2GlWt0BITx8AeD4o4dQ0X1A0TSps+0BVs/wcvBiwPs7nqwCaaest/4PYvO HgikOzvWHZs3GbDVokJhg3TH8= X-Virus-Scanned: Debian amavisd-new at test.virtualizor.com Original-Received: from sinyavsky.aurox.ch ([127.0.0.1]) by sinyavsky.aurox.ch (sinyavsky.aurox.ch [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id dk3dxUVI_5eK for <6149@debbugs.gnu.org>; Fri, 28 Sep 2018 20:14:01 +0000 (UTC) Original-Received: from gray (unknown [IPv6:2a02:1205:c693:2d60:c62c:3ff:fe30:b864]) by sinyavsky.aurox.ch (Postfix) with ESMTPSA id 385B9226F4; Fri, 28 Sep 2018 20:14:01 +0000 (UTC) In-reply-to: <87aas81jgh.fsf@jidanni.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:150740 Archived-At: > From: jidanni@jidanni.org > Date: Mon, 10 May 2010 12:14:54 +0800 > > This is a serious bug in M-x shell. It is not a bash or dash bug. It is > not a readline bug. It does not happen in xterm. It does not happen when > using pipes or backticks to get the input. It only happens in M-x > shell... when one gives lines longer than ~4096 characters. > > Actually it is not buffer overflow, but buffer truncation, with NO > WARNING to the user. One day the wrong file will get removed via this > mess. > > In GNU Emacs 24.0.50.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) > of 2010-05-01 on elegiac, modified by Debian > (emacs-snapshot package, version 1:20100501-1) > > > [application/octet-stream input_truncation.txt.gz (2kB)] I can still reproduce this bug in 26.1 with the following recipe: M-x shell RET echo SPC C-SPC C-u 5000 a RET C-p C-e M-= On GNU/Linux: Region has 2 lines, 2 words, and 9096 characters. If echo had received all of the input, you would expect around 10000 characters in the region. Instead, there are 5000 + 4096 characters. Back when EOF chars were used to flush output, we had an "fpathconf" check as in: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=3d082a269ece18058ed82957f8a056822b39789e It might be possible to reinstate this "fpathconf" check to warn the user that he has gone over the PTY limit, or maybe to prevent overlong lines from being sent at all. There is further discussion at: http://lists.gnu.org/archive/html/emacs-devel/2010-08/msg00209.html (Also, repeating this recipe on macOS with Emacs 26.1 results in the behavior pointed out in Bug#32438.)