From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?ISO-8859-1?Q?Jan_Dj=E4rv?= Newsgroups: gmane.emacs.devel Subject: Re: Problem report #85 Date: Thu, 11 May 2006 08:58:49 +0200 Message-ID: <4462E0A9.4050200@swipnet.se> References: <200605110120.k4B1Kjfj011062@scanner2.ics.uci.edu> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1147330765 9382 80.91.229.2 (11 May 2006 06:59:25 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 11 May 2006 06:59:25 +0000 (UTC) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu May 11 08:59:21 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1Fe58i-0005De-W4 for ged-emacs-devel@m.gmane.org; Thu, 11 May 2006 08:59:13 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fe58i-0007zd-Kz for ged-emacs-devel@m.gmane.org; Thu, 11 May 2006 02:59:12 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fe58V-0007zY-DI for emacs-devel@gnu.org; Thu, 11 May 2006 02:58:59 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fe58S-0007zL-M7 for emacs-devel@gnu.org; Thu, 11 May 2006 02:58:58 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fe58S-0007zI-DD for emacs-devel@gnu.org; Thu, 11 May 2006 02:58:56 -0400 Original-Received: from [81.228.9.180] (helo=av6-2-sn3.vrr.skanova.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1Fe59u-00076F-Gi for emacs-devel@gnu.org; Thu, 11 May 2006 03:00:26 -0400 Original-Received: by av6-2-sn3.vrr.skanova.net (Postfix, from userid 502) id 5C5D4381A7; Thu, 11 May 2006 08:58:54 +0200 (CEST) Original-Received: from smtp3-1-sn3.vrr.skanova.net (smtp3-1-sn3.vrr.skanova.net [81.228.9.101]) by av6-2-sn3.vrr.skanova.net (Postfix) with ESMTP id 4A5B73806A for ; Thu, 11 May 2006 08:58:54 +0200 (CEST) Original-Received: from coolsville.localdomain (81-235-205-204-no59.tbcn.telia.com [81.235.205.204]) by smtp3-1-sn3.vrr.skanova.net (Postfix) with ESMTP id 27BFC37E47 for ; Thu, 11 May 2006 08:58:54 +0200 (CEST) User-Agent: Thunderbird 1.5.0.2 (X11/20060501) Original-To: emacs-devel@gnu.org In-Reply-To: <200605110120.k4B1Kjfj011062@scanner2.ics.uci.edu> X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:54244 Archived-At: Dan Nicolaescu skrev: > CID: 85 > Checker: USE_AFTER_FREE (help) > File: base/src/emacs/src/fileio.c > Function: Finsert_file_contents > Description: Using freed pointer "conversion_buffer" > > Event freed_arg: Pointer "conversion_buffer" freed by function "xfree" [model] > Also see events: [double_free][double_free][use_after_free][use_after_free] > > 4326 xfree (conversion_buffer); > 4327 coding_free_composition_data (&coding); > > At conditional (1): "how_much == -1" taking false path > > 4328 if (how_much == -1) > 4329 error ("IO error reading %s: %s", > 4330 SDATA (orig_filename), emacs_strerror (errno)); > > At conditional (2): "how_much == -2" taking false path > > 4331 else if (how_much == -2) > 4332 error ("maximum buffer size exceeded"); > 4333 } If how_much < 0 (tested before the code snippet above), it must be -1, since that is what emacs_read may return. So "how_much == -1" taking false path can not happen. I don't see how how_much can become -2, so that code is probably dead (but harmless). Jan D.