From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: allocate_string_data memory corruption Date: Thu, 19 Jan 2006 22:56:09 -0500 Message-ID: References: <87vewha2zl.fsf@stupidchicken.com> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1137729395 21937 80.91.229.2 (20 Jan 2006 03:56:35 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 20 Jan 2006 03:56:35 +0000 (UTC) Cc: Chong Yidong , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jan 20 04:56:32 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1EznO0-00080G-CO for ged-emacs-devel@m.gmane.org; Fri, 20 Jan 2006 04:56:28 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EznQT-0006Dy-Db for ged-emacs-devel@m.gmane.org; Thu, 19 Jan 2006 22:59:01 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1EznQI-0006Dt-3c for emacs-devel@gnu.org; Thu, 19 Jan 2006 22:58:50 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1EznQG-0006Dg-Kl for emacs-devel@gnu.org; Thu, 19 Jan 2006 22:58:49 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EznQG-0006Dd-Em for emacs-devel@gnu.org; Thu, 19 Jan 2006 22:58:48 -0500 Original-Received: from [206.47.199.165] (helo=simmts7-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.34) id 1EznUN-0005ip-1h; Thu, 19 Jan 2006 23:03:03 -0500 Original-Received: from empanada.home ([67.71.26.73]) by simmts7-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060120035611.RSSS16677.simmts7-srv.bellnexxia.net@empanada.home>; Thu, 19 Jan 2006 22:56:11 -0500 Original-Received: by empanada.home (Postfix, from userid 502) id 468B97134C5; Thu, 19 Jan 2006 22:56:10 -0500 (EST) Original-To: rms@gnu.org In-Reply-To: (Richard M. Stallman's message of "Thu, 19 Jan 2006 20:14:13 -0500") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (darwin) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:49298 Archived-At: > I just noticed that allocate_string does nothing to prevent > signals from being handled. Neither does Fcons. The result Indeed, both those functions assume that signal handlers do not allocate cons cells or strings. In the Emacs-21-pretest days, Gerd tracked down a bug where this assumption was broken (the keybuf data filled by the signal handler was using a cons cell) and fixed it by changing the keybuf data so that the cons cell wasn't needed any more. > So it seems that these functions need BLOCK_INPUT. I think instead they should be disallowed in signal handlers. And AFAIK they are disallowed. But it's quite possible that some signal handler does it, even though it's disallowed. Maybe eassert(!handling_signal) should be added to allocate_string (and maybe it will catch the current bug). Stefan