From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jan =?UTF-8?Q?Dj=C3=A4rv?= Newsgroups: gmane.emacs.bugs Subject: bug#6855: 24.0.50; Bug in tool bar label handling Date: Sun, 15 Aug 2010 10:20:05 +0200 Message-ID: <4C67A335.1050002@swipnet.se> References: <877hjt1jue.fsf@gnu.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1281861539 6724 80.91.229.12 (15 Aug 2010 08:38:59 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 15 Aug 2010 08:38:59 +0000 (UTC) Cc: 6855-done@debbugs.gnu.org To: Johan =?UTF-8?Q?Bockg=C3=A5rd?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Aug 15 10:38:57 2010 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1OkYk4-0002Qd-Nq for geb-bug-gnu-emacs@m.gmane.org; Sun, 15 Aug 2010 10:38:57 +0200 Original-Received: from localhost ([127.0.0.1]:34909 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OkYk3-0001uk-FC for geb-bug-gnu-emacs@m.gmane.org; Sun, 15 Aug 2010 04:38:55 -0400 Original-Received: from [140.186.70.92] (port=50799 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OkYjt-0001ts-WC for bug-gnu-emacs@gnu.org; Sun, 15 Aug 2010 04:38:47 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OkYjs-0006dT-Qi for bug-gnu-emacs@gnu.org; Sun, 15 Aug 2010 04:38:45 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:40836) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OkYjs-0006dN-L6 for bug-gnu-emacs@gnu.org; Sun, 15 Aug 2010 04:38:44 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1OkYRn-0008Da-E2 for bug-gnu-emacs@gnu.org; Sun, 15 Aug 2010 04:20:03 -0400 Resent-From: Jan =?UTF-8?Q?Dj=C3=A4rv?= Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Sun, 15 Aug 2010 08:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 6855 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Mail-Followup-To: 6855@debbugs.gnu.org, jan.h.d@swipnet.se Original-Received: via spool by 6855-done@debbugs.gnu.org id=D6855.128186035531578 (code D ref 6855); Sun, 15 Aug 2010 08:20:02 +0000 Original-Received: (at 6855-done) by debbugs.gnu.org; 15 Aug 2010 08:19:15 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OkYR0-0008DH-Pw for submit@debbugs.gnu.org; Sun, 15 Aug 2010 04:19:15 -0400 Original-Received: from smtprelay-b12.telenor.se ([62.127.194.21]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OkYQy-0008DA-9F for 6855-done@debbugs.gnu.org; Sun, 15 Aug 2010 04:19:13 -0400 Original-Received: from ipb3.telenor.se (ipb3.telenor.se [195.54.127.166]) by smtprelay-b12.telenor.se (Postfix) with ESMTP id 19E28E9D51 for <6855-done@debbugs.gnu.org>; Sun, 15 Aug 2010 10:20:07 +0200 (CEST) X-SENDER-IP: [85.225.45.35] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhAzANI/Z0xV4S0jPGdsb2JhbACHZ5hiDAEBAQE1LbZkhTsE X-IronPort-AV: E=Sophos;i="4.55,370,1278280800"; d="scan'208";a="561759183" Original-Received: from c-232de155.25-1-64736c10.cust.bredbandsbolaget.se (HELO coolsville.localdomain) ([85.225.45.35]) by ipb3.telenor.se with ESMTP; 15 Aug 2010 10:20:07 +0200 Original-Received: from [172.20.199.13] (zeplin [172.20.199.13]) by coolsville.localdomain (Postfix) with ESMTPSA id C051F7FA05A; Sun, 15 Aug 2010 10:20:06 +0200 (CEST) User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; sv-SE; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 In-Reply-To: <877hjt1jue.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sun, 15 Aug 2010 04:20:03 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:39497 Archived-At: Johan Bockg=E5rd skrev 2010-08-14 14.04: > > There are some bugs in the handling of tool bar labels that can cause > Emacs to crash. > > > > ### gtkutil.c: update_frame_tool_bar ### > > char *label =3D SSDATA (PROP (TOOL_BAR_ITEM_LABEL)); > > Here we take string data out. > > > > ### keyboard.c: parse_tool_bar_item ### > > else if (EQ (key, QClabel)) > { > /* `:label LABEL-STRING'. */ > PROP (TOOL_BAR_ITEM_LABEL) =3D value; > have_label =3D 1; > } > > But here we put an arbitrary object in. > We kind of assume people do the sensible thing and put in strings. It is= the same as for help and image. If Emacs crashes because somebody didn't put in a string, that is actually a good thing IMHO. The error becomes very apparent then. > > ... > > if (!have_label) > > ... > char buf[64]; > EMACS_INT max_lbl =3D 2*tool_bar_max_label_size; > Lisp_Object new_lbl; > > if (strlen (caption)< max_lbl&& caption[0] !=3D '\0') > { > strcpy (buf, caption); > > tool-bar-max-label-size is a user variable, so this can mean a buffer > overflow. > > > ... > if (SCHARS (new_lbl)<=3D tool_bar_max_label_size) > PROP (TOOL_BAR_ITEM_LABEL) =3D new_lbl; > > If we came here but the branch is not taken, the label will be nil, > not a string. > I have checked in a fix for those two. Thanks, Jan D.