From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#9196: integer and memory overflow issues (e.g., cut-and-paste crashes Emacs) Date: Sat, 30 Jul 2011 12:16:34 -0700 Organization: UCLA Computer Science Department Message-ID: <4E345892.8010200@cs.ucla.edu> References: <4E3256E9.3020208@cs.ucla.edu> <4E3284EB.1010308@swipnet.se> <4E32DE0E.5050208@cs.ucla.edu> <4E32E490.3050002@swipnet.se> <4E332009.3090909@cs.ucla.edu> <4E339C30.9090708@swipnet.se> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1312053419 6660 80.91.229.12 (30 Jul 2011 19:16:59 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 30 Jul 2011 19:16:59 +0000 (UTC) Cc: 9196@debbugs.gnu.org To: Jan =?UTF-8?Q?Dj=C3=A4rv?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jul 30 21:16:55 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QnF1r-0007o8-JY for geb-bug-gnu-emacs@m.gmane.org; Sat, 30 Jul 2011 21:16:55 +0200 Original-Received: from localhost ([::1]:48809 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QnF1q-0005du-S4 for geb-bug-gnu-emacs@m.gmane.org; Sat, 30 Jul 2011 15:16:54 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:33500) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QnF1n-0005da-AO for bug-gnu-emacs@gnu.org; Sat, 30 Jul 2011 15:16:52 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QnF1m-00088C-CL for bug-gnu-emacs@gnu.org; Sat, 30 Jul 2011 15:16:51 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:34112) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QnF1m-000887-Ak for bug-gnu-emacs@gnu.org; Sat, 30 Jul 2011 15:16:50 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1QnF1y-0007oX-7C; Sat, 30 Jul 2011 15:17:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 30 Jul 2011 19:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9196 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 9196-submit@debbugs.gnu.org id=B9196.131205341730022 (code B ref 9196); Sat, 30 Jul 2011 19:17:02 +0000 Original-Received: (at 9196) by debbugs.gnu.org; 30 Jul 2011 19:16:57 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QnF1s-0007oA-2M for submit@debbugs.gnu.org; Sat, 30 Jul 2011 15:16:56 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QnF1p-0007o2-Dq for 9196@debbugs.gnu.org; Sat, 30 Jul 2011 15:16:54 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 40EA639E80DE; Sat, 30 Jul 2011 12:16:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2T9zLsZOpyd; Sat, 30 Jul 2011 12:16:38 -0700 (PDT) Original-Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net [71.189.109.235]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id C1D9D39E80D2; Sat, 30 Jul 2011 12:16:38 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 In-Reply-To: <4E339C30.9090708@swipnet.se> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sat, 30 Jul 2011 15:17:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:49727 Archived-At: I take your point that the checks add clutter, so I'll revise the patch to address that problem, by adding a couple of memory allocators that do the proper overflow checking internally, so that callers don't need to test for integer overflow. This will take a bit of time to prepare and test, so please bear with me, but to give you a feel here's a draft of the revised patch to xgselect.c. This simplifies xgselect.c compared to what's in the trunk now. --- src/xgselect.c 2011-07-01 09:18:46 +0000 +++ src/xgselect.c 2011-07-30 18:19:51 +0000 @@ -54,10 +54,8 @@ do { if (n_gfds > gfds_size) { - while (n_gfds > gfds_size) - gfds_size *=3D 2; xfree (gfds); - gfds =3D xmalloc (sizeof (*gfds) * gfds_size); + gfds =3D xpmalloc (&gfds_size, n_gfds - gfds_size, INT_MAX, size= of *gfds); } =20 n_gfds =3D g_main_context_query (context, On 07/29/11 22:52, Jan Dj=C3=A4rv wrote: > the checks that check for more than 2 billion command line arguments Those checks are necessary for GNU/Hurd, which places no limit on command line arguments, which means argc + 2 can overflow. That being said, the revised patch will address the clutter problem for the command-line issue as well, and the resulting emacs.c will be simpler than what's in the trunk now.