From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#11442: dbus uses Emacs integer as pointer, possible core dump Date: Wed, 09 May 2012 08:20:57 -0700 Organization: UCLA Computer Science Department Message-ID: <4FAA8B59.8050207@cs.ucla.edu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1336576928 23442 80.91.229.3 (9 May 2012 15:22:08 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 9 May 2012 15:22:08 +0000 (UTC) Cc: Michael Albinus To: 11442@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed May 09 17:22:07 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SS8iM-0005ek-QK for geb-bug-gnu-emacs@m.gmane.org; Wed, 09 May 2012 17:22:06 +0200 Original-Received: from localhost ([::1]:42862 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8iJ-0001sA-IL for geb-bug-gnu-emacs@m.gmane.org; Wed, 09 May 2012 11:22:03 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:34625) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8iG-0001rW-2G for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:22:01 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SS8i6-0000bf-3Y for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:21:59 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:42348) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8i6-0000bW-0F for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:21:50 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1SS8kE-0008NX-6D for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:24:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 09 May 2012 15:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 11442 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.133657702932181 (code B ref -1); Wed, 09 May 2012 15:24:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 9 May 2012 15:23:49 +0000 Original-Received: from localhost ([127.0.0.1]:43382 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SS8k1-0008N0-70 for submit@debbugs.gnu.org; Wed, 09 May 2012 11:23:49 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:48362) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SS8jy-0008Ml-Na for submit@debbugs.gnu.org; Wed, 09 May 2012 11:23:47 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SS8hg-0000YI-Jn for submit@debbugs.gnu.org; Wed, 09 May 2012 11:21:28 -0400 Original-Received: from lists.gnu.org ([208.118.235.17]:52417) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8hg-0000YE-H6 for submit@debbugs.gnu.org; Wed, 09 May 2012 11:21:24 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:34502) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8ha-0001ls-FO for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:21:24 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SS8hP-0000Vj-1f for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:21:17 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:33631) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8hO-0000U2-Sl for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:21:06 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id C4CE7A60003; Wed, 9 May 2012 08:20:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d+Wqy5iWr4Vh; Wed, 9 May 2012 08:20:56 -0700 (PDT) Original-Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net [71.189.109.235]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 6B2A739E8007; Wed, 9 May 2012 08:20:56 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:59889 Archived-At: The trunk version of Emacs src/dbusbind.c contains a function xd_get_connection_address that does this: connection = (DBusConnection *) (intptr_t) XFASTINT (val); This converts an Emacs integer to a pointer without checking that it is actually of the proper C type. It is possible for Lisp code to mistakenly put an integer there that will cause Emacs to dump core. Shouldn't this be made safe, so that Lisp code can't do that? For example, a DbusConnection * could be made a proper Lisp pseudovector or misc type or something like that. The idea is to avoid a bad pointer leaking into the C code.