From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Dmitry Antipov <dmantipov@yandex.ru>
Newsgroups: gmane.emacs.devel
Subject: Re: RFC on proposal fix [Re: Crash caused by insert-file-contents,
	both trunk (bzr 111532) and 24.2.92 affected]
Date: Thu, 17 Jan 2013 22:12:24 +0400
Message-ID: <50F83F08.1060709@yandex.ru>
References: <50F52EC0.2030309@yandex.ru> <8338y2qsyi.fsf@gnu.org>
	<50F593E8.2030105@yandex.ru> <83vcay8g2n.fsf@gnu.org>
	<50F830F6.1070805@yandex.ru> <83pq137l6o.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1358446389 9377 80.91.229.3 (17 Jan 2013 18:13:09 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 17 Jan 2013 18:13:09 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jan 17 19:13:23 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Tvtxb-0002DO-Uu
	for ged-emacs-devel@m.gmane.org; Thu, 17 Jan 2013 19:13:08 +0100
Original-Received: from localhost ([::1]:51474 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1TvtxL-00043M-12
	for ged-emacs-devel@m.gmane.org; Thu, 17 Jan 2013 13:12:51 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:48568)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dmantipov@yandex.ru>) id 1TvtxE-00041b-Hs
	for emacs-devel@gnu.org; Thu, 17 Jan 2013 13:12:48 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dmantipov@yandex.ru>) id 1TvtxA-0002Ql-2r
	for emacs-devel@gnu.org; Thu, 17 Jan 2013 13:12:44 -0500
Original-Received: from forward17.mail.yandex.net ([2a02:6b8:0:1402::2]:46522)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dmantipov@yandex.ru>)
	id 1Tvtwz-0002Nd-Cv; Thu, 17 Jan 2013 13:12:29 -0500
Original-Received: from smtp16.mail.yandex.net (smtp16.mail.yandex.net [95.108.252.16])
	by forward17.mail.yandex.net (Yandex) with ESMTP id 781711061A6E;
	Thu, 17 Jan 2013 22:12:25 +0400 (MSK)
Original-Received: from smtp16.mail.yandex.net (localhost [127.0.0.1])
	by smtp16.mail.yandex.net (Yandex) with ESMTP id 2D5F96A02D7;
	Thu, 17 Jan 2013 22:12:25 +0400 (MSK)
Original-Received: from unknown (unknown [37.139.80.10])
	by smtp16.mail.yandex.net (nwsmtp/Yandex) with ESMTP id
	COYuYukX-COYWiw4A; Thu, 17 Jan 2013 22:12:24 +0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
	t=1358446345; bh=6bJwGQzGjF1m9TdFcNbVBkc3KVZdRrqidRhT4p3+HLE=;
	h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:
	References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=MBzMc3HV5KlAeDQ4ymYYawBf3mO+M2PfuhliQSMbrejjiJwWNwZL+KxDzHIzKmGDY
	IF7PzD8wHjokbB1BisIz3h5wRW4DUZ8jqQkf9mWtMYJFPrT8i5IPuYYlJ2Czgk/RbM
	HyJj6r2wIrg7PUxGxnsiNufTRypE/ouOcYz3nsbU=
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130107 Thunderbird/17.0.2
In-Reply-To: <83pq137l6o.fsf@gnu.org>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a02:6b8:0:1402::2
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:156449
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/156449>

On 01/17/2013 09:50 PM, Eli Zaretskii wrote:

> Can you tell which problems you found in the original code that these
> changes are supposed to fix?

1) Original code do emacs_read to ((char *) BEG_ADDR + PT_BYTE - BEG_BYTE + offset
    without adjusting gap size, z and zv; this (IIUC) fools make_gap and so
    enlarge_buffer_text; we end up with the gap which is less than expected,
    read_non_regular do emacs_read into the buffer beyond allocated buffer text,
    which finally causes EFAULT from emacs_read or heap corruption.

2) Original code throws I/O error too early without decoding the data possibly
    read before. When not-yet-decoded part of buffer text is displayed, redisplay
    is likely to crash.

Dmitry