* bug#35576: 27.0.50; Emacs crash when reads an integer with radix > 36
@ 2019-05-05 11:37 Tino Calancha
2019-05-05 14:07 ` Eli Zaretskii
0 siblings, 1 reply; 2+ messages in thread
From: Tino Calancha @ 2019-05-05 11:37 UTC (permalink / raw)
To: 35576
emacs -Q:
;; Emacs crash when you eval the following form
M-: #37r1
;; Expected: you get the error:
;; Invalid read syntax: "integer, radix 37"
In GNU Emacs 27.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
of 2019-05-05
Windowing system distributor 'The X.Org Foundation', version 11.0.11902000
System Description: Debian GNU/Linux 9 (stretch)
--8<-----------------------------cut here---------------start------------->8---
commit c5ffba787a10f80d17a0ebc7fc7e1fb0f754843d
Author: Tino Calancha <tino.calancha@gmail.com>
Date: Sun May 5 20:24:03 2019 +0900
src/lread.c (read_integer): Prevent from accessing a null buffer
diff --git a/src/lread.c b/src/lread.c
index 1c97805ca7..810e24d614 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -2660,19 +2660,17 @@ read_integer (Lisp_Object readcharfun, EMACS_INT radix)
Also, room for invalid syntax diagnostic. */
size_t len = max (1 + 1 + UINTMAX_WIDTH + 1,
sizeof "integer, radix " + INT_STRLEN_BOUND (EMACS_INT));
- char *buf = NULL;
+ char *buf = xmalloc (len);
char *p = buf;
int valid = -1; /* 1 if valid, 0 if not, -1 if incomplete. */
ptrdiff_t count = SPECPDL_INDEX ();
-
if (radix < 2 || radix > 36)
valid = 0;
else
{
int c, digit;
- buf = xmalloc (len);
record_unwind_protect_ptr (free_contents, &buf);
p = buf;
@@ -2718,8 +2716,10 @@ read_integer (Lisp_Object readcharfun, EMACS_INT radix)
if (valid != 1)
{
- sprintf (buf, "integer, radix %"pI"d", radix);
- invalid_syntax (buf);
+ xfree (buf);
+ char str[len];
+ sprintf (str, "integer, radix %"pI"d", radix);
+ invalid_syntax (str);
}
*p = '\0';
--8<-----------------------------cut here---------------end--------------->8---
^ permalink raw reply related [flat|nested] 2+ messages in thread
* bug#35576: 27.0.50; Emacs crash when reads an integer with radix > 36
2019-05-05 11:37 bug#35576: 27.0.50; Emacs crash when reads an integer with radix > 36 Tino Calancha
@ 2019-05-05 14:07 ` Eli Zaretskii
0 siblings, 0 replies; 2+ messages in thread
From: Eli Zaretskii @ 2019-05-05 14:07 UTC (permalink / raw)
To: Tino Calancha; +Cc: 35576-done
> From: Tino Calancha <tino.calancha@gmail.com>
> Date: Sun, 05 May 2019 20:37:08 +0900
>
> emacs -Q:
> ;; Emacs crash when you eval the following form
> M-: #37r1
>
> ;; Expected: you get the error:
> ;; Invalid read syntax: "integer, radix 37"
>
>
>
> In GNU Emacs 27.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
> of 2019-05-05
> Windowing system distributor 'The X.Org Foundation', version 11.0.11902000
> System Description: Debian GNU/Linux 9 (stretch)
>
>
> --8<-----------------------------cut here---------------start------------->8---
> commit c5ffba787a10f80d17a0ebc7fc7e1fb0f754843d
> Author: Tino Calancha <tino.calancha@gmail.com>
> Date: Sun May 5 20:24:03 2019 +0900
>
> src/lread.c (read_integer): Prevent from accessing a null buffer
Thanks, I installed a slightly different fix (there's no need to call
xfree, since record_unwind_protect_ptr already takes care of that).
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-05-05 14:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-05 11:37 bug#35576: 27.0.50; Emacs crash when reads an integer with radix > 36 Tino Calancha
2019-05-05 14:07 ` Eli Zaretskii
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.