From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Kevin Ryde <user42@zip.com.au>
Newsgroups: gmane.emacs.bugs
Subject: bug#5601: 23.1; etags Scheme_functions past \0 terminator
Date: Fri, 19 Feb 2010 11:13:44 +1100
Message-ID: <87eikiaxqf.fsf@blah.blah>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Trace: ger.gmane.org 1266539015 7032 80.91.229.12 (19 Feb 2010 00:23:35 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 19 Feb 2010 00:23:35 +0000 (UTC)
To: 5601@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Feb 19 01:23:30 2010
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1NiGeU-0001Wd-J8
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 19 Feb 2010 01:23:26 +0100
Original-Received: from localhost ([127.0.0.1]:57929 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1NiGeU-0004Kz-29
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 18 Feb 2010 19:23:26 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NiGeD-0004Df-W4
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:23:10 -0500
Original-Received: from [140.186.70.92] (port=38742 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NiGe8-0004AB-KO
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:23:09 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1NiGe1-0003lJ-Iy
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:23:03 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:59853)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1NiGe1-0003lF-HD
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:22:57 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1NiGWM-0000z6-LW; Thu, 18 Feb 2010 19:15:02 -0500
X-Loop: bug-gnu-emacs@gnu.org
Resent-From: Kevin Ryde <user42@zip.com.au>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-To: owner@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 19 Feb 2010 00:15:02 +0000
Resent-Message-ID: <handler.5601.B.12665384513746@debbugs.gnu.org>
Resent-Sender: bug-gnu-emacs@gnu.org
X-Emacs-PR-Message: report 5601
X-Emacs-PR-Package: emacs
X-Emacs-PR-Keywords: 
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.12665384513746
	(code B ref -1); Fri, 19 Feb 2010 00:15:02 +0000
Original-Received: (at submit) by debbugs.gnu.org; 19 Feb 2010 00:14:11 +0000
Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1NiGVX-0000yN-Jv
	for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:11 -0500
Original-Received: from fencepost.gnu.org ([140.186.70.10])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <gg@zip.com.au>) id 1NiGVV-0000yF-H5
	for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:09 -0500
Original-Received: from mail.gnu.org ([199.232.76.166]:36586 helo=mx10.gnu.org)
	by fencepost.gnu.org with esmtp (Exim 4.69)
	(envelope-from <gg@zip.com.au>) id 1NiGVR-0000s9-Pq
	for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:05 -0500
Original-Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <gg@zip.com.au>) id 1NiGVP-0005Jb-Vb
	for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:05 -0500
Original-Received: from lists.gnu.org ([199.232.76.165]:36511)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <gg@zip.com.au>) id 1NiGVP-0005JX-Pc
	for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:03 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NiGVP-00018z-Bk
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:14:03 -0500
Original-Received: from [140.186.70.92] (port=52187 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NiGVK-000169-E4
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:14:02 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <gg@zip.com.au>) id 1NiGVF-0002xO-FG
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:13:58 -0500
Original-Received: from mailout1-14.pacific.net.au ([125.255.80.133]:40249
	helo=mailout1.pacific.net.au) by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <gg@zip.com.au>) id 1NiGVE-0002xH-S5
	for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:13:53 -0500
Original-Received: from mailproxy2.pacific.net.au (mailproxy2.pacific.net.au
	[61.8.2.163])
	by mailout1.pacific.net.au (Postfix) with ESMTP id 83FC152DF76
	for <bug-gnu-emacs@gnu.org>; Fri, 19 Feb 2010 11:13:51 +1100 (EST)
Original-Received: from blah.blah (ppp24EF.dyn.pacific.net.au [61.8.36.239])
	by mailproxy2.pacific.net.au (Postfix) with ESMTP id B38692740B
	for <bug-gnu-emacs@gnu.org>; Fri, 19 Feb 2010 11:13:50 +1100 (EST)
Original-Received: from gg by blah.blah with local (Exim 4.71)
	(envelope-from <gg@zip.com.au>) id 1NiGV7-0001p6-31
	for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 11:13:45 +1100
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older,
	4)
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6,
	seldom 2.4 (older, 4)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
Resent-Date: Thu, 18 Feb 2010 19:15:02 -0500
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:35182
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/35182>

--=-=-=

In etags.c Scheme_functions, I think the loop

    while (notinname (*bp))
      bp++;

will take bp past the '\0' string terminator, because '\0' is a
notinname().

I can't spot any obvious ill effect, only that a line of only

    (define

is tagged, perhaps depending on what was on the line before it.  In any
case doesn't sound good to look into possibly uninitialized parts of the
input buffer.  (Another helper skip_notinname() to try to be clearer
than a double-negative loop :-)

2010-02-19  Kevin Ryde  <user42@zip.com.au>

	* etags.c (Scheme_functions): Don't go past '\0' terminator.
	(skip_notinname): New helper.


--=-=-=
Content-Type: text/x-diff
Content-Disposition: attachment; filename=etags.c.scheme-terminator.diff

--- etags.c.~3.93.~	2009-11-29 08:42:32.000000000 +1100
+++ etags.c	2010-02-19 11:04:42.000000000 +1100
@@ -4989,6 +4989,16 @@
  *          (set! xyzzy
  * Original code by Ken Haase (1985?)
  */
+
+static char *
+skip_notinname (char *cp)
+{
+  /* '\0' is a notinname(), don't continue past it */
+  while (*cp && notinname (*cp))
+    cp++;
+  return cp;
+}
+
 static void
 Scheme_functions (inf)
      FILE *inf;
@@ -5001,8 +5011,7 @@
 	{
 	  bp = skip_non_spaces (bp+4);
 	  /* Skip over open parens and white space */
-	  while (notinname (*bp))
-	    bp++;
+	  bp = skip_notinname (bp);
 	  get_tag (bp, NULL);
 	}
       if (LOOKING_AT (bp, "(SET!") || LOOKING_AT (bp, "(set!"))

--=-=-=




In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.16.5)
 of 2009-09-14 on raven, modified by Debian
configured using `configure  '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS=''

--=-=-=--