From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs Date: Fri, 07 Oct 2022 20:12:58 +0800 Message-ID: <87mta7q1bp.fsf@yahoo.com> References: <83fsg1osb1.fsf@gnu.org> <837d1cpzxk.fsf@gnu.org> <83czb3on9w.fsf@gnu.org> <83a667on2a.fsf@gnu.org> <5481395d-f7d1-8b9f-59d5-f681c113f6dd@gmail.com> Reply-To: Po Lu Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25246"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux) Cc: 58334@debbugs.gnu.org, Eli Zaretskii To: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Oct 07 16:19:47 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ogoCY-0006Rn-IM for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 07 Oct 2022 16:19:46 +0200 Original-Received: from localhost ([::1]:47044 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ogoCX-0005vT-Gz for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 07 Oct 2022 10:19:45 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:56390) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ogmEt-0004UF-Vm for bug-gnu-emacs@gnu.org; Fri, 07 Oct 2022 08:14:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:35559) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ogmEs-0000GX-LW for bug-gnu-emacs@gnu.org; Fri, 07 Oct 2022 08:14:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ogmEs-0004Gb-83 for bug-gnu-emacs@gnu.org; Fri, 07 Oct 2022 08:14:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Po Lu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 07 Oct 2022 12:14:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58334 X-GNU-PR-Package: emacs Original-Received: via spool by 58334-submit@debbugs.gnu.org id=B58334.166514480016346 (code B ref 58334); Fri, 07 Oct 2022 12:14:02 +0000 Original-Received: (at 58334) by debbugs.gnu.org; 7 Oct 2022 12:13:20 +0000 Original-Received: from localhost ([127.0.0.1]:34637 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ogmEC-0004FZ-DA for submit@debbugs.gnu.org; Fri, 07 Oct 2022 08:13:20 -0400 Original-Received: from sonic302-21.consmr.mail.ne1.yahoo.com ([66.163.186.147]:34290) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ogmEA-0004FL-2I for 58334@debbugs.gnu.org; Fri, 07 Oct 2022 08:13:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1665144791; bh=C7zf263+gXI/b6ydlaYA+ht3UPy+1EvBsI81yqP9+kE=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From:Subject:Reply-To; b=bBqTJTR78YCY05qm/1Q23Go7pZGVcBmkX8jHT2C+c8oJWWGf9rhAInkjmx+CBDyuezS5QnoktEezylpxeWLSo9bgOkIaa23l5bdcURpMpiILFbpAQYBAtNngbW+b5KjCXKijPLBe61yjslmdZUSFQL//8JN2Sr7oHAS9Q5WUAHagzoFpWngqgV88FAHAKKx4YEp1FE5caWFlghfYIubjgpe8GtBDekO1QtrPtVEoVV5wSu9HaQkaM1JRNCdq3aXBKS/Q2AodKu2jt4JJ6094o1C0pdOlmpb+2eAmqMpD7k0Vj8+rpseJavts3M9yxJFKK4dled6Q/lwU4dGGOqar/Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1665144791; bh=xpAtnjIPWp37mlB8IQHGlG5taFmcACM03DhyJLMOxJf=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=NU6RPnkdqioeBKyhwuI6GRZNOZEnMMz6m2tmoihLy4YxQrsAiuijr0p6YdP9qdRNwN9WOxToIGT1JS7Q4ZXdRz62BCe4RGU84vdN2AcBg7TKI+Psz5Aiv0ob5+l9N7UzP+RC7Oolp0AOYfF422k7fxvwtQtP+weMwQoL6NlCAUHS78oHdxj+GRbzzwk7DAvXA4I9yEJ0Sz62K00XstpD9x4kAq0ermZ2YX+xhDSaXVDPvQbMC0wAjI5XcQoZPtHAZ3gqzNxXUKGX2VT5K1abYZ1GqI7fpKP6bn906Kc/1JQhbk6yHWwj+tCYm1JIR2JMiFNA4txPM5E9xqNSGUcKQA== X-YMail-OSG: dw8GWAQVM1mqnNNzCXVhUAy0MqllAG_MgXSOstdiXtz9ZsEgB77tCT0.Zxier1o MxLBXUXwHdIGdlhDBKpt6tMosLaq2zhX5PGFxIvL9RPMeZk2JSHxl9eBX_ENLHIsGCkVb7z3cvoj u4AQBHDFvQLhmqJl8or2VL1JuWHouAxZ7Yi_WM_aGmr3YK3p5s8hl9FMGo8s7tvHv9IwpIpX88Ik uxh01IJIYOyyKbzrpDW2yjtU2gMUFbvOJF0wAiSW6uMP0zwy7TJysO1DLe1skJSbzPN_72ZNHQQd HAPDlyNBSCGIc9G3GqeXQb51xvNpHIJAcgqAqLsd9RAQwXu3hJ5U5o9yJiumrA5AHbKbTrXm0VIk Yi9o64DgVA4fwFjZcAAawZaPyin8K7aTtS4fMWpWzapJ96yYBtSq_ky6ZI7__DQ1nOe7vIsEM264 c3XVrqcR70zKHgBOsAXRT7XzPVhOzPPDSPoyF0fk7ZyisWX_h0Pui_gaxjmu5j9wX3n7ohYhKlQk vF9lbZA7NfRCrcdwa0uiKBRsYNRt9kO_S8.3qXpr5SPZ6Tzt8bJSjE_A5epOXqBYIse9KeKmNS.d FJs6McLBn3ASsS6TDvxVdptQCNPWoMCGKrIgnY_r2qw6c7pvG5psG_UOprDcmEXoHiC8wgM8DZ9M zQwekNAz2I3bsi.j5m.yfEdW.Epf6945B.nSFwJWdg.3DdJA.LG7r.KA3d_7.hl5abanL23rEN00 _rpQDw0iZrcTlesp0c5xBsOS4W7Bb8emj8kBtlV3EkXUcJtU5fhudNbWIq5IICfZt0BA6sBZdMP7 Aj2fZ4rxfEAJmnmxMv1kuBGQFyvFWMpMpYmtZWIdH8 X-Sonic-MF: Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 7 Oct 2022 12:13:11 +0000 Original-Received: by hermes--production-sg3-cf9dc7f8d-tskmz (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 11f6cc482bbc75c640f4994d6732d154; Fri, 07 Oct 2022 12:13:04 +0000 (UTC) In-Reply-To: <5481395d-f7d1-8b9f-59d5-f681c113f6dd@gmail.com> ("Gerd =?UTF-8?Q?M=C3=B6llmann?="'s message of "Fri, 7 Oct 2022 14:08:02 +0200") X-Mailer: WebService/1.1.20702 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244780 Archived-At: Gerd M=C3=B6llmann writes: > int count =3D inhibit_garbahe_collection (); > redisplay (); > unbind_to... Why would you only inhibit garbage collection there? What if some finalizer function calls preedit text inside process_pending_signals? Also, what about where we decode X preconversion text? In the recent past, Emacs also used to run Lisp as part of the character conversion of keyboard input, straight from handle_one_xevent: if (nchars < nbytes) { /* Decode the input data. */ /* The input should be decoded with `coding_system' which depends on which X*LookupString function we used just above and the locale. */ setup_coding_system (coding_system, &coding); coding.src_multibyte =3D false; coding.dst_multibyte =3D true; /* The input is converted to events, thus we can't handle composition. Anyway, there's no XIM that gives us composition information. */ coding.common_flags &=3D ~CODING_ANNOTATION_MASK; SAFE_NALLOCA (coding.destination, MAX_MULTIBYTE_LENGTH, nbytes); coding.dst_bytes =3D MAX_MULTIBYTE_LENGTH * nbytes; coding.mode |=3D CODING_MODE_LAST_BLOCK; decode_coding_c_string (&coding, copy_bufptr, nbytes, Qnil); nbytes =3D coding.produced; nchars =3D coding.produced_char; copy_bufptr =3D coding.destination; } How come that never caused problems? Thanks.