From: Noam Postavsky <npostavs@gmail.com>
To: Tao Fang <fangtao0901@gmail.com>
Cc: 22311@debbugs.gnu.org
Subject: bug#22311: 25.1.50; package.el misused (read-from-string) will potentially cause "elpa/archives/xxx/archive-contents" file malformed
Date: Sat, 16 Jun 2018 19:07:39 -0400 [thread overview]
Message-ID: <87o9gatjno.fsf@gmail.com> (raw)
In-Reply-To: <87oad0ca7a.fsf@gmail.com> (Tao Fang's message of "Tue, 05 Jan 2016 23:33:45 +0800")
[-- Attachment #1: Type: text/plain, Size: 662 bytes --]
tags 22311 + patch
quit
Tao Fang <fangtao0901@gmail.com> writes:
> There is a misused function read-from-string in package.el L1485:
>
> 1472 (defun package--download-one-archive (archive file &optional async)
> 1485 (when (listp (read-from-string content))
> (listp (read-from-string content)) will always return t, if archive-contents file download
> finished with malformed content (e.g. error message return from proxy
> server), it will be parsed and saved by mistake.
>
> Simply replace (read-from-string) with (read) would resolve this, I think.
Right, seems it's a regression in 25.1. So I think the patch below
should go to emacs-26.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: patch --]
[-- Type: text/x-diff, Size: 1363 bytes --]
From 1ef28a6ba81120c13135e28b32c8ae6e20c4a219 Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Sat, 16 Jun 2018 18:59:43 -0400
Subject: [PATCH] Detect a non-list package archive content properly
(Bug#22311)
* lisp/emacs-lisp/package.el (package--download-one-archive): Use
`read' instead of `read-from-string'; the latter always returns a
cons, so the `listp' check on its return value doesn't make sense. It
was changed from `read' to `read-from-string' in 2015-04-01 "*
emacs-lisp/package.el: Implement asynchronous refreshing", but that
change was not needed because `read' works fine on strings as well as
buffers.
---
lisp/emacs-lisp/package.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index c56502236e..576a9bc7e7 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -1532,7 +1532,7 @@ package--download-one-archive
(content (buffer-string))
(dir (expand-file-name (format "archives/%s" name) package-user-dir))
(local-file (expand-file-name file dir)))
- (when (listp (read-from-string content))
+ (when (listp (read content))
(make-directory dir t)
(if (or (not package-check-signature)
(member name package-unsigned-archives))
--
2.11.0
next prev parent reply other threads:[~2018-06-16 23:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-05 15:33 bug#22311: 25.1.50; package.el misused (read-from-string) will potentially cause "elpa/archives/xxx/archive-contents" file malformed Tao Fang
2018-06-16 23:07 ` Noam Postavsky [this message]
2018-06-26 23:57 ` Noam Postavsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o9gatjno.fsf@gmail.com \
--to=npostavs@gmail.com \
--cc=22311@debbugs.gnu.org \
--cc=fangtao0901@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.