From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.bugs Subject: bug#11442: dbus uses Emacs integer as pointer, possible core dump Date: Wed, 09 May 2012 17:35:49 +0200 Message-ID: <87y5p1l63u.fsf@gmx.de> References: <4FAA8B59.8050207@cs.ucla.edu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1336577833 31445 80.91.229.3 (9 May 2012 15:37:13 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 9 May 2012 15:37:13 +0000 (UTC) Cc: 11442@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed May 09 17:37:12 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SS8wr-0004Mj-Qh for geb-bug-gnu-emacs@m.gmane.org; Wed, 09 May 2012 17:37:05 +0200 Original-Received: from localhost ([::1]:47827 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8wq-0005mi-Vz for geb-bug-gnu-emacs@m.gmane.org; Wed, 09 May 2012 11:37:04 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:35554) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8wl-0005mC-JA for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:37:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SS8wc-0006lV-Hk for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:36:59 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:42359) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SS8wc-0006lP-Dx for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:36:50 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1SS8yk-0000LB-DU for bug-gnu-emacs@gnu.org; Wed, 09 May 2012 11:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Michael Albinus Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 09 May 2012 15:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 11442 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 11442-submit@debbugs.gnu.org id=B11442.13365778941237 (code B ref 11442); Wed, 09 May 2012 15:39:02 +0000 Original-Received: (at 11442) by debbugs.gnu.org; 9 May 2012 15:38:14 +0000 Original-Received: from localhost ([127.0.0.1]:43392 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SS8xx-0000Jt-U8 for submit@debbugs.gnu.org; Wed, 09 May 2012 11:38:14 -0400 Original-Received: from mailout-de.gmx.net ([213.165.64.22]:54678) by debbugs.gnu.org with smtp (Exim 4.72) (envelope-from ) id 1SS8xw-0000Jf-FK for 11442@debbugs.gnu.org; Wed, 09 May 2012 11:38:13 -0400 Original-Received: (qmail invoked by alias); 09 May 2012 15:35:52 -0000 Original-Received: from p57BB9429.dip0.t-ipconnect.de (EHLO detlef.gmx.de) [87.187.148.41] by mail.gmx.net (mp004) with SMTP; 09 May 2012 17:35:52 +0200 X-Authenticated: #3708877 X-Provags-ID: V01U2FsdGVkX1/5uk1jl8b5+vEppD1AyIXJn36pEP5jxHn8Sl36w0 my74aHrtSO3ZIk In-Reply-To: <4FAA8B59.8050207@cs.ucla.edu> (Paul Eggert's message of "Wed, 09 May 2012 08:20:57 -0700") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1.50 (gnu/linux) X-Y-GMX-Trusted: 0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:59890 Archived-At: Paul Eggert writes: Hi Paul, > The trunk version of Emacs src/dbusbind.c contains a function > xd_get_connection_address that does this: > > connection = (DBusConnection *) (intptr_t) XFASTINT (val); > > This converts an Emacs integer to a pointer without checking > that it is actually of the proper C type. It is possible > for Lisp code to mistakenly put an integer there that will > cause Emacs to dump core. In general, I agree with you. In the given case, it is just a pointer address which has been written in Fdbus_init_bus. No other place is expected to write such an address, but since it is a Lisp object, somebody could do by mistake. > Shouldn't this be made safe, so that Lisp code can't do that? For > example, a DbusConnection * could be made a proper Lisp pseudovector > or misc type or something like that. The idea is to avoid a bad > pointer leaking into the C code. DbusConnection * is included by ; we cannot make it a private type. But if there is something we could add as "glue type", please do. I'm not so familar with Emacs' internal type armors. Best regards, Michael.