From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM Date: Mon, 22 Jul 2024 08:48:25 -0700 Message-ID: References: <86ttgha2sd.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="000000000000dc8d66061dd7f938" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="18278"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 72245@debbugs.gnu.org To: Paul Eggert , Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Jul 22 17:50:21 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sVvIr-0004VU-MK for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 22 Jul 2024 17:50:21 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sVvIY-0000eI-FZ; Mon, 22 Jul 2024 11:50:02 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sVvIW-0000dD-Qd for bug-gnu-emacs@gnu.org; Mon, 22 Jul 2024 11:50:00 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sVvIW-00045r-FZ for bug-gnu-emacs@gnu.org; Mon, 22 Jul 2024 11:50:00 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sVvIY-0006A0-Cj for bug-gnu-emacs@gnu.org; Mon, 22 Jul 2024 11:50:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 22 Jul 2024 15:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72245 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 72245-submit@debbugs.gnu.org id=B72245.172166338123646 (code B ref 72245); Mon, 22 Jul 2024 15:50:02 +0000 Original-Received: (at 72245) by debbugs.gnu.org; 22 Jul 2024 15:49:41 +0000 Original-Received: from localhost ([127.0.0.1]:58470 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sVvID-00069J-9C for submit@debbugs.gnu.org; Mon, 22 Jul 2024 11:49:41 -0400 Original-Received: from mail-ed1-f51.google.com ([209.85.208.51]:46564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sVvI8-000694-Iy for 72245@debbugs.gnu.org; Mon, 22 Jul 2024 11:49:39 -0400 Original-Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5a2ffc346ceso3207279a12.1 for <72245@debbugs.gnu.org>; Mon, 22 Jul 2024 08:49:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721663307; x=1722268107; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=69jAXZIOIYbJuqilWgZLvhV61FXsEfKBEVfCl/OPg7o=; b=P648QwLTF7sDLZEAE7vcKGVSId8GxNx+gskXuu2dPPuuMxLI4R3yOQHujYfT0jVgxe 1x9N88j55sh9GGvpy5Shv+7UUSp/f9OxYrSwgXcLIMJ7SWHaKDLg1pAGAkfR7RvVEeoP z9Lmtl6TRRGYc296dMGgy+aFvpRGHAjDB/St5R2q5B4Me3z/Wr8i2NbtPs16T1am8Sw1 tdWQrnmicxD/ot7B+//R1LO63ujrJYMVOqhXlrJOnuTweuy483MC9aaMRSScEtbrU2/F EJlb1yvAqpBPjsGilMMhCuUBu9eYfeF0m5Q3irGZ1Yij/6hWHLgzRAT895Eb0qTSIpL6 1R6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721663307; x=1722268107; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=69jAXZIOIYbJuqilWgZLvhV61FXsEfKBEVfCl/OPg7o=; b=H5KYTYcCJXijAqcQsJ+8wMD8wOxzp5FAQe/4lvkhZ4n6s8svydgc2xK0u0ckX8tIFn R7zJEjf4weB7iGPoth4bL9z9cYlOdghAjK+2TMpAaGClrFVUYCI6xfWr1lFFekSJdunk ouLo08PEBrOgRrVVQevBnnYG5ybWXfNWcqjexePjd5g4Olzz19D01lPuKxD3IBuqN7vC Jy60gBG0ZwaajERx9ky+pNC6OwyCsRyIjGQ1wNg6M66nQKsxD4GUGehDJK9cRLz1XdUs NrnnKAAIvVFFUxPz3bQDnMg1s9/Xze+KCWH9ycDzXfNzdT9ZmbSb7I7JLkeYMPd7Eh3W p4SQ== X-Gm-Message-State: AOJu0Yz4cS0dyxpzWufcZv/dT4ItcDLz6N8yJUkNbsGX11A7dn7hom1B YHvL5lwk5mcNN8z0A5VB4DODniPrBfDuD1dKb0KCiFg61hV0HRenODyj0IYEXjGj1sgI9roa0Mi aTC/dzwd2T17g+osRGdRa0W2Zfss= X-Google-Smtp-Source: AGHT+IGo1cSUDyr05NfxhyXxW/rhrQE4911u8R/bTZzecnBC4g4OvqEEAaITcRMTYwjHTPl4RWmMw6dyIZ02kDmPEh8= X-Received: by 2002:a05:6402:35c8:b0:5a0:f666:88c5 with SMTP id 4fb4d7f45d1cf-5a941f17cbamr229613a12.13.1721663307407; Mon, 22 Jul 2024 08:48:27 -0700 (PDT) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Mon, 22 Jul 2024 08:48:25 -0700 In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:289121 Archived-At: --000000000000dc8d66061dd7f938 Content-Type: text/plain; charset="UTF-8" Paul Eggert writes: > On 2024-07-22 08:01, Eli Zaretskii wrote: >> + if (p == *buf || errno == ERANGE || errno == EINVAL > > This should be: > > if (errno || p == *buf > > as other errors are possible at least in theory, and p might be > uninitialized on error. > >>> + return (int)result; > > As a style matter this cast does more harm than good, as it will > suppress a static check if 'result' happens to be a pointer type, and it > could suppress a dynamic check on some debugging-oriented systems. I > would say just 'return result;'. Thanks for reviewing. I've attached an updated patch with your proposed changes. --000000000000dc8d66061dd7f938 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-Fix-integer-overflow-when-reading-XPM.patch" Content-Disposition: attachment; filename="0001-Fix-integer-overflow-when-reading-XPM.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: 80183bf9a447c0c_0.1 RnJvbSA2NDQ0ZTRiYmQwYzVhM2FmMWU3OTE0YjZkYWZhYTViOWViMGNmYWQ2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW4gS2FuZ2FzIDxzdGVmYW5rYW5nYXNAZ21haWwuY29t PgpEYXRlOiBNb24sIDIyIEp1bCAyMDI0IDE2OjAwOjMwICswMjAwClN1YmplY3Q6IFtQQVRDSF0g Rml4IGludGVnZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIFhQTQoKKiBzcmMvaW1hZ2UuYyAoeHBt X3N0cl90b19pbnQpOiBOZXcgZnVuY3Rpb24uCih4cG1fbG9hZF9pbWFnZSk6IEF2b2lkIGludGVn ZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIFhQTSBieSByZXBsYWNpbmcKc3NjYW5mIHdpdGggc3Ry dG9sLCB0byBjb3JyZWN0bHkgaGFuZGxlIGludGVnZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIGEK bWFsZm9ybWVkIFhQTSBmaWxlLgotLS0KIHNyYy9pbWFnZS5jIHwgMzMgKysrKysrKysrKysrKysr KysrKysrKysrKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgMjkgaW5zZXJ0aW9ucygrKSwgNCBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9zcmMvaW1hZ2UuYyBiL3NyYy9pbWFnZS5jCmluZGV4 IDkwZTYzMTJlMTI4Li40NjRlNDU2N2RlMiAxMDA2NDQKLS0tIGEvc3JjL2ltYWdlLmMKKysrIGIv c3JjL2ltYWdlLmMKQEAgLTE5LDYgKzE5LDcgQEAgQ29weXJpZ2h0IChDKSAxOTg5LTIwMjQgRnJl ZSBTb2Z0d2FyZSBGb3VuZGF0aW9uLCBJbmMuCiAKICNpbmNsdWRlIDxjb25maWcuaD4KIAorI2lu Y2x1ZGUgPGVycm5vLmg+CiAjaW5jbHVkZSA8ZmNudGwuaD4KICNpbmNsdWRlIDxtYXRoLmg+CiAj aW5jbHVkZSA8dW5pc3RkLmg+CkBAIC02MjU0LDYgKzYyNTUsMjYgQEAgeHBtX3N0cl90b19jb2xv cl9rZXkgKGNvbnN0IGNoYXIgKnMpCiAgIHJldHVybiAtMTsKIH0KIAorc3RhdGljIGludAoreHBt X3N0cl90b19pbnQgKGNoYXIgKipidWYpCit7CisgIGNoYXIgKnA7CisKKyAgZXJybm8gPSAwOwor ICBsb25nIHJlc3VsdCA9IHN0cnRvbCAoKmJ1ZiwgJnAsIDEwKTsKKyAgaWYgKGVycm5vIHx8IHAg PT0gKmJ1ZiB8fCByZXN1bHQgPCBJTlRfTUlOIHx8IHJlc3VsdCA+IElOVF9NQVgpCisgICAgcmV0 dXJuIC0xOworCisgIC8qIEVycm9yIG91dCBpZiB3ZSBzZWUgc29tZXRoaW5nIGxpa2UgIjEyeDN4 eXoiLiAgKi8KKyAgaWYgKCFjX2lzc3BhY2UgKCpwKSAmJiAqcCAhPSAnXDAnKQorICAgIHJldHVy biAtMTsKKworICAvKiBVcGRhdGUgcG9zaXRpb24gdG8gcmVhZCBuZXh0IGludGVnZXIuICAqLwor ICAqYnVmID0gcDsKKworICByZXR1cm4gcmVzdWx0OworfQorCiBzdGF0aWMgYm9vbAogeHBtX2xv YWRfaW1hZ2UgKHN0cnVjdCBmcmFtZSAqZiwKICAgICAgICAgICAgICAgICBzdHJ1Y3QgaW1hZ2Ug KmltZywKQEAgLTYzMTEsMTAgKzYzMzIsMTQgQEAgI2RlZmluZSBleHBlY3RfaWRlbnQoSURFTlQp CQkJCQlcCiAgICAgZ290byBmYWlsdXJlOwogICBtZW1jcHkgKGJ1ZmZlciwgYmVnLCBsZW4pOwog ICBidWZmZXJbbGVuXSA9ICdcMCc7Ci0gIGlmIChzc2NhbmYgKGJ1ZmZlciwgIiVkICVkICVkICVk IiwgJndpZHRoLCAmaGVpZ2h0LAotCSAgICAgICZudW1fY29sb3JzLCAmY2hhcnNfcGVyX3BpeGVs KSAhPSA0Ci0gICAgICB8fCB3aWR0aCA8PSAwIHx8IGhlaWdodCA8PSAwCi0gICAgICB8fCBudW1f Y29sb3JzIDw9IDAgfHwgY2hhcnNfcGVyX3BpeGVsIDw9IDApCisgIGNoYXIgKm5leHRfaW50ID0g YnVmZmVyOworICBpZiAoKHdpZHRoID0geHBtX3N0cl90b19pbnQgKCZuZXh0X2ludCkpIDw9IDAp CisgICAgZ290byBmYWlsdXJlOworICBpZiAoKGhlaWdodCA9IHhwbV9zdHJfdG9faW50ICgmbmV4 dF9pbnQpKSA8PSAwKQorICAgIGdvdG8gZmFpbHVyZTsKKyAgaWYgKChudW1fY29sb3JzID0geHBt X3N0cl90b19pbnQgKCZuZXh0X2ludCkpIDw9IDApCisgICAgZ290byBmYWlsdXJlOworICBpZiAo KGNoYXJzX3Blcl9waXhlbCA9IHhwbV9zdHJfdG9faW50ICgmbmV4dF9pbnQpKSA8PSAwKQogICAg IGdvdG8gZmFpbHVyZTsKIAogICBpZiAoIWNoZWNrX2ltYWdlX3NpemUgKGYsIHdpZHRoLCBoZWln aHQpKQotLSAKMi40NS4yCgo= --000000000000dc8d66061dd7f938--