From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM Date: Tue, 23 Jul 2024 07:51:29 -0700 Message-ID: References: <87frs0ydv6.fsf@yahoo.com> <87bk2oyavb.fsf@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="13920"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 72245@debbugs.gnu.org To: Po Lu Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Jul 23 16:53:14 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sWGt8-0003Wl-OM for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 23 Jul 2024 16:53:14 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWGt1-0000cm-Ul; Tue, 23 Jul 2024 10:53:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWGsr-0000Vn-PF for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2024 10:52:59 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWGsr-0005gA-CM for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2024 10:52:57 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sWGsv-0006du-Rj for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2024 10:53:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 23 Jul 2024 14:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72245 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 72245-submit@debbugs.gnu.org id=B72245.172174636325513 (code B ref 72245); Tue, 23 Jul 2024 14:53:01 +0000 Original-Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 14:52:43 +0000 Original-Received: from localhost ([127.0.0.1]:60513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWGsc-0006dP-U7 for submit@debbugs.gnu.org; Tue, 23 Jul 2024 10:52:43 -0400 Original-Received: from mail-lj1-f180.google.com ([209.85.208.180]:44162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWGsb-0006dD-2i for 72245@debbugs.gnu.org; Tue, 23 Jul 2024 10:52:42 -0400 Original-Received: by mail-lj1-f180.google.com with SMTP id 38308e7fff4ca-2eeb1051360so56666141fa.0 for <72245@debbugs.gnu.org>; Tue, 23 Jul 2024 07:52:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721746290; x=1722351090; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=DWf/RGNi0NHwls8/q3pdpb9LVrF34sCNXTNhCfMgknw=; b=TTTLS2Cmn1K/0+AQZO87QoH0yCArx1YIGH/N9Ea1uGHk3EHk82x4wMDVDjS+gfd/Cr J03IAGlfADRPua+cgoo6QtHHZqLw8IZfy6Tvnh52gfPU9xY4yp0PMG0/79yqXnyphF86 +DPN1Sel6eCLoNMr3gHDnCJHuF6pDMY7STDfKFotyyFs44u7mEqk/Cwg+XWLtnuItT0Y jeoPaHezfK0iwjkKwkqZhXm/PGeaVIMELxXk1BfDssOiW+eFjPkIdiynZgQo1J1i9Bt2 w9AgqNXAgsL7Dfs3Muy0Jihksp+8AEA93bWuMXRqyYFr1fH0haxhG45jeLfNG+sBT6ym 2KfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721746290; x=1722351090; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DWf/RGNi0NHwls8/q3pdpb9LVrF34sCNXTNhCfMgknw=; b=LHOikxVZBcFs9T49YNHJSItSzLktErLtsRr80o2RKkcbeSI5ILICkdsR4MfSYKCcGA 7BlUUM25sKK+BWyqogq7kgXXeTAEisfPQyOOuKwr5XaWdDFaK4aTp4BYKKZZ84AEQym0 pgfUk/t8h4c6kfLpM7qp5aPcVvFHdJewOavk6o1+DR0tWgfphKLDN1b/KoGx8b47Y6Mz 6phwJE8+3uL6cESQLTVf1jdMdb3lGMGNXOE0WjUh5TdJyUphiiT+wxg/T9qOmNLC1MHM MjughhkKC1N/wpwHlTj0rHV20GJLoi2Dsfg1eJFDBfOnqjUgm5k6cMhrzvcGFMv/U2GU l66A== X-Gm-Message-State: AOJu0YxpqxJMg1hsfZouW+bUTf8hCXKJPNCcWquBCzmrgeSe4idThTJ4 kx8dn6cYkvErQKy1G0W+VckkA/iPBQf4DhyFkfChNJyX7fVKZCqFWYlB7lccwkZJ1V2UDBlQ4sX xh5Xy3VBRUHM9ZbYL7tnWeLa0/+o= X-Google-Smtp-Source: AGHT+IFVbM2LKGKqhvuq9EzTDfcgEbI4fR/y55oimCJP0Kr372+8FgjQl/LyU0nnw+lrAztU29c44OYrXfgfMd0Cka4= X-Received: by 2002:a2e:9297:0:b0:2f0:1e0a:4696 with SMTP id 38308e7fff4ca-2f01e0a4f0bmr24115111fa.7.1721746290188; Tue, 23 Jul 2024 07:51:30 -0700 (PDT) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 23 Jul 2024 07:51:29 -0700 In-Reply-To: <87bk2oyavb.fsf@yahoo.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:289173 Archived-At: Po Lu writes: > I'm saying that there is nothing to be done. This change is needless, > and the report should be closed, whatever opinions the security theater > might hold on the matter. I wasn't the one that started a subthread about security. You did. The primary consideration here is correctness. Undefined behaviour is generally undesirable, and is a source of both bugs and security issues in the wild. This is not "security theater", but a fact. No amount of handwaving or throwing expletives around will make it go away. That said, since you are asking, we are indeed discussing security sensitive code, that is executed without prompting, for example, when users receive emails or browse the web. We are also discussing image processing, an area that is notorious for the bugs and security issues that tend to lurk in its many complexities. On the CWE-190 page that I linked, there are several examples of integer overflow in image processing that has lead to very real exploits. This is not some academic issue. Whether or not anyone has demonstrated that Emacs can be exploited using this vector frankly misses the point. Let's start with making Emacs behave correctly and predictably in the face of invalid input. This really is the bare minimum. Then we can discuss whether or not we have more work to do, security implications, and all the rest of it. XPM being a relatively simple format, I'm sure that this code can be fully audited. I invite you to do so, and I'm hoping that this will reveal that your faith in this code is well-founded. Meanwhile, I reported an unrelated crash in XPM image processing in Bug#72255. Since we don't have an alternative patch, I will install the one I proposed in the next couple of days. Thanks.