From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Kenichi Handa <handa@m17n.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#2370: 23.0.90; decode-coding-region make emacs crash
Date: Thu, 19 Feb 2009 12:56:42 +0900
Message-ID: <E1La01i-0005wg-DP@etlken>
References: <87zlgjwa8b.fsf@cyd.mit.edu> <E1LZyw7-0005jG-4O@etlken>
	<87d4dfqg5h.fsf@cyd.mit.edu>
Reply-To: Kenichi Handa <handa@m17n.org>, 2370@emacsbugs.donarmstrong.com
NNTP-Posting-Host: lo.gmane.org
X-Trace: ger.gmane.org 1235016290 8645 80.91.229.12 (19 Feb 2009 04:04:50 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 19 Feb 2009 04:04:50 +0000 (UTC)
Cc: h-fujishima@sakura.ad.jp, 2370@emacsbugs.donarmstrong.com
To: Chong Yidong <cyd@stupidchicken.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Feb 19 05:06:04 2009
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1La0Ac-0007Qs-3S
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 19 Feb 2009 05:05:54 +0100
Original-Received: from localhost ([127.0.0.1]:59815 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1La09H-0007tW-OB
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 18 Feb 2009 23:04:31 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1La08V-0007Tk-S2
	for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 23:03:44 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1La08T-0007S9-C5
	for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 23:03:42 -0500
Original-Received: from [199.232.76.173] (port=51087 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1La08T-0007Re-45
	for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 23:03:41 -0500
Original-Received: from rzlab.ucr.edu ([138.23.92.77]:46870)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <debbugs@rzlab.ucr.edu>) id 1La08R-00009x-Jv
	for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 23:03:40 -0500
Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1])
	by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id n1J43ZCe012781; 
	Wed, 18 Feb 2009 20:03:36 -0800
Original-Received: (from debbugs@localhost)
	by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id n1J404OI011591;
	Wed, 18 Feb 2009 20:00:04 -0800
X-Loop: owner@emacsbugs.donarmstrong.com
Resent-From: Kenichi Handa <handa@m17n.org>
Resent-To: bug-submit-list@donarmstrong.com
Resent-CC: Emacs Bugs <bug-gnu-emacs@gnu.org>
Resent-Date: Thu, 19 Feb 2009 04:00:04 +0000
Resent-Message-ID: <handler.2370.B2370.123501579011259@emacsbugs.donarmstrong.com>
Resent-Sender: owner@emacsbugs.donarmstrong.com
X-Emacs-PR-Message: followup 2370
X-Emacs-PR-Package: emacs
X-Emacs-PR-Keywords: 
Original-Received: via spool by 2370-submit@emacsbugs.donarmstrong.com
	id=B2370.123501579011259
	(code B ref 2370); Thu, 19 Feb 2009 04:00:04 +0000
Original-Received: (at 2370) by emacsbugs.donarmstrong.com; 19 Feb 2009 03:56:30 +0000
X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available.
	hammytokens:Tokens not available.
Original-Received: from mx1.aist.go.jp (mx1.aist.go.jp [150.29.246.133])
	by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id n1J3uP7v011248
	for <2370@emacsbugs.donarmstrong.com>; Wed, 18 Feb 2009 19:56:27 -0800
Original-Received: from rqsmtp2.aist.go.jp (rqsmtp2.aist.go.jp [150.29.254.123])
	by mx1.aist.go.jp  with ESMTP id n1J3uODh020671;
	Thu, 19 Feb 2009 12:56:24 +0900 (JST) env-from (handa@m17n.org)
Original-Received: from smtp2.aist.go.jp
	by rqsmtp2.aist.go.jp  with ESMTP id n1J3uOSE019758;
	Thu, 19 Feb 2009 12:56:24 +0900 (JST) env-from (handa@m17n.org)
Original-Received: by smtp2.aist.go.jp  with ESMTP id n1J3uOn4027750;
	Thu, 19 Feb 2009 12:56:24 +0900 (JST) env-from (handa@m17n.org)
Original-Received: from handa by etlken with local (Exim 4.69)
	(envelope-from <handa@m17n.org>)
	id 1La01i-0005wg-DP; Thu, 19 Feb 2009 12:56:42 +0900
In-reply-to: <87d4dfqg5h.fsf@cyd.mit.edu> (message from Chong Yidong on Wed,
	18 Feb 2009 22:06:34 -0500)
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3)
Resent-Date: Wed, 18 Feb 2009 23:03:42 -0500
X-BeenThere: bug-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:25447
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/25447>

In article <87d4dfqg5h.fsf@cyd.mit.edu>, Chong Yidong <cyd@stupidchicken.com> writes:

> Kenichi Handa <handa@m17n.org> writes:
> > I found two bugs related to this problem, and just installed
> > a fix for one of them.  Now the above specific problem
> > should be fixed.  I'll keep on workning to fix the other bug
> > to make the decoding more robust.

> Thanks.  I think decode_coding should also verify the size of the
> unprocessed bytes before writing them to coding->carrover.  This way,
> future bugs of this sort will not cause memory corruption (which might
> be a security concern).  What's your opinion?

Yes.  I'm going to add such a check.

But it doesn't solve the underlying problem of handling too
long (and wrong) composition sequence in iso-2022 decoding.
Solving it requires a little bit more time.

---
Kenichi Handa
handa@m17n.org