From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Andreas Schwab <schwab@suse.de>
Newsgroups: gmane.emacs.bugs
Subject: bug#31186: 27.0.50; Undefined behavior in lisp_file_lexically_bound_p
Date: Tue, 17 Apr 2018 11:48:04 +0200
Message-ID: <mvmlgdmgo4r.fsf@suse.de>
References: <m2muy2fzhw.fsf@gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1523958434 1659 195.159.176.226 (17 Apr 2018 09:47:14 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 17 Apr 2018 09:47:14 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Cc: 31186-done@debbugs.gnu.org
To: Philipp <p.stephani2@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Apr 17 11:47:09 2018
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1f8NCa-0000FA-HW
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 17 Apr 2018 11:47:04 +0200
Original-Received: from localhost ([::1]:55354 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1f8NEh-00040N-3x
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 17 Apr 2018 05:49:15 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45414)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1f8NEY-0003zb-4Y
	for bug-gnu-emacs@gnu.org; Tue, 17 Apr 2018 05:49:08 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1f8NEV-00029Q-3i
	for bug-gnu-emacs@gnu.org; Tue, 17 Apr 2018 05:49:06 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:48807)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1f8NEU-00025n-So
	for bug-gnu-emacs@gnu.org; Tue, 17 Apr 2018 05:49:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1f8NET-0007IS-PW
	for bug-gnu-emacs@gnu.org; Tue, 17 Apr 2018 05:49:01 -0400
Resent-From: Andreas Schwab <schwab@suse.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 17 Apr 2018 09:49:01 +0000
Resent-Message-ID: <handler.31186.D31186.152395849427984.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 31186
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: confirmed
Mail-Followup-To: 31186@debbugs.gnu.org, schwab@suse.de, p.stephani2@gmail.com
Original-Received: via spool by 31186-done@debbugs.gnu.org id=D31186.152395849427984
	(code D ref 31186); Tue, 17 Apr 2018 09:49:01 +0000
Original-Received: (at 31186-done) by debbugs.gnu.org; 17 Apr 2018 09:48:14 +0000
Original-Received: from localhost ([127.0.0.1]:56704 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1f8NDh-0007HI-Md
	for submit@debbugs.gnu.org; Tue, 17 Apr 2018 05:48:14 -0400
Original-Received: from mx2.suse.de ([195.135.220.15]:56384)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <schwab@suse.de>) id 1f8NDf-0007H0-Ok
	for 31186-done@debbugs.gnu.org; Tue, 17 Apr 2018 05:48:12 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Original-Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id E2991AD52;
	Tue, 17 Apr 2018 09:48:04 +0000 (UTC)
X-Yow: Now I understand the meaning of ``THE MOD SQUAD''!
In-Reply-To: <m2muy2fzhw.fsf@gmail.com> (Philipp's message of "Tue, 17 Apr
	2018 02:27:55 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:145477
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/145477>

On Apr 17 2018, Philipp <p.stephani2@gmail.com> wrote:

> Loading a file or evaluating a buffer with the following contents causes
> undefined behavior, normally resulting in a segmentation fault:
>
> ;; -*- -:*-
>
> For example:
>
> $ emacs -Q -batch -nw -eval '(with-temp-buffer (insert ";; -*- -:*-") (eval-buffer))'
> Fatal error 11: Segmentation faultAbort trap: 6

I have installed this patch in the emacs-26 branch:

* src/lread.c (lisp_file_lexically_bound_p): Reset
beg_end_state before reading variable or value.
---
 src/lread.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lread.c b/src/lread.c
index 3104c441ec..72523c057f 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -896,6 +896,7 @@ lisp_file_lexically_bound_p (Lisp_Object readcharfun)
 	    ch = READCHAR;
 
 	  i = 0;
+	  beg_end_state = NOMINAL;
 	  while (ch != ':' && ch != '\n' && ch != EOF && in_file_vars)
 	    {
 	      if (i < sizeof var - 1)
@@ -921,6 +922,7 @@ lisp_file_lexically_bound_p (Lisp_Object readcharfun)
 		ch = READCHAR;
 
 	      i = 0;
+	      beg_end_state = NOMINAL;
 	      while (ch != ';' && ch != '\n' && ch != EOF && in_file_vars)
 		{
 		  if (i < sizeof val - 1)
-- 
2.17.0


Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."