From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM Date: Tue, 23 Jul 2024 10:06:01 +0800 Message-ID: References: Reply-To: Po Lu Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="31696"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 72245@debbugs.gnu.org To: Stefan Kangas Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Jul 23 04:07:17 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sW4vs-00085t-Sv for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 23 Jul 2024 04:07:16 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sW4vc-000880-H6; Mon, 22 Jul 2024 22:07:00 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sW4va-000860-Q7 for bug-gnu-emacs@gnu.org; Mon, 22 Jul 2024 22:06:58 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sW4va-0002On-GY for bug-gnu-emacs@gnu.org; Mon, 22 Jul 2024 22:06:58 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sW4ve-0006Cn-63 for bug-gnu-emacs@gnu.org; Mon, 22 Jul 2024 22:07:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Po Lu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 23 Jul 2024 02:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72245 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 72245-submit@debbugs.gnu.org id=B72245.172170037823802 (code B ref 72245); Tue, 23 Jul 2024 02:07:02 +0000 Original-Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 02:06:18 +0000 Original-Received: from localhost ([127.0.0.1]:58823 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sW4uv-0006Bp-Vo for submit@debbugs.gnu.org; Mon, 22 Jul 2024 22:06:18 -0400 Original-Received: from sonic311-25.consmr.mail.ne1.yahoo.com ([66.163.188.206]:43333) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sW4ut-0006Bb-C9 for 72245@debbugs.gnu.org; Mon, 22 Jul 2024 22:06:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1721700365; bh=YkWrjVLt0ddpXuklNG/0uAuJ+Ub06bLsC0uNOXtpiyY=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=bGnsaqEp3mVk+L710IVyiFj378q3z/glbfLACf9Q24N/MqsLcDsb8MbCrJy8J1PjM0T75xGm8tDkK3rRT+ZjhokUjecmZdyRwLLmcr7a3RIFwVen2ndavUUY5eSO8T9QMUCHviM5pn6pCox+TKcNaXKA84jLlTL1YVsm/1Y1E4xxXf0ZVBqCFkvf2M87mtC78T6oaiVZf+Sk2oCUQzCx75WCjGMxb4ixTvJhx8k3SFMBa+cKl8vWvSADhOoQmWTGpmAuhhmqu4Sgjt19A6zuGl7pyj+xN1e8REsLqkyUGkOQ2+yRpgoo+x+u73wXWAutiK5a69sLxYYUI1YDlk9cZA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1721700365; bh=8CZ2fZyTS9iZN/qHA3NAanDn1sP0AWxPo/xDgl2oSRf=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GrV6YgKxVEIs1XWD4HSiYyKkuxrc8Nv3Yx/3sJ2q4ZB8HTFlPeYsYD65i4yhAcQny1HRavY889Bx+meHXmjPcmgZ3JTmRFj5uZgXx+vqBpN4GHIGF0yKzujOYjQC3d8g6oZZVzj0R1pj0benAjUD0XUmhzTZceKjK5y6j3zzvtsKg9u6NoDJnRbIV5ciFgqwZ+NQRpIg5y67oP8Vwiss/lv1pSvf6b/JadDpXYyC0SF21mRtCmM2VpqzBQw7DtVD5aBr7dFMecK+lNJ8tErTB/h0QvAu3K66bONtNyr4Ro/Brz/6wqVfkWw0EP8nEYDWwCpCI1qCrFSQraG6qNK2Bg== X-YMail-OSG: 21GPbc8VM1lX.zlie7rkyqrqImRH5qUvX.KjsYifbqza4DhaKMhuM32Ku6qc_p4 gCjtkKfRFySr7YeaB2RjGR5EfTLiRQsrC2bPCQnkoTP2R5HkWROQsAcJLsxVFfzKZzvyE9mxYlMV 5z31POZZJkk2v75MEiIO5qIL2aS5TsFaHQuHzsqb9oRiYS0T8Rp6yvd7jycKhBp5lzYR.7bOZV2H Cd.2RFAHV.5_Oj62qRZnUp1GmdCATNaNKBwaUVpMdeOvpebZfcQGh_P49ZeIXiDrS1PzVObXq1WY oRZpDF.jRmRSbSwnwKNn3wDQXonHyqqpfuy_vDHJf3Z4hgB8nLDYLmSwtLSIo8xneOq47vr6ybw8 fOE7Mkema8ySU.7CE58.vbjonrrT.kKOjCNfdI7L_1SYKicd4ERoYHYuV7PvK5m7uylC2zKYNmo8 or8AWPvsahRfVfQodfFgrmQk7dxdtpc4iq49Aafs3Z4tE.NYGlzTSQRB22PbjSDAoWrXVVXe.Bqy cMay22zXyJtVw1BBrRv9bhES4GRTafXW4h.J.or1GVhSMyXfcVFGO_yNpvuvFH.HRF3pf4ExPU0k HEpQxrN39Kkoqk_O7K0fn9zvrwji_VJopgTYLDI9uYMHAJ3ecWKm6QYKCjUU.WxyLQ8E4gIgWK_9 fSBYCxiOShB8WumALDRIyouW2LFOs_CJqJUSoA8.q3YoWzUXqdY9hawWGElc7aRZqBS04zs8e7UA klZYXpY2G_d44JqhI3pA1xhMF50DtO.sjCG4S9YRhjvm4pdJxycpYt075P0E11GyD7RmyhnnAunA .ZBEt92gEPzChFQeZpYUrn79B.2l2hTVOJUQ3OjK0t X-Sonic-MF: X-Sonic-ID: e5105737-20f6-445b-98b4-9813bf3e9cae Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 23 Jul 2024 02:06:05 +0000 Original-Received: by hermes--production-sg3-85fdb5cfc8-9f8w5 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 76a97bec104d244cbb8407bac9679f54; Tue, 23 Jul 2024 02:06:00 +0000 (UTC) In-Reply-To: (Stefan Kangas's message of "Mon, 22 Jul 2024 07:35:55 -0700") X-Mailer: WebService/1.1.22501 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:289134 Archived-At: Stefan Kangas writes: > Severity: minor > > Since XPM files are untrusted input, I think we'd better handle > integer > overflow when parsing it, in case the file is malformed. > > Proposed patch attached. What are the security implications of accepting whatever scanf produces in the event of an overflow?