From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp>
Newsgroups: gmane.emacs.bugs
Subject: bug#52461: spontaneous crash with portable dumper
Date: Mon, 13 Dec 2021 10:44:04 +0900
Organization: Faculty of Science, Chiba University
Message-ID: <wl35mxjn2z.wl-mituharu@math.s.chiba-u.ac.jp>
References: <wlee6hs2qz.wl-mituharu@math.s.chiba-u.ac.jp>
Mime-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="32679"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
 FLIM-LB/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL-LB/10.8 EasyPG/1.0.0
 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
To: 52461@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Dec 13 02:45:19 2021
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mwaP1-0008GG-HG
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 13 Dec 2021 02:45:19 +0100
Original-Received: from localhost ([::1]:38700 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mwaOz-0005AR-KF
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 12 Dec 2021 20:45:17 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:46186)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mwaOk-00059v-TG
 for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:45:03 -0500
Original-Received: from debbugs.gnu.org ([209.51.188.43]:41942)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mwaOk-0004lZ-LM
 for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:45:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mwaOk-0001pl-Cq
 for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:45:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 13 Dec 2021 01:45:02 +0000
Resent-Message-ID: <handler.52461.B52461.16393598486962@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 52461
X-GNU-PR-Package: emacs
Original-Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.16393598486962
 (code B ref 52461); Mon, 13 Dec 2021 01:45:02 +0000
Original-Received: (at 52461) by debbugs.gnu.org; 13 Dec 2021 01:44:08 +0000
Original-Received: from localhost ([127.0.0.1]:53488 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mwaNs-0001oE-6P
 for submit@debbugs.gnu.org; Sun, 12 Dec 2021 20:44:08 -0500
Original-Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:49637)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mituharu@math.s.chiba-u.ac.jp>) id 1mwaNp-0001o5-Rn
 for 52461@debbugs.gnu.org; Sun, 12 Dec 2021 20:44:06 -0500
Original-Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5])
 by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id A4986F08DA
 for <52461@debbugs.gnu.org>; Mon, 13 Dec 2021 10:44:04 +0900 (JST)
 (envelope-from mituharu@math.s.chiba-u.ac.jp)
In-Reply-To: <wlee6hs2qz.wl-mituharu@math.s.chiba-u.ac.jp>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:222283
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/222283>

On Mon, 13 Dec 2021 10:38:28 +0900,
YAMAMOTO Mitsuharu wrote:
> 
> Because cs_i >= charset_table_used, charset_table[cs_i] (i.e., *cs)
> contains uninitialized contents.  So writing to the area that
> cs->code_space_mask points to can cause crash or memory corruption.

Sorry, cs->code_space_mask was not the destination address but the
source address.  So it does not cause memory corruption, but still
crash can happen.

				     YAMAMOTO Mitsuharu
				mituharu@math.s.chiba-u.ac.jp