GNU bug report logs - #11442
dbus uses Emacs integer as pointer, possible core dump

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Wed, 9 May 2012 15:24:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 11442 <at> debbugs.gnu.org (full text, mbox):

From: Andreas Schwab <schwab <at> linux-m68k.org>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: 11442 <at> debbugs.gnu.org, Paul Eggert <eggert <at> cs.ucla.edu>
Subject: Re: bug#11442: dbus uses Emacs integer as pointer, possible core dump
Date: Wed, 09 May 2012 17:45:19 +0200

Michael Albinus <michael.albinus <at> gmx.de> writes:

> Paul Eggert <eggert <at> cs.ucla.edu> writes:
>
> Hi Paul,
>
>> The trunk version of Emacs src/dbusbind.c contains a function
>> xd_get_connection_address that does this:
>>
>>     connection = (DBusConnection *) (intptr_t) XFASTINT (val);
>>
>> This converts an Emacs integer to a pointer without checking
>> that it is actually of the proper C type.  It is possible
>> for Lisp code to mistakenly put an integer there that will
>> cause Emacs to dump core.
>
> In general, I agree with you. In the given case, it is just a pointer
> address which has been written in Fdbus_init_bus. No other place is
> expected to write such an address, but since it is a Lisp object,
> somebody could do by mistake.

Why is Vdbus_registered_buses exported to lisp?

Andreas.

-- 
Andreas Schwab, schwab <at> linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."
This bug report was last modified 13 years and 74 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.