GNU bug report logs - #11442
dbus uses Emacs integer as pointer, possible core dump

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Wed, 9 May 2012 15:24:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#11442: closed (dbus uses Emacs integer as pointer, possible
 core dump)
Date: Wed, 09 May 2012 21:39:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Wed, 09 May 2012 14:35:47 -0700
with message-id <4FAAE333.7020606 <at> cs.ucla.edu>
and subject line Re: bug#11442: dbus uses Emacs integer as pointer, possible core dump
has caused the debbugs.gnu.org bug report #11442,
regarding dbus uses Emacs integer as pointer, possible core dump
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
11442: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=11442
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: bug-gnu-emacs <at> gnu.org
Cc: Michael Albinus <michael.albinus <at> gmx.de>
Subject: dbus uses Emacs integer as pointer, possible core dump
Date: Wed, 09 May 2012 08:20:57 -0700

The trunk version of Emacs src/dbusbind.c contains a function
xd_get_connection_address that does this:

    connection = (DBusConnection *) (intptr_t) XFASTINT (val);

This converts an Emacs integer to a pointer without checking
that it is actually of the proper C type.  It is possible
for Lisp code to mistakenly put an integer there that will
cause Emacs to dump core.  Shouldn't this be made safe, so
that Lisp code can't do that?  For example, a DbusConnection *
could be made a proper Lisp pseudovector or misc type or
something like that.  The idea is to avoid a bad pointer
leaking into the C code.



[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: Andreas Schwab <schwab <at> linux-m68k.org>, 11442-done <at> debbugs.gnu.org
Subject: Re: bug#11442: dbus uses Emacs integer as pointer, possible core dump
Date: Wed, 09 May 2012 14:35:47 -0700

On 05/09/2012 02:19 PM, Michael Albinus wrote:
> I've converted it to be an internal Lisp object.

Thanks; that looks good.  Closing the bug.
This bug report was last modified 13 years and 74 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.