GNU bug report logs -
#11442
dbus uses Emacs integer as pointer, possible core dump
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Wed, 9 May 2012 15:24:01 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 11442 <at> debbugs.gnu.org (full text, mbox):
Paul Eggert <eggert <at> cs.ucla.edu> writes:
Hi Paul,
> The trunk version of Emacs src/dbusbind.c contains a function
> xd_get_connection_address that does this:
>
> connection = (DBusConnection *) (intptr_t) XFASTINT (val);
>
> This converts an Emacs integer to a pointer without checking
> that it is actually of the proper C type. It is possible
> for Lisp code to mistakenly put an integer there that will
> cause Emacs to dump core.
In general, I agree with you. In the given case, it is just a pointer
address which has been written in Fdbus_init_bus. No other place is
expected to write such an address, but since it is a Lisp object,
somebody could do by mistake.
> Shouldn't this be made safe, so that Lisp code can't do that? For
> example, a DbusConnection * could be made a proper Lisp pseudovector
> or misc type or something like that. The idea is to avoid a bad
> pointer leaking into the C code.
DbusConnection * is included by <dbus/dbus.h>; we cannot make it a
private type. But if there is something we could add as "glue type",
please do. I'm not so familar with Emacs' internal type armors.
Best regards, Michael.
This bug report was last modified 13 years and 74 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.