GNU bug report logs - #17334
24.3; Crash in cmdproxy.exe

Previous Next

Package: emacs;

Reported by: Sohail Somani <sohail <at> taggedtype.net>

Date: Thu, 24 Apr 2014 16:38:02 UTC

Severity: normal

Found in version 24.3

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#17334: closed (24.3; Crash in cmdproxy.exe)
Date: Sat, 26 Apr 2014 07:09:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sat, 26 Apr 2014 10:08:23 +0300
with message-id <831twkpnyw.fsf <at> gnu.org>
and subject line Re: bug#17334: 24.3; Crash in cmdproxy.exe
has caused the debbugs.gnu.org bug report #17334,
regarding 24.3; Crash in cmdproxy.exe
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
17334: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17334
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Sohail Somani <sohail <at> taggedtype.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3; Crash in cmdproxy.exe
Date: Wed, 23 Apr 2014 23:58:57 -0400

There is a "bug" in cmdproxy.exe which should never happen, but does
anyway. In make_absolute, there is the following code:

  strncpy(dir, path, p - path);
  dir[p - path] = '\0';

If p-path > sizeof(dir), a buffer overrun occurs.

I came across this problem because I accidentally used ':' as a
separator when constructing the PATH variable in Emacs.

Thanks,

Sohail



[Message part 3 (message/rfc822, inline)]
From: Eli Zaretskii <eliz <at> gnu.org>
To: Sohail Somani <sohail <at> taggedtype.net>
Cc: 17334-done <at> debbugs.gnu.org
Subject: Re: bug#17334: 24.3; Crash in cmdproxy.exe
Date: Sat, 26 Apr 2014 10:08:23 +0300

> Date: Wed, 23 Apr 2014 23:58:57 -0400
> From: Sohail Somani <sohail <at> taggedtype.net>
> 
> There is a "bug" in cmdproxy.exe which should never happen, but does
> anyway. In make_absolute, there is the following code:
> 
>    strncpy(dir, path, p - path);
>    dir[p - path] = '\0';
> 
> If p-path > sizeof(dir), a buffer overrun occurs.
> 
> I came across this problem because I accidentally used ':' as a
> separator when constructing the PATH variable in Emacs.

Thanks, this is now fixed for Emacs 24.4 (revision 117021 on the
emacs-24 branch).
This bug report was last modified 11 years and 83 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.