GNU bug report logs -
#27585
segfault when evaluating a file containing only backticks
Previous Next
Reported by: Steve Kemp <steve <at> steve.org.uk>
Date: Wed, 5 Jul 2017 06:29:02 UTC
Severity: minor
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
> > deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t.el
> > deagol ~ $ /usr/bin/emacs --batch --script ./t.el
> > ..
> > Segmentation fault (core dumped)
>
> Here it says:
>
> Re-entering top level after C stack overflow
>
> and doesn't crash.
That's great. For me it crashes on all the versions I've tested.
Sometimes with a shorter input, others need longer, but it had seemed
universal.
> See above: the machinery to try and prevent it exists, but it doesn't
> always succeed. And it really can't be 100% reliable. So I'm unsure
> what did you expect, and why.
Honestly? I expect Emacs to not crash. The mechanics might be
simple, or they might be complex but as a mere user I shouldn't
be expected to know or care about the details. I expect evaluating
lisp to not kill the editor - although I appreciate that executing
unknown could code do all kinds of nasty things, from uploading
my images to the internet, to running "rm -rf $HOME".
The fine manual, in "54.2 When Is There a Bug", agrees. When
paraphrased as "segfault == bug".
> IOW: why would someone want to run such a silly "program"?
In the real world? Nobody. It was just the first crash that
came out of fuzz-testing. Perhaps there will be more subtle
and interesting ones to report in the future when the fuzzer
has ran for a few more days/weeks. Perhaps not. Either way
I'd regard it as a bug that should be fixed, even if it is
not a security hole, and not something that is going to surprise
users in practice.
Steve
--
https://steve.fi/
This bug report was last modified 7 years and 298 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.