From unknown Sun Aug 17 01:01:53 2025 X-Loop: help-debbugs@gnu.org Subject: bug#31545: xwidget-webkit-execute-script does not protect script against GC Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 21 May 2018 12:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 31545 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 31545@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.152690539023409 (code B ref -1); Mon, 21 May 2018 12:24:02 +0000 Received: (at submit) by debbugs.gnu.org; 21 May 2018 12:23:10 +0000 Received: from localhost ([127.0.0.1]:42575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKjqI-00065V-1N for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:10 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60105) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKjqE-00065H-S6 for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fKjq9-0000HK-5B for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:01 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:45056) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fKjq9-0000HG-1x for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:01 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51058) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fKjq8-0003Ua-1A for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 08:23:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fKjq4-0000EO-SJ for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 08:23:00 -0400 Received: from mail-out.m-online.net ([212.18.0.9]:32980) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fKjq4-0000Co-LO for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 08:22:56 -0400 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 40qHwt51rsz1qvCY for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 40qHwt4xL1z1qvT9 for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id A8PKlIhLDd8S for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) X-Auth-Info: WTTxy3kSmSr4zDo3V6UtWw4+7y8xglzmuiH+whh4Sfal1lz7dM+HfqHh7zmvUDYO Received: from localhost (ppp-188-174-150-148.dynamic.mnet-online.de [188.174.150.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) Received: by localhost (Postfix, from userid 1000) id 8569F2C2696; Mon, 21 May 2018 14:22:53 +0200 (CEST) From: Andreas Schwab X-Yow: It don't mean a THING if you ain't got that SWING!! Date: Mon, 21 May 2018 14:22:53 +0200 Message-ID: <8736yl19lu.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.8 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.8 (-----) The script argument to xwidget-webkit-execute-script is not protected against GC. Since strings may be relocated by GC the pointer passed to webkit_web_view_run_javascript may become invalid any time during the asynchronous execution. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different." From unknown Sun Aug 17 01:01:53 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Andreas Schwab Subject: bug#31545: closed (Re: bug#31545: xwidget-webkit-execute-script does not protect script against GC) Message-ID: References: <87bmd8686e.fsf@igel.home> <8736yl19lu.fsf@igel.home> X-Gnu-PR-Message: they-closed 31545 X-Gnu-PR-Package: emacs Reply-To: 31545@debbugs.gnu.org Date: Mon, 21 May 2018 20:55:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1526936102-3199-1" This is a multi-part message in MIME format... ------------=_1526936102-3199-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #31545: xwidget-webkit-execute-script does not protect script against GC which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 31545@debbugs.gnu.org. --=20 31545: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D31545 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1526936102-3199-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 31545-done) by debbugs.gnu.org; 21 May 2018 20:54:55 +0000 Received: from localhost ([127.0.0.1]:43289 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKrpW-0000pG-MD for submit@debbugs.gnu.org; Mon, 21 May 2018 16:54:55 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:48308) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKrpU-0000p7-Jo for 31545-done@debbugs.gnu.org; Mon, 21 May 2018 16:54:53 -0400 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 40qWHb4Pkcz1qvn4 for <31545-done@debbugs.gnu.org>; Mon, 21 May 2018 22:54:51 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 40qWHb2bBkz1qqlF for <31545-done@debbugs.gnu.org>; Mon, 21 May 2018 22:54:51 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id RCFJwi9y6Ua9 for <31545-done@debbugs.gnu.org>; Mon, 21 May 2018 22:54:50 +0200 (CEST) X-Auth-Info: AWeXHZi4MJlmzoHc3lS6EdkAdHuEAL8Ak+NPn1JnD37qmfXlgcZ/ntvZ1rvXPrX2 Received: from localhost (ppp-188-174-150-148.dynamic.mnet-online.de [188.174.150.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA for <31545-done@debbugs.gnu.org>; Mon, 21 May 2018 22:54:50 +0200 (CEST) Received: by localhost (Postfix, from userid 1000) id AFD662C4B3C; Mon, 21 May 2018 22:54:49 +0200 (CEST) From: Andreas Schwab To: 31545-done@debbugs.gnu.org Subject: Re: bug#31545: xwidget-webkit-execute-script does not protect script against GC References: <8736yl19lu.fsf@igel.home> X-Yow: Used staples are good with SOY SAUCE! Date: Mon, 21 May 2018 22:54:49 +0200 In-Reply-To: <8736yl19lu.fsf@igel.home> (Andreas Schwab's message of "Mon, 21 May 2018 14:22:53 +0200") Message-ID: <87bmd8686e.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 31545-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.5 (-) I have pushed this patch to fix the GC problem in xwidget-webkit-execute-script. Andreas. * src/xwidget.h (struct xwidget): Add script_callbacks. * src/xwidget.c (save_script_callback): New function. (Fxwidget_webkit_execute_script): Use it. Encode script before passing to execution engine. Always use a callback. (webkit_javascript_finished_cb): Deallocate script. (kill_buffer_xwidgets): Deallocate remaining scripts. (Fxwidget_webkit_zoom): Doc fix. (Fxwidget_resize): Doc fix. --- src/xwidget.c | 99 +++++++++++++++++++++++++++++++++++++-------------- src/xwidget.h | 3 ++ 2 files changed, 75 insertions(+), 27 deletions(-) diff --git a/src/xwidget.c b/src/xwidget.c index 95fa5f19c4..c4a3b1990d 100644 --- a/src/xwidget.c +++ b/src/xwidget.c @@ -362,7 +362,7 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value) static void webkit_javascript_finished_cb (GObject *webview, GAsyncResult *result, - gpointer lisp_callback) + gpointer arg) { WebKitJavascriptResult *js_result; JSValueRef value; @@ -370,6 +370,11 @@ webkit_javascript_finished_cb (GObject *webview, GError *error = NULL; struct xwidget *xw = g_object_get_data (G_OBJECT (webview), XG_XWIDGET); + ptrdiff_t script_idx = (ptrdiff_t) arg; + Lisp_Object script_callback = AREF (xw->script_callbacks, script_idx); + ASET (xw->script_callbacks, script_idx, Qnil); + if (!NILP (script_callback)) + xfree (XSAVE_POINTER (XCAR (script_callback), 0)); js_result = webkit_web_view_run_javascript_finish (WEBKIT_WEB_VIEW (webview), result, &error); @@ -381,18 +386,19 @@ webkit_javascript_finished_cb (GObject *webview, return; } - context = webkit_javascript_result_get_global_context (js_result); - value = webkit_javascript_result_get_value (js_result); - Lisp_Object lisp_value = webkit_js_to_lisp (context, value); - webkit_javascript_result_unref (js_result); + if (!NILP (script_callback) && !NILP (XCDR (script_callback))) + { + context = webkit_javascript_result_get_global_context (js_result); + value = webkit_javascript_result_get_value (js_result); + Lisp_Object lisp_value = webkit_js_to_lisp (context, value); + + /* Register an xwidget event here, which then runs the callback. + This ensures that the callback runs in sync with the Emacs + event loop. */ + store_xwidget_js_callback_event (xw, XCDR (script_callback), lisp_value); + } - /* Register an xwidget event here, which then runs the callback. - This ensures that the callback runs in sync with the Emacs - event loop. */ - /* FIXME: This might lead to disaster if LISP_CALLBACK's object - was garbage collected before now. See the FIXME in - Fxwidget_webkit_execute_script. */ - store_xwidget_js_callback_event (xw, XPL (lisp_callback), lisp_value); + webkit_javascript_result_unref (js_result); } @@ -684,8 +690,7 @@ DEFUN ("xwidget-webkit-goto-uri", DEFUN ("xwidget-webkit-zoom", Fxwidget_webkit_zoom, Sxwidget_webkit_zoom, 2, 2, 0, - doc: /* Change the zoom factor of the xwidget webkit instance -referenced by XWIDGET. */) + doc: /* Change the zoom factor of the xwidget webkit instance referenced by XWIDGET. */) (Lisp_Object xwidget, Lisp_Object factor) { WEBKIT_FN_INIT (); @@ -700,12 +705,46 @@ referenced by XWIDGET. */) return Qnil; } +/* Save script and fun in the script/callback save vector and return + its index. */ +static ptrdiff_t +save_script_callback (struct xwidget *xw, Lisp_Object script, Lisp_Object fun) +{ + ptrdiff_t script_bytes = STRING_BYTES (XSTRING (script)); + char *script_data = xmalloc (script_bytes + 1); + memcpy (script_data, SSDATA (script), script_bytes + 1); + + ptrdiff_t idx; + Lisp_Object cbs = xw->script_callbacks; + if (NILP (cbs)) + xw->script_callbacks = cbs = Fmake_vector (make_number (32), Qnil); + + /* Find first free index. */ + for (idx = 0; ; idx++) + { + if (idx >= ASIZE (cbs)) + { + /* Resize script/callback save vector. */ + Lisp_Object new_cbs = Fmake_vector (make_number (idx + 32), Qnil); + ptrdiff_t n; + for (n = 0; n < idx; n++) + ASET (new_cbs, n, AREF (cbs, n)); + xw->script_callbacks = cbs = new_cbs; + } + if (NILP (AREF (cbs, idx))) + { + ASET (cbs, idx, Fcons (make_save_ptr (script_data), fun)); + break; + } + } + return idx; +} DEFUN ("xwidget-webkit-execute-script", Fxwidget_webkit_execute_script, Sxwidget_webkit_execute_script, 2, 3, 0, - doc: /* Make the Webkit XWIDGET execute JavaScript SCRIPT. If -FUN is provided, feed the JavaScript return value to the single + doc: /* Make the Webkit XWIDGET execute JavaScript SCRIPT. +If FUN is provided, feed the JavaScript return value to the single argument procedure FUN.*/) (Lisp_Object xwidget, Lisp_Object script, Lisp_Object fun) { @@ -714,28 +753,24 @@ argument procedure FUN.*/) if (!NILP (fun) && !FUNCTIONP (fun)) wrong_type_argument (Qinvalid_function, fun); - GAsyncReadyCallback callback - = FUNCTIONP (fun) ? webkit_javascript_finished_cb : NULL; + script = ENCODE_SYSTEM (script); - /* FIXME: The following hack assumes USE_LSB_TAG. */ - verify (USE_LSB_TAG); - /* FIXME: This hack might lead to disaster if FUN is garbage - collected before store_xwidget_js_callback_event makes it visible - to Lisp again. See the FIXME in webkit_javascript_finished_cb. */ - gpointer callback_arg = XLP (fun); + /* Protect script and fun during GC. */ + ptrdiff_t idx = save_script_callback (xw, script, fun); /* JavaScript execution happens asynchronously. If an elisp callback function is provided we pass it to the C callback procedure that retrieves the return value. */ webkit_web_view_run_javascript (WEBKIT_WEB_VIEW (xw->widget_osr), - SSDATA (script), + XSAVE_POINTER (XCAR (AREF (xw->script_callbacks, idx)), 0), NULL, /* cancelable */ - callback, callback_arg); + webkit_javascript_finished_cb, + (gpointer) idx); return Qnil; } DEFUN ("xwidget-resize", Fxwidget_resize, Sxwidget_resize, 3, 3, 0, - doc: /* Resize XWIDGET. NEW_WIDTH, NEW_HEIGHT define the new size. */ ) + doc: /* Resize XWIDGET to NEW_WIDTH, NEW_HEIGHT. */ ) (Lisp_Object xwidget, Lisp_Object new_width, Lisp_Object new_height) { CHECK_XWIDGET (xwidget); @@ -1197,6 +1232,16 @@ kill_buffer_xwidgets (Lisp_Object buffer) gtk_widget_destroy (xw->widget_osr); gtk_widget_destroy (xw->widgetwindow_osr); } + if (!NILP (xw->script_callbacks)) + { + ptrdiff_t idx; + for (idx = 0; idx < ASIZE (xw->script_callbacks); idx++) + { + if (!NILP (AREF (xw->script_callbacks, idx))) + xfree (XSAVE_POINTER (XCAR (AREF (xw->script_callbacks, idx)), 0)); + ASET (xw->script_callbacks, idx, Qnil); + } + } } } } diff --git a/src/xwidget.h b/src/xwidget.h index 8267012d5d..93f4cfb794 100644 --- a/src/xwidget.h +++ b/src/xwidget.h @@ -47,6 +47,9 @@ struct xwidget /* A title used for button labels, for instance. */ Lisp_Object title; + /* Vector of currently executing scripts with callbacks. */ + Lisp_Object script_callbacks; + /* Here ends the Lisp part. "height" is the marker field. */ int height; -- 2.17.0 -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different." ------------=_1526936102-3199-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 21 May 2018 12:23:10 +0000 Received: from localhost ([127.0.0.1]:42575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKjqI-00065V-1N for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:10 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60105) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKjqE-00065H-S6 for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fKjq9-0000HK-5B for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:01 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:45056) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fKjq9-0000HG-1x for submit@debbugs.gnu.org; Mon, 21 May 2018 08:23:01 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51058) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fKjq8-0003Ua-1A for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 08:23:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fKjq4-0000EO-SJ for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 08:23:00 -0400 Received: from mail-out.m-online.net ([212.18.0.9]:32980) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fKjq4-0000Co-LO for bug-gnu-emacs@gnu.org; Mon, 21 May 2018 08:22:56 -0400 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 40qHwt51rsz1qvCY for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 40qHwt4xL1z1qvT9 for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id A8PKlIhLDd8S for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) X-Auth-Info: WTTxy3kSmSr4zDo3V6UtWw4+7y8xglzmuiH+whh4Sfal1lz7dM+HfqHh7zmvUDYO Received: from localhost (ppp-188-174-150-148.dynamic.mnet-online.de [188.174.150.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA for ; Mon, 21 May 2018 14:22:54 +0200 (CEST) Received: by localhost (Postfix, from userid 1000) id 8569F2C2696; Mon, 21 May 2018 14:22:53 +0200 (CEST) From: Andreas Schwab To: bug-gnu-emacs@gnu.org Subject: xwidget-webkit-execute-script does not protect script against GC X-Yow: It don't mean a THING if you ain't got that SWING!! Date: Mon, 21 May 2018 14:22:53 +0200 Message-ID: <8736yl19lu.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.8 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.8 (-----) The script argument to xwidget-webkit-execute-script is not protected against GC. Since strings may be relocated by GC the pointer passed to webkit_web_view_run_javascript may become invalid any time during the asynchronous execution. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different." ------------=_1526936102-3199-1-- From unknown Sun Aug 17 01:01:53 2025 X-Loop: help-debbugs@gnu.org Subject: bug#31545: xwidget-webkit-execute-script does not protect script against GC References: <8736yl19lu.fsf@igel.home> In-Reply-To: <8736yl19lu.fsf@igel.home> Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 22 May 2018 16:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31545 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Andreas Schwab Cc: 31545@debbugs.gnu.org Received: via spool by 31545-submit@debbugs.gnu.org id=B31545.152700605525423 (code B ref 31545); Tue, 22 May 2018 16:21:02 +0000 Received: (at 31545) by debbugs.gnu.org; 22 May 2018 16:20:55 +0000 Received: from localhost ([127.0.0.1]:44344 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fLA1v-0006bz-2F for submit@debbugs.gnu.org; Tue, 22 May 2018 12:20:55 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:47390) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fLA1t-0006bl-It for 31545@debbugs.gnu.org; Tue, 22 May 2018 12:20:54 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id D164D1606D7; Tue, 22 May 2018 09:20:47 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id IaTtprH_lrn1; Tue, 22 May 2018 09:20:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id F2609160713; Tue, 22 May 2018 09:20:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id REXykoZ7sRoe; Tue, 22 May 2018 09:20:46 -0700 (PDT) Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id D53701606D7; Tue, 22 May 2018 09:20:46 -0700 (PDT) From: Paul Eggert Organization: UCLA Computer Science Department Message-ID: <3edfba42-5103-dec9-a974-bf22dd2efb8e@cs.ucla.edu> Date: Tue, 22 May 2018 09:20:43 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------B996FE6A251B01ECF52E4A45" Content-Language: en-US X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This is a multi-part message in MIME format. --------------B996FE6A251B01ECF52E4A45 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Thanks for fixing that GC bug with xwidgets. I installed the attached minor tweaks to try to improve the fix. Although the intptr_t-vs-ptrdiff_t thing is bit of an annoyance, I find it useful to distinguish between offsets and pointers-as-integers. --------------B996FE6A251B01ECF52E4A45 Content-Type: text/x-patch; name="0001-Minor-tweaks-to-recent-fix-for-Bug-31545.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Minor-tweaks-to-recent-fix-for-Bug-31545.patch" >From cc3bbd250317d76c7448beb1ecc7f3df6bd48e36 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 22 May 2018 09:13:20 -0700 Subject: [PATCH] Minor tweaks to recent fix for Bug#31545 * src/xwidget.c (webkit_javascript_finished_cb) (Fxwidget_webkit_execute_script): Use intptr_t to avoid warnings in the (unlikely) event that ptrdiff_t and void * differ in width. (save_script_callback): Simplify by using xlispdstrdup and larger_vector. --- src/xwidget.c | 35 +++++++++++------------------------ 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/src/xwidget.c b/src/xwidget.c index 16243b7789..32022abf34 100644 --- a/src/xwidget.c +++ b/src/xwidget.c @@ -370,7 +370,7 @@ webkit_javascript_finished_cb (GObject *webview, GError *error = NULL; struct xwidget *xw = g_object_get_data (G_OBJECT (webview), XG_XWIDGET); - ptrdiff_t script_idx = (ptrdiff_t) arg; + ptrdiff_t script_idx = (intptr_t) arg; Lisp_Object script_callback = AREF (xw->script_callbacks, script_idx); ASET (xw->script_callbacks, script_idx, Qnil); if (!NILP (script_callback)) @@ -711,33 +711,20 @@ DEFUN ("xwidget-webkit-zoom", static ptrdiff_t save_script_callback (struct xwidget *xw, Lisp_Object script, Lisp_Object fun) { - ptrdiff_t script_bytes = STRING_BYTES (XSTRING (script)); - char *script_data = xmalloc (script_bytes + 1); - memcpy (script_data, SSDATA (script), script_bytes + 1); - - ptrdiff_t idx; Lisp_Object cbs = xw->script_callbacks; if (NILP (cbs)) xw->script_callbacks = cbs = Fmake_vector (make_number (32), Qnil); /* Find first free index. */ - for (idx = 0; ; idx++) - { - if (idx >= ASIZE (cbs)) - { - /* Resize script/callback save vector. */ - Lisp_Object new_cbs = Fmake_vector (make_number (idx + 32), Qnil); - ptrdiff_t n; - for (n = 0; n < idx; n++) - ASET (new_cbs, n, AREF (cbs, n)); - xw->script_callbacks = cbs = new_cbs; - } - if (NILP (AREF (cbs, idx))) - { - ASET (cbs, idx, Fcons (make_save_ptr (script_data), fun)); - break; - } - } + ptrdiff_t idx; + for (idx = 0; !NILP (AREF (cbs, idx)); idx++) + if (idx + 1 == ASIZE (cbs)) + { + xw->script_callbacks = cbs = larger_vector (cbs, 1, -1); + break; + } + + ASET (cbs, idx, Fcons (make_save_ptr (xlispstrdup (script)), fun)); return idx; } @@ -757,7 +744,7 @@ argument procedure FUN.*/) script = ENCODE_SYSTEM (script); /* Protect script and fun during GC. */ - ptrdiff_t idx = save_script_callback (xw, script, fun); + intptr_t idx = save_script_callback (xw, script, fun); /* JavaScript execution happens asynchronously. If an elisp callback function is provided we pass it to the C callback -- 2.17.0 --------------B996FE6A251B01ECF52E4A45-- From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 08 04:56:46 2020 Received: (at control) by debbugs.gnu.org; 8 Mar 2020 08:56:46 +0000 Received: from localhost ([127.0.0.1]:47877 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jArjq-00076E-BZ for submit@debbugs.gnu.org; Sun, 08 Mar 2020 04:56:46 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:32880) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jArjp-000761-BF for control@debbugs.gnu.org; Sun, 08 Mar 2020 04:56:45 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id C16C716009E for ; Sun, 8 Mar 2020 00:56:39 -0800 (PST) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 4VMO0DBRpfdZ for ; Sun, 8 Mar 2020 00:56:39 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 3228F1600AF for ; Sun, 8 Mar 2020 00:56:39 -0800 (PST) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id voRpWa09w3Ov for ; Sun, 8 Mar 2020 00:56:39 -0800 (PST) Received: from [192.168.1.9] (cpe-23-242-74-103.socal.res.rr.com [23.242.74.103]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 0D67C16009E for ; Sun, 8 Mar 2020 00:56:39 -0800 (PST) To: control@debbugs.gnu.org From: Paul Eggert Subject: merge 31545, 25816 Organization: UCLA Computer Science Department Message-ID: <165ef456-6523-85cf-9a8c-96ba3323fac7@cs.ucla.edu> Date: Sun, 8 Mar 2020 00:56:38 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) unarchive 31545 merge 31545 25816