From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 27 17:59:25 2020 Received: (at submit) by debbugs.gnu.org; 27 Apr 2020 21:59:25 +0000 Received: from localhost ([127.0.0.1]:38331 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTBme-00047Z-HB for submit@debbugs.gnu.org; Mon, 27 Apr 2020 17:59:25 -0400 Received: from lists.gnu.org ([209.51.188.17]:48353) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTBa8-0002wP-Cc for submit@debbugs.gnu.org; Mon, 27 Apr 2020 17:46:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33920) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTBa6-0005H5-VM for bug-gnu-emacs@gnu.org; Mon, 27 Apr 2020 17:46:28 -0400 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jTBa5-0005UX-KF for bug-gnu-emacs@gnu.org; Mon, 27 Apr 2020 17:46:26 -0400 Received: from mail-mw2nam12on2112.outbound.protection.outlook.com ([40.107.244.112]:24431 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jTBa5-0005UH-2Y for bug-gnu-emacs@gnu.org; Mon, 27 Apr 2020 17:46:25 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RWtoJ5nwE0KBVUrAHYd6Z6kXm2NooivkATZ7XuV+JqfyhrWhB+Jr7S2Y4HuiSBeqRNY54u+oIVWToRZpslmTUw/7MiLojDGbcFWTSK1GUVRql2seVLtYzn485eKVU3jkjwCrm4ix0d3Lvkc0zeEM6KXOYHSyqd5TN7Q/UOAI1fHmKqHKVn146qvcfp83Oy9Aj0PI55vfeUIw7hzrYsImWXN9RPsRsIyUCOIy6gmLODNh2+qZeN8CjnqLJo+G6ndeRF+oBker98dhqBC36sZ2tK/W6B1HvXNVy2wJMPvFcDjXq7TaBJTwFU2GKyS162esIAfnHKQxurZiPDBouxNTGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZkVt5DgoHLKoaLspB1toRiAycN0Ngio1jWqN4WT11BQ=; b=Cg4doE+Vyxw13h/b2U85oOx07bSrrevq1mS+T1+lNzU5O/KC7SAtYYHXOx6nPvNptj80JA2eV0cIqhZIPULXgHuz4UPS0ph+SVP2gJ7nwCQ/ss4TIeZXJhZZWv50d7HRxhp9YCEp+sEjoGyxYSnqmABBQc6FqeOFPuoixOvpNYVJZs9uY8juUEtzdyaHLkiD0fu5TY8XGHpCfDk4A8Zw14un7eaubgVRdVj7gdulFr8raMuQIfm+fGvLCQlEpQAtWrW5EGxf4fFJVV6LkK0ABa6Fypru4xWbkBhkkYokYT5iV/MzcnzGHfZv1IH1O4VnMdbHXvqUJs180+n6HKZPYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=perforce.com; dmarc=pass action=none header.from=perforce.com; dkim=pass header.d=perforce.com; arc=none Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgibson@perforce.com; Received: from MW3PR20MB3433.namprd20.prod.outlook.com (2603:10b6:303:5e::19) by MW3PR20MB3499.namprd20.prod.outlook.com (2603:10b6:303:5e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Mon, 27 Apr 2020 21:31:17 +0000 Received: from MW3PR20MB3433.namprd20.prod.outlook.com ([fe80::d5a1:f399:83ed:e206]) by MW3PR20MB3433.namprd20.prod.outlook.com ([fe80::d5a1:f399:83ed:e206%6]) with mapi id 15.20.2937.023; Mon, 27 Apr 2020 21:31:17 +0000 From: Jason Gibson To: bug-gnu-emacs@gnu.org Subject: 24.5; Crash on open of file Date: Mon, 27 Apr 2020 14:31:15 -0700 Message-ID: <87lfmghazg.fsf@perforce.com> Content-Type: multipart/mixed; boundary="=-=-=" X-ClientProxiedBy: BY5PR16CA0019.namprd16.prod.outlook.com (2603:10b6:a03:1a0::32) To MW3PR20MB3433.namprd20.prod.outlook.com (2603:10b6:303:5e::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from jgibson-t7600-linux (12.234.39.240) by BY5PR16CA0019.namprd16.prod.outlook.com (2603:10b6:a03:1a0::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Mon, 27 Apr 2020 21:31:16 +0000 X-Originating-IP: [12.234.39.240] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 41146a56-1226-4107-fd7b-08d7eaf25182 X-MS-TrafficTypeDiagnostic: MW3PR20MB3499: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 0386B406AA X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR20MB3433.namprd20.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(136003)(366004)(39860400002)(346002)(396003)(376002)(52116002)(8936002)(86362001)(478600001)(6496006)(26005)(956004)(235185007)(8676002)(66616009)(66476007)(5660300002)(2616005)(66556008)(36756003)(66946007)(81156014)(316002)(186003)(6916009)(16526019)(2906002)(6486002); DIR:OUT; SFP:1102; Received-SPF: None (protection.outlook.com: perforce.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: E2n9hff5/h7fAMNBdlfddSCKCaPkScOid9Kg9DWSuIetR2AYb3uKYrxZizhXQ/brzefGFYWTWMJDH+ZnHi5luwyMPkt8+mFWbvkBhi3BzQA6pQ//m7tN8bQtSSSGMzO0aZgVJc6qyy10UimCrBDJ92IG+/Zymw8DUmf7ox9/ZQ/hevXDYuA1oeO00qRNqI2+0l6jS02m+4q+9aj/TXz6i6hZHAnZLXHucFwKj8ccN5jwn4N2utdPlRtiUoprBOYikQZ6zeXAgC0FXxIcSq2NPgd5X8KHLbrqf7/XptmyMmPA4hvXn+6RThwOuxu9KHv3JfWaNrNIW+1XQd7MjLkjC0jPmq+nT/tqBRJLYCux3TewWetewoGw0hAJhexDzJU4tiOZiJf5yXqjnLjZ3YTu4KwIVKY1I+HmIEAIVF/tZOniFBM/U1f7z9WMT3JAd7+z X-MS-Exchange-AntiSpam-MessageData: Bp9/eEo7MphKMtJDdFKsByMlsPL9V6x6qHyckOy+/oyWmZ+iInVSh0oVOkwE1JJwr2AiqUxWF0REslN2Yp6f2KjdKKw7V8Zups5DJw7oBvFHvl+h26ZzE5lU562vEjkUTwJkLozru9omQAhf/iL2SeSNY1SLkecv6/bBSIF1twsNi56bKFmoJkBIzWV82wrLoIrJNP2cx0m2lBhZQnJdoeQzi8QIdFjJBR/Xc0Xv2V/NGJ0PyQseJVd1Ophpujnq95/VuUMH5fl6N6vPNIr1Y1W4/rLV7fvvqNZGE61gaqTMb1lKioVGGQzXUY4vNccGa6UHHppLtww9bYIfR9cZxXoMXSfAwzeOgY1ObwX7m0y93xnnoAyrF2dSezwk1sCXtlprHATJvs/93T9QFFsWz7xqub9qUKf4VFzs7FJ7CdAhJdTD2D+9KT1wEMwygfEqRWBfrDiIMN+tUaMH7VrzUT6XK5NpFaqBNtJVwFh8v8q52/XSdR7dK8kZDXhpaQtgdzLG1d7Q7ZFyO6iQbR0dCF5VQ0ejDIrqo7FSI5q/dEVkI7KddE06qckmXSnnA5us4LWNVPrMCLQIAkA7KUbAoD4LD9G/6xpABBTXkByx15hbwKbzLG9jYcZy28nWrW3sdjBxIH5ShL8jG3TfwE2KuGH8l7y5KJw/28wP5RvqhTV3+9IJpwApUItCpk8WzbdAHoSuCdBed/tc58PkWBgQp9UtoW9k5zkCw11ZPxrL3GDbQstnowTs6QzV2SVw7HE3kJ0t+a4MFxbkmdrHr+8BoimpTasAKyzKIWk3cSvBJSI= X-OriginatorOrg: perforce.com X-MS-Exchange-CrossTenant-Network-Message-Id: 41146a56-1226-4107-fd7b-08d7eaf25182 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2020 21:31:17.0552 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 95b666d1-9a75-49ab-95a3-8969fbcdc08c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ck5sGiOhNJJ6lB3C//WYvcHN6uvM9WSNkFqaD8axsgjnckkR7ukqhpI4lt9ufjaYbpGvWjVDSWo1PImaTk6cQw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR20MB3499 Received-SPF: pass client-ip=40.107.244.112; envelope-from=jgibson@perforce.com; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/04/27 17:46:22 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Received-From: 40.107.244.112 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 27 Apr 2020 17:59:23 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, Attached is a file that crashes Emacs on find-file (find-file-literally does not crash). E.g.: tar xf foo8.tar LC_CTYPE=3Den_US.UTF-8 emacs -Q -nw --eval '(find-file "foo8")' *poof* Setting the locale to 'C' makes it not crash. Reproduction may depend on the environment Emacs was run from. It has been shown to crash in screen(1) but sometimes not in xterm directly or as an X client. The crashing function is: #25 0x000000000048a656 in encode_coding_utf_8 (coding=3D0x3435d80) at /op= t/lude/soft/emacs-25.3/src/private/x86_64_pc_linux_fedora14/../../orig/src/= coding.c:1499 Versions checked: 24.5.1, 26.3, and Git master: 34ae2d0c22 (2020-04-01 22:02:55) Thanks. Here's the report-emacs-bug text from Ubuntu 16.04.6 LTS / Emacs 24.5.1: In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.18.9) of 2017-09-20 on lcy01-07, modified by Debian System Description: Ubuntu 16.04.6 LTS Configured using: `configure --build x86_64-linux-gnu --prefix=3D/usr --sharedstatedir=3D/var/lib --libexecdir=3D/usr/lib --localstatedir=3D/var/lib --infodir=3D/usr/share/info --mandir=3D/usr/share/man --with-pop=3Dyes --enable-locallisppath=3D/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24= .5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-li= sp:/usr/share/emacs/site-lisp --build x86_64-linux-gnu --prefix=3D/usr --sharedstatedir=3D/var/lib --libexecdir=3D/usr/lib --localstatedir=3D/var/lib --infodir=3D/usr/share/info --mandir=3D/usr/share/man --with-pop=3Dyes --enable-locallisppath=3D/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24= .5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-li= sp:/usr/share/emacs/site-lisp --with-x=3Dyes --with-x-toolkit=3Dgtk3 --with-toolkit-scroll-bars 'CFLAGS=3D-g -O2 -fstack-protector-strong -Wformat -Werror=3Dformat-security -Wall' 'CPPFLAGS=3D-Wdate-time -D_FORTIFY_SOURCE=3D2' 'LDFLAGS=3D-Wl,-Bsymbolic-functions -Wl,-z,relro'' Important settings: value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Load-path shadows: None found. Features: (shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util help-fns mail-prsvr mail-utils xterm time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process dbusbind gfilenotify dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs) Memory information: ((conses 16 77557 7390) (symbols 48 17639 0) (miscs 40 31 88) (strings 32 9251 4575) (string-bytes 1 249787) (vectors 16 7095) (vector-slots 8 341333 32687) (floats 8 65 369) (intervals 56 203 6) (buffers 960 11) (heap 1024 35092 1893)) This e-mail may contain information that is privileged or confidential. If = you are not the intended recipient, please delete the e-mail and any attach= ments and notify us immediately. --=-=-= Content-Type: application/x-tar Content-Disposition: attachment; filename=foo8.tar Content-Transfer-Encoding: base64 Content-Description: file that crashes emacs (the untarred content) Zm9vOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDA2NjQAMDAwMTc1 MAAwMDAxNzUwADAwMDAwMDA0Mzc0ADEzNjUxNjM3NTIxADAxMDQxNQAgMAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhciAgAHVzZXIAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAdXNlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZ mdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ 2ZnZmdmZ2ZnZmdmZ2ZnZmdmZ2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 05:01:21 2020 Received: (at 40913) by debbugs.gnu.org; 28 Apr 2020 09:01:21 +0000 Received: from localhost ([127.0.0.1]:38887 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTM7E-0000HP-Qm for submit@debbugs.gnu.org; Tue, 28 Apr 2020 05:01:21 -0400 Received: from eggs.gnu.org ([209.51.188.92]:53656) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTM7D-0000HD-84 for 40913@debbugs.gnu.org; Tue, 28 Apr 2020 05:01:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:54866) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTM77-0005l0-MH; Tue, 28 Apr 2020 05:01:13 -0400 Received: from [176.228.60.248] (port=1614 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jTM70-0000DO-JR; Tue, 28 Apr 2020 05:01:08 -0400 Date: Tue, 28 Apr 2020 12:00:46 +0300 Message-Id: <83d07s2ddt.fsf@gnu.org> From: Eli Zaretskii To: Jason Gibson In-Reply-To: <87lfmghazg.fsf@perforce.com> (message from Jason Gibson on Mon, 27 Apr 2020 14:31:15 -0700) Subject: Re: bug#40913: 24.5; Crash on open of file References: <87lfmghazg.fsf@perforce.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40913 Cc: 40913@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Jason Gibson > Date: Mon, 27 Apr 2020 14:31:15 -0700 > > Attached is a file that crashes Emacs on find-file (find-file-literally > does not crash). E.g.: > > tar xf foo8.tar > LC_CTYPE=en_US.UTF-8 emacs -Q -nw --eval '(find-file "foo8")' > *poof* Thanks. This is a very old bug, now fixed on the emacs-27 branch. If you can build that branch, please see that the crash is gone now. From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 13:00:21 2020 Received: (at 40913) by debbugs.gnu.org; 28 Apr 2020 17:00:21 +0000 Received: from localhost ([127.0.0.1]:41243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTTam-0006RD-P2 for submit@debbugs.gnu.org; Tue, 28 Apr 2020 13:00:21 -0400 Received: from mail-dm6nam12on2100.outbound.protection.outlook.com ([40.107.243.100]:27936 helo=NAM12-DM6-obe.outbound.protection.outlook.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTTTM-0006EB-2R for 40913@debbugs.gnu.org; Tue, 28 Apr 2020 12:52:41 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D76lD/JHN7PVgFFhZTy08mXMXLnbl39aVC4DxXXS7ZdaZv2zE5hKUe85M6ba6DwZ1zBcuhf+Z3971xvK+VyHtwYN2RYROzQcufDVC+EYwLiX1eEnRKX9Le1aq95uie8VbhHfFyWcaUOethocXRaiUG/Ps5R0UBLBnz2aIndRkShhd15yHXvPHfehl9nBJ/ISfc6jYOrL4txSsTpfUnThWPuu2TOLkz1INguylvZnYK+howC10waF4jJzDEdzAPATM2K7m19cnTOCTA81ZBCortlU2dBDFpvhYXtN2eCoYmNUJ3W6uZfULrxO7kuYNLersDUkDcbfjlfefFvT4ZcjdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/CDIRwMIEj7pzQegmAHJKU+kq3CZ74BrWpC+V2GM9LY=; b=K6NC3Kk/Yjl+5nw0HkJcq/uAc4NoMbW4q4gvjy1wHEdNbdFb8801MV7xgUpWMb2WoHpi0O5asZXGGlAPGrypyS2EicbvxZ3gNKnGeKMb1XCySquCW44hfgGB7M5knU2ZZc0XLQZuLgRQVSMSV+12OpD6oC8oV7n1URhI+Xjt7YcjsTkwtrdZSULPf6reX19CVrhihSZxwGfwWuozsFVcjdRtNEAf0K3Mt0oLlZmZnnRwOHjLhVjb8f6T5i8DOfq/3sKdvV71WCB3AKUzyjGgiOzJFaH/9HFawjX/K7Fudi1HzSppD8rfJo/aUOjHlGRy8rjVPhwPc3V1wMv3xrMmng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=perforce.com; dmarc=pass action=none header.from=perforce.com; dkim=pass header.d=perforce.com; arc=none Authentication-Results: debbugs.gnu.org; dkim=none (message not signed) header.d=none;debbugs.gnu.org; dmarc=none action=none header.from=perforce.com; Received: from MW3PR20MB3433.namprd20.prod.outlook.com (2603:10b6:303:5e::19) by MW3PR20MB3372.namprd20.prod.outlook.com (2603:10b6:303:5a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19; Tue, 28 Apr 2020 16:52:33 +0000 Received: from MW3PR20MB3433.namprd20.prod.outlook.com ([fe80::d5a1:f399:83ed:e206]) by MW3PR20MB3433.namprd20.prod.outlook.com ([fe80::d5a1:f399:83ed:e206%6]) with mapi id 15.20.2937.023; Tue, 28 Apr 2020 16:52:33 +0000 From: Jason Gibson To: Eli Zaretskii Subject: Re: bug#40913: 24.5; Crash on open of file In-Reply-To: <83d07s2ddt.fsf@gnu.org> References: <87lfmghazg.fsf@perforce.com> <83d07s2ddt.fsf@gnu.org> Date: Tue, 28 Apr 2020 09:52:31 -0700 Message-ID: <87imhjh7sg.fsf@perforce.com> Content-Type: text/plain X-ClientProxiedBy: BYAPR11CA0065.namprd11.prod.outlook.com (2603:10b6:a03:80::42) To MW3PR20MB3433.namprd20.prod.outlook.com (2603:10b6:303:5e::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from jgibson-t7600-linux (12.234.39.240) by BYAPR11CA0065.namprd11.prod.outlook.com (2603:10b6:a03:80::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Tue, 28 Apr 2020 16:52:32 +0000 X-Originating-IP: [12.234.39.240] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ad121aaf-fb64-419d-fe53-08d7eb948bec X-MS-TrafficTypeDiagnostic: MW3PR20MB3372: X-Microsoft-Antispam-PRVS: Content-Transfer-Encoding: quoted-printable X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 0387D64A71 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2O4CS1UDTHikobxKN1UbE/UodOFxzC9fe+jz43Bk/1NUmrtjXjMaa4tMvIu8oVU3DDlbP8m4lKEJTgMDzoxwAz1jLlQ2OVQ0EVAAq0eBch++ASmwthI8elCo4xVm/QXyclD9VGsfE0lNiHGCzXeGxAyHU7AcQ2FyJStuCe5ppM8Zl8wD0/LauP7ZIxPPth87fxrOiMOSgBj/UvSe2d48G/pzeQQxNE+3fzVxqhVKV6pa598vSTr8BBCTxY25HEFo9V0yk9QoIzNO5Ah+yEGv998TGYV8xHFahtvo6wGd1sg2vncfBTUsnAwS9MS9QiQD+csb1QFlnalZlzAm/jfhuqF8aCy0xxRtr/g6vAL2DI/0qQ1a9Eah6btHiIMG2b1G32IOg8qyP2AZ34jpIJLKB8l668EqNoxxBdB1aYuwctLxJYbiELa5qSZwH0WCzpQt X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR20MB3433.namprd20.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(366004)(396003)(376002)(346002)(136003)(39850400004)(5660300002)(66946007)(66556008)(4744005)(66476007)(316002)(956004)(2906002)(6496006)(52116002)(6486002)(8676002)(186003)(8936002)(26005)(36756003)(16526019)(4326008)(6916009)(86362001)(2616005)(478600001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: PrbbfvVXzl9+SeZoMQ1T7uu4XzdwaKCOWnFDy4PnCyfYp0IvlcBG0nxRaMA7z07FAlROQMsc0eSP2DKR9vk5POvUuA83im9dInBhQPd9JQ0mobqe8I9q1u/AsRM1imb68xY7jBbQyS9DoLsWBjrdlsQ4K5pno47JMNiK9n91dJVHlAknZFYKYvhAW/8ZbvftovUCgqisENDDtbiTFqi/FQjn4Lcwm88NWfS0QOiWIifiMq3cn+YTe7RIpQt7/jlLnWyXRZv8LuI6MEl7w6aQUUfxhmXIgi7KcuCPEEpoW5Cx9mZ25fjnJWPVV4vaK0snyzsrxcJoqX5wveGci4+wXg8qDpCIccyMuYRwb/agJQyzz3epyeV0D2u9w95nEaiZ6s3+QwHTqL9eQvxsiZ4BNnMDwzG+ofMkuXRC2iEpVeO5lRUZE/fU7niIauW1uWfaN+0/U9dWNOj8HWEUth5ckidNe03Tcst0LSYEGhDj8fcG8my5JZjpmoNtcQ5PPfrN0PwDN7nDcdt5Fue20187KRnG+JZBH0tlfhOXqTvazk/f6M28AImwpat40xGTALk4nU1sKr+TGRxJD7aOox5LvzxocSxOydymaOUovESW/dJW/2TkWfUPYQyWoX+AEzR/m5CeJw4DT857U3cPvraU8d8KWHhnJR+60mFBBUxhexC3k6+E9rtaPZTmYpxqqST9JKyJziQn5Rv90t6nc8RVv/s9BepOeT25nCXnSC+CCVSeAF1lqut50FcDoVTQMPG9fES+k7vXeSKH7fk7rEvWfVvLTNZnEn5R8xeTcHrpazo= X-OriginatorOrg: perforce.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad121aaf-fb64-419d-fe53-08d7eb948bec X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2020 16:52:33.4308 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 95b666d1-9a75-49ab-95a3-8969fbcdc08c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: f2EfMSYeMrKNYeMBhsYe0dHhaSYZBV0lsLkANWwCPVHRqyn8JhyGuahuAo/i95TZNwYBWJWyXiDe7+Jgy2Ootg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR20MB3372 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 40913 X-Mailman-Approved-At: Tue, 28 Apr 2020 13:00:19 -0400 Cc: 40913@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) >> From: Jason Gibson >> Date: Mon, 27 Apr 2020 14:31:15 -0700 >> >> Attached is a file that crashes Emacs on find-file (find-file-literally >> does not crash). E.g.: >> >> tar xf foo8.tar >> LC_CTYPE=3Den_US.UTF-8 emacs -Q -nw --eval '(find-file "foo8")' >> *poof* > > Thanks. This is a very old bug, now fixed on the emacs-27 branch. If > you can build that branch, please see that the crash is gone now. The change works for me as well. Since this would seem to be a good vector for remote buffer overflow, it might make sense to backport this to prior releases. Thanks for the quick fix. This e-mail may contain information that is privileged or confidential. If = you are not the intended recipient, please delete the e-mail and any attach= ments and notify us immediately. From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 13:34:17 2020 Received: (at 40913-done) by debbugs.gnu.org; 28 Apr 2020 17:34:17 +0000 Received: from localhost ([127.0.0.1]:41328 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTU7d-0007Jn-5p for submit@debbugs.gnu.org; Tue, 28 Apr 2020 13:34:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39876) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTU7a-0007Ja-VN for 40913-done@debbugs.gnu.org; Tue, 28 Apr 2020 13:34:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36428) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTU7V-00012J-Dy; Tue, 28 Apr 2020 13:34:09 -0400 Received: from [176.228.60.248] (port=2050 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jTU7U-0000uD-IC; Tue, 28 Apr 2020 13:34:09 -0400 Date: Tue, 28 Apr 2020 20:33:47 +0300 Message-Id: <83v9lj1pms.fsf@gnu.org> From: Eli Zaretskii To: Jason Gibson In-Reply-To: <87imhjh7sg.fsf@perforce.com> (message from Jason Gibson on Tue, 28 Apr 2020 09:52:31 -0700) Subject: Re: bug#40913: 24.5; Crash on open of file References: <87lfmghazg.fsf@perforce.com> <83d07s2ddt.fsf@gnu.org> <87imhjh7sg.fsf@perforce.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40913-done Cc: 40913-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Jason Gibson > Cc: 40913@debbugs.gnu.org > Date: Tue, 28 Apr 2020 09:52:31 -0700 > > >> tar xf foo8.tar > >> LC_CTYPE=en_US.UTF-8 emacs -Q -nw --eval '(find-file "foo8")' > >> *poof* > > > > Thanks. This is a very old bug, now fixed on the emacs-27 branch. If > > you can build that branch, please see that the crash is gone now. > > The change works for me as well. Thanks, I'm therefore closing the bug. > Since this would seem to be a good vector for remote buffer overflow, it > might make sense to backport this to prior releases. There's no practical way for us to do so, since we do not intend to put out any new releases of Emacs before 27. Emacs 27.1 will be released soon, and this problem will be fixed there. It is also worth noting that the use case where this bug can rear its ugly head is quite rare. Most sequences of composed characters are very short, and the way we allocate the buffers for them always allocates more than strictly needed, which is why this bug, although blatant, went unnoticed for a very long time. You just happened to hit a file which (being in fact just a stream of binary bytes) looked to Emacs as a long sequence of characters all of which should be composed, and that sequence overflowed the allocated buffer by many hundreds of bytes, thus triggering memory corruption. From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 13:43:35 2020 Received: (at 40913-done) by debbugs.gnu.org; 28 Apr 2020 17:43:35 +0000 Received: from localhost ([127.0.0.1]:41376 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTUGc-0007Zw-Nd for submit@debbugs.gnu.org; Tue, 28 Apr 2020 13:43:35 -0400 Received: from mail-bn8nam12on2120.outbound.protection.outlook.com ([40.107.237.120]:21984 helo=NAM12-BN8-obe.outbound.protection.outlook.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTUDv-0007UY-Tk for 40913-done@debbugs.gnu.org; Tue, 28 Apr 2020 13:40:48 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LH/K0OMeK48EgSZc7UMhEQYKs+HaxXHwTxqYdHbr0ws7/cBVmz4t0Jknw+M1iaahzFJjj1QdGT93C5+9WQqDpKlok2MTby9NKjoHQSigk7NythesKpGvt2w7YXyqgxcGJXWjShuBuUEPxGrLF6Oc6UHKXA36Jk7D+S4TKnptDOPOdFSpzVJng0dVbn4Svk872eOubqjqrNtTnrWn6DnDrFrY+vvlseKbxuydqHx6DUKMbIjnlmJB0B7gcFX14yXTwlcjW3RpLkj+eBkVKxif15eKR0OiIuk5tVoFCcDAgiaWM5SghKL9Ki3IowmW/ztLivqTvu9yQQeeZMFLmcZ2wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ID7IUuhQhUlQoKrZ1UImuxyP05ghXT8KWYE+g3yJkYg=; b=T6+kT5oF6ZHXCibPgWWdZrxCRgmcV3cczbCOA+PhHPcBzbhVnXUs6NU6h9uxYRHWHNuXAQSzvj6YxgjFi0qBDmgOXVyIpAIG6sH3mpJijfdc1f/D5XRGtSBhknELI2Lf34rRE1EpWS6nNbFQcyr7nuwTM7e/kWAj+gvxduyBT8C0dfT/XWHYCzCUwHvIftW5AXgMl2G3cDeXnGYCfEd0UW9dwm0aeWoAgxJB16zT4OwhXzC8+ijCkvK0Vvb4TgUi9IYmv3JDG1wFd/qTox2aE/1FxuSI10T33DJabWyu5Prh4E95o8wYLfFYTL42DNfTqzj+7UVQ/SK03dX6jF/TNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=perforce.com; dmarc=pass action=none header.from=perforce.com; dkim=pass header.d=perforce.com; arc=none Authentication-Results: debbugs.gnu.org; dkim=none (message not signed) header.d=none;debbugs.gnu.org; dmarc=none action=none header.from=perforce.com; Received: from MW3PR20MB3433.namprd20.prod.outlook.com (2603:10b6:303:5e::19) by MW3PR20MB3388.namprd20.prod.outlook.com (2603:10b6:303:54::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Tue, 28 Apr 2020 17:40:41 +0000 Received: from MW3PR20MB3433.namprd20.prod.outlook.com ([fe80::d5a1:f399:83ed:e206]) by MW3PR20MB3433.namprd20.prod.outlook.com ([fe80::d5a1:f399:83ed:e206%6]) with mapi id 15.20.2937.023; Tue, 28 Apr 2020 17:40:41 +0000 From: Jason Gibson To: Eli Zaretskii Subject: Re: bug#40913: 24.5; Crash on open of file In-Reply-To: <83v9lj1pms.fsf@gnu.org> References: <87lfmghazg.fsf@perforce.com> <83d07s2ddt.fsf@gnu.org> <87imhjh7sg.fsf@perforce.com> <83v9lj1pms.fsf@gnu.org> Date: Tue, 28 Apr 2020 10:40:39 -0700 Message-ID: <87ftcnh5k8.fsf@perforce.com> Content-Type: text/plain X-ClientProxiedBy: BYAPR05CA0056.namprd05.prod.outlook.com (2603:10b6:a03:74::33) To MW3PR20MB3433.namprd20.prod.outlook.com (2603:10b6:303:5e::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from jgibson-t7600-linux (12.234.39.240) by BYAPR05CA0056.namprd05.prod.outlook.com (2603:10b6:a03:74::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.9 via Frontend Transport; Tue, 28 Apr 2020 17:40:40 +0000 X-Originating-IP: [12.234.39.240] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1889ebad-8f7e-41d6-e1e6-08d7eb9b452d X-MS-TrafficTypeDiagnostic: MW3PR20MB3388: X-Microsoft-Antispam-PRVS: Content-Transfer-Encoding: quoted-printable X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-Forefront-PRVS: 0387D64A71 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR20MB3433.namprd20.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(39860400002)(346002)(366004)(376002)(396003)(136003)(478600001)(956004)(6486002)(2616005)(316002)(8676002)(66476007)(66556008)(5660300002)(66946007)(6916009)(26005)(8936002)(186003)(2906002)(6496006)(52116002)(86362001)(4326008)(36756003)(16526019); DIR:OUT; SFP:1102; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wcJm4Mr+s3OSI7vFS2sK/XnzSG0uo1wdyBDF6uPWFzDgnf3o+WebK1bxxkKU1eXcdAcYvMgwmgTOn1s3oRA29MpxmAA8PZDT/BV6+jySbBgPKMKnFOU96eo2EyYhj3vUrjobsrf4o5xsH8N9Pa09N3hM0cDkQxLWHvT6cMuON7vS0NDIvGtjTvEXQiOdKLRFbyUA3lU7iTvKUBf4eEpGbvUUIM3qwxiq70749266yHOoSfLpIAbaOQpOzvZ+i1kZJLndr9o/hQ6/SGA9FulECt0iKMJsvbskI6eg83z29OzbY1OI1khky1zSiGGs5ZC7Il4hGDLyxiwsP7e4zksmjyEsLt98t6gh/QKlrGxlq+je1qcylG960hVe66HiU0qIE9tZGw8aUp3OrWMDqk09wVXcz1csjN7+Pxj9GNFFiZkIR1CsfVtl7+HDTGE56I60 X-MS-Exchange-AntiSpam-MessageData: /plCsNM/eVKf9WTRZRNYpr0RcRZ/DS/Cbk9albce8gmiSZuM/aIzzC+A77DAsrDJUTiGLXuspj4txy8KssXgvqOZ1PMRbbrHO+HsD0il8Ex6jV8+zg5V6b4+3o1agxq6wtmBPbpFnq4PxpB21FdNgCVBzw+2X3923Rnubgb53q6cZXVs2dabf+eUfmiB3S2xxL543P+QhygYd61X1wN2UtytBveTs/eyGckMo6Moy9iU72BH+T+BeQWQoENrmQgXgAyy2+f236NwX4/N58yNf6iw4mJtDL8rhvKAuKUCXy8RlrqV5MZDuueuXv7GkNzc1CNWh1/bPhtt8AdabB+p6AzxIXQ+jrUetcxruaEuIRxTolMcaImaj0lwdzWA6QSs72azpQ4xr5iRq8ZcnKkB4Hq6oEQjahKU1T9Dz3jxBg167MQ56k0NFJqSmaLDs65dJ+A/EyF+2tIkSJ3FgC8gch8chQ38qB7qUU/PF1VWrkaQR5cMkrdIsZQMjoXWWb3gJR8vrYdF91jZPWPNh1OyYcGZQQZIbdxhxYfOSNhz+nEzLibWmYa2XRBwkykeGwypPATtLjY0Kzjz0PdDYD6tS2VmR2zRCH/vGCOEf2eRhDFtmoCjbTwBeoiCqSSixCD+bgy7VddTTh+i5MPfGTVv8nqj40SZ9vTVaAL0Fm4DL34nZV7i9uwxZPxgr1aqkmllkTN4qqS8Ie9GMrIHnVvDyc3q7MLXEJ3rgbBCCmi/Nmzo3J6ymx6+PvSfWXcRYJromhLxcGtwmRhj+kaqCHYg+GB/6v8PW0wq+WnPusaGkzw= X-OriginatorOrg: perforce.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1889ebad-8f7e-41d6-e1e6-08d7eb9b452d X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2020 17:40:41.1383 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 95b666d1-9a75-49ab-95a3-8969fbcdc08c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nWsNS+N41KH68Oj416PXtySu2aC7qOTBfk5eWDwqkYk8SKJFh8ih5goUj9Bu/oVDdgIPgaBo5rDqtF4KoqCBfg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR20MB3388 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 40913-done X-Mailman-Approved-At: Tue, 28 Apr 2020 13:43:33 -0400 Cc: 40913-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) >> Since this would seem to be a good vector for remote buffer overflow, it >> might make sense to backport this to prior releases. > > There's no practical way for us to do so, since we do not intend to > put out any new releases of Emacs before 27. Emacs 27.1 will be > released soon, and this problem will be fixed there. > > It is also worth noting that the use case where this bug can rear its > ugly head is quite rare. Most sequences of composed characters are > very short, and the way we allocate the buffers for them always > allocates more than strictly needed, which is why this bug, although > blatant, went unnoticed for a very long time. You just happened to > hit a file which (being in fact just a stream of binary bytes) looked > to Emacs as a long sequence of characters all of which should be > composed, and that sequence overflowed the allocated buffer by many > hundreds of bytes, thus triggering memory corruption. Sounds good, thanks for the explanations. This e-mail may contain information that is privileged or confidential. If = you are not the intended recipient, please delete the e-mail and any attach= ments and notify us immediately. From unknown Sat Sep 06 13:45:10 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 27 May 2020 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator