GNU bug report logs -
#40913
24.5; Crash on open of file
Previous Next
Reported by: Jason Gibson <jgibson <at> perforce.com>
Date: Mon, 27 Apr 2020 22:00:02 UTC
Severity: normal
Found in version 24.5
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #19 received at 40913-done <at> debbugs.gnu.org (full text, mbox):
>> Since this would seem to be a good vector for remote buffer overflow, it
>> might make sense to backport this to prior releases.
>
> There's no practical way for us to do so, since we do not intend to
> put out any new releases of Emacs before 27. Emacs 27.1 will be
> released soon, and this problem will be fixed there.
>
> It is also worth noting that the use case where this bug can rear its
> ugly head is quite rare. Most sequences of composed characters are
> very short, and the way we allocate the buffers for them always
> allocates more than strictly needed, which is why this bug, although
> blatant, went unnoticed for a very long time. You just happened to
> hit a file which (being in fact just a stream of binary bytes) looked
> to Emacs as a long sequence of characters all of which should be
> composed, and that sequence overflowed the allocated buffer by many
> hundreds of bytes, thus triggering memory corruption.
Sounds good, thanks for the explanations.
This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.
This bug report was last modified 5 years and 103 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.