From unknown Fri Aug 15 20:57:52 2025 X-Loop: help-debbugs@gnu.org Subject: bug#41936: 28.0.50; AREF: assert that the index is inside bounds Resent-From: Tino Calancha Original-Sender: "Debbugs-submit" Resent-CC: eggert@cs.ucla.edu, eliz@gnu.org, uyennhi.qm@gmail.com, bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Jun 2020 20:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 41936 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 41936@debbugs.gnu.org Cc: paul eggert , eli zaretskii , X-Debbugs-Original-To: bug-gnu-emacs@gnu.org X-Debbugs-Original-Xcc: paul eggert , eli zaretskii , Received: via spool by submit@debbugs.gnu.org id=B.15925111786369 (code B ref -1); Thu, 18 Jun 2020 20:13:02 +0000 Received: (at submit) by debbugs.gnu.org; 18 Jun 2020 20:12:58 +0000 Received: from localhost ([127.0.0.1]:54471 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm0u6-0001eb-KB for submit@debbugs.gnu.org; Thu, 18 Jun 2020 16:12:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:38838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm0u2-0001eR-LQ for submit@debbugs.gnu.org; Thu, 18 Jun 2020 16:12:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52982) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jm0u2-0007ZW-FN for bug-gnu-emacs@gnu.org; Thu, 18 Jun 2020 16:12:50 -0400 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]:44102) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jm0u0-0001ho-OY for bug-gnu-emacs@gnu.org; Thu, 18 Jun 2020 16:12:50 -0400 Received: by mail-ed1-x52a.google.com with SMTP id s28so5817215edw.11 for ; Thu, 18 Jun 2020 13:12:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=DbBzzFyrTHgXf505znLnVORUO5AFA3LwP0V0ozNacZg=; b=Lzy+Z0G1BLchg+nSxmveVEhqkraDPVEUAxZ3CBS/MaXMDrgf9T65H3zsOCulge4DJk FthQBJTHxbBAcCRIbz6ZKNBojC1J9YPjHohT1fa3W0NDVK6v0oc6hb0SDT4Ql2k7q5NM y9mIaa6MxgjaXjSVrfeuBiKIpeb5lj3XPt3dpaJPPXRdVQ4Zuq7vl+bv4ttBmeamjuI5 Wwik5IHk4N5RrPO71R+OcQFfDqcC9re0rJTj2H96Ckjqa/N0etXVNqRkzkD6jjuKdDGV VJE3/8IspQ3pLADPwVJj2/gCnnKgqGnpdAqWy+xX8mLpZ1vSPmuBAqo6T1XDT7f1evP8 svUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=DbBzzFyrTHgXf505znLnVORUO5AFA3LwP0V0ozNacZg=; b=Zgn0MIvmAmLCLKw3F3MI+jhJgGSXmJtwM9+fsFwIxQ/XeZAT+fRKByHvWRe8eRSr+K +KRJrb9CYpfR9Ixf94wDLMlac9bYBbRfM5Xp6oZWHR4aM0vzlc6NdGEf4f/5t5bG6ksw KTLmHRPFO/k3AWuv7AEin769WYFz5cZ79d2DPVi2QNQMxmAY1EdJb0qaoUHyov9EjxKx /gEL0abkAvqqQTrzMY6eyh9Sua5Jt4QqpDWH6qiPil73jvTomQ8GMjpJAIrS/NAjbbGt 9ku42nTW8M3vp8oq+QyDFLI4hDn9DcoR8or+GC3C3cQOKQ6KrKVqoBFCWCAVI0Pydi8T YAag== X-Gm-Message-State: AOAM532mD3+hGSV7sGP37QyNTglqt5mcB42zs98nh23JYUtCBnG6/g6+ BeSqmbTW3HUYuyO+vQ1pVIifseGYAsg= X-Google-Smtp-Source: ABdhPJxplbnn48u2AZzkWqsnNzb87frVpKP4yND+hR2zVhRw5tkL8qqjPizfDD04auLdxtZKkFDu0A== X-Received: by 2002:a50:ce45:: with SMTP id k5mr5913771edj.80.1592511166662; Thu, 18 Jun 2020 13:12:46 -0700 (PDT) Received: from calancha-pc.dy.bbexcite.jp ([31.7.242.222]) by smtp.gmail.com with ESMTPSA id p23sm2985124ejw.125.2020.06.18.13.12.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 13:12:45 -0700 (PDT) From: Tino Calancha Date: Thu, 18 Jun 2020 22:12:20 +0200 Message-ID: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2a00:1450:4864:20::52a; envelope-from=tino.calancha@gmail.com; helo=mail-ed1-x52a.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Severity: wishlist,patch X-Debbugs-Cc: Paul Eggert , Eli Zaretskii , I was bitten by an out-of-bounds index at AREF while working in a new feature. A similar assert as we do in ASET would have allowed me to diagnostic the bug in minutes; instead, it took me few days to realize the bug. Is it OK for you to add the following patch? --8<-----------------------------cut here---------------start------------->8--- commit 8d904d41fcb8ef29ac8205761077a11f900916bc Author: Tino Calancha Date: Thu Jun 18 22:01:07 2020 +0200 AREF: assert that the index is inside bounds * src/lisp.h (gc_asize): Move before first use. (AREF): Assert the index is inside its bounds. * test/manual/etags/c-src/emacs/src/lisp.h (AREF): Same. diff --git a/src/lisp.h b/src/lisp.h index 3442699088..21722e4a78 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1671,6 +1671,13 @@ ASIZE (Lisp_Object array) return size; } +INLINE ptrdiff_t +gc_asize (Lisp_Object array) +{ + /* Like ASIZE, but also can be used in the garbage collector. */ + return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; +} + INLINE ptrdiff_t PVSIZE (Lisp_Object pv) { @@ -1853,6 +1860,7 @@ bool_vector_set (Lisp_Object a, EMACS_INT i, bool b) INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } @@ -1862,13 +1870,6 @@ aref_addr (Lisp_Object array, ptrdiff_t idx) return & XVECTOR (array)->contents[idx]; } -INLINE ptrdiff_t -gc_asize (Lisp_Object array) -{ - /* Like ASIZE, but also can be used in the garbage collector. */ - return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; -} - INLINE void ASET (Lisp_Object array, ptrdiff_t idx, Lisp_Object val) { diff --git a/test/manual/etags/c-src/emacs/src/lisp.h b/test/manual/etags/c-src/emacs/src/lisp.h index eceef4c00d..b2e32554c3 100644 --- a/test/manual/etags/c-src/emacs/src/lisp.h +++ b/test/manual/etags/c-src/emacs/src/lisp.h @@ -1478,6 +1478,7 @@ enum INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } --8<-----------------------------cut here---------------end--------------->8--- In GNU Emacs 28.0.50 (build 3, x86_64-pc-linux-gnu, GTK+ Version 3.24.5, cairo version 1.16.0) of 2020-06-18 built on calancha-pc.dy.bbexcite.jp Repository revision: ba450b6f462e278fcd3bc96c88f154fce219f5fc Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.12004000 System Description: Debian GNU/Linux 10 (buster) From unknown Fri Aug 15 20:57:52 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Tino Calancha Subject: bug#41936: closed (Re: bug#41936: 28.0.50; AREF: assert that the index is inside bounds) Message-ID: References: <9b502c26-1406-9a38-fb25-177e59fc6388@cs.ucla.edu> <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> X-Gnu-PR-Message: they-closed 41936 X-Gnu-PR-Package: emacs Reply-To: 41936@debbugs.gnu.org Date: Thu, 18 Jun 2020 21:07:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1592514421-11504-1" This is a multi-part message in MIME format... ------------=_1592514421-11504-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #41936: 28.0.50; AREF: assert that the index is inside bounds which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 41936@debbugs.gnu.org. --=20 41936: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D41936 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1592514421-11504-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 41936-done) by debbugs.gnu.org; 18 Jun 2020 21:06:41 +0000 Received: from localhost ([127.0.0.1]:54498 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm1k9-0002yz-9q for submit@debbugs.gnu.org; Thu, 18 Jun 2020 17:06:41 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:33992) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm1k7-0002ym-8P for 41936-done@debbugs.gnu.org; Thu, 18 Jun 2020 17:06:39 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 815831600E1; Thu, 18 Jun 2020 14:06:33 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id VEWUm-ytArY8; Thu, 18 Jun 2020 14:06:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 9A43C1600E3; Thu, 18 Jun 2020 14:06:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ph4PGZmoTk_N; Thu, 18 Jun 2020 14:06:32 -0700 (PDT) Received: from [192.168.1.9] (cpe-23-242-74-103.socal.res.rr.com [23.242.74.103]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id E28961600E1; Thu, 18 Jun 2020 14:06:31 -0700 (PDT) Subject: Re: bug#41936: 28.0.50; AREF: assert that the index is inside bounds To: Tino Calancha References: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> From: Paul Eggert Autocrypt: addr=eggert@cs.ucla.edu; prefer-encrypt=mutual; keydata= LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkV5QWNtUUJFQURB QXlIMnhvVHU3cHBHNUQzYThGTVpFb243NGRDdmM0K3ExWEEySjJ0QnkycHdhVHFmCmhweHhk R0E5Smo1MFVKM1BENGJTVUVnTjh0TFowc2FuNDdsNVhUQUZMaTI0NTZjaVNsNW04c0thSGxH ZHQ5WG0KQUF0bVhxZVpWSVlYL1VGUzk2ZkR6ZjR4aEVtbS95N0xiWUVQUWRVZHh1NDd4QTVL aFRZcDVibHRGM1dZRHoxWQpnZDdneDA3QXV3cDdpdzdlTnZub0RUQWxLQWw4S1lEWnpiRE5D UUdFYnBZM2VmWkl2UGRlSStGV1FONFcra2doCnkrUDZhdTZQcklJaFlyYWV1YTdYRGRiMkxT MWVuM1NzbUUzUWpxZlJxSS9BMnVlOEpNd3N2WGUvV0szOEV6czYKeDc0aVRhcUkzQUZINmls QWhEcXBNbmQvbXNTRVNORnQ3NkRpTzFaS1FNcjlhbVZQa25qZlBtSklTcWRoZ0IxRApsRWR3 MzRzUk9mNlY4bVp3MHhmcVQ2UEtFNDZMY0ZlZnpzMGtiZzRHT1JmOHZqRzJTZjF0azVlVThN Qml5Ti9iClowM2JLTmpOWU1wT0REUVF3dVA4NGtZTGtYMndCeHhNQWhCeHdiRFZadWR6eERa SjFDMlZYdWpDT0pWeHEya2wKakJNOUVUWXVVR3FkNzVBVzJMWHJMdzYrTXVJc0hGQVlBZ1Jy NytLY3dEZ0JBZndoUEJZWDM0blNTaUhsbUxDKwpLYUhMZUNMRjVaSTJ2S20zSEVlQ1R0bE9n N3haRU9OZ3d6TCtmZEtvK0Q2U29DOFJSeEpLczhhM3NWZkk0dDZDCm5yUXp2SmJCbjZneGRn Q3U1aTI5SjFRQ1lyQ1l2cWwyVXlGUEFLK2RvOTkvMWpPWFQ0bTI4MzZqMXdBUkFRQUIKdENC UVlYVnNJRVZuWjJWeWRDQThaV2RuWlhKMFFHTnpMblZqYkdFdVpXUjFQb2tDUGdRVEFRSUFL QVVDVElCeQpaQUliQXdVSkVzd0RBQVlMQ1FnSEF3SUdGUWdDQ1FvTEJCWUNBd0VDSGdFQ0Y0 QUFDZ2tRN1pmcERtS3FmalJSCkd3LytJajAzZGhZZllsL2dYVlJpdXpWMWdHcmJIayt0bmZy SS9DN2ZBZW9GelE1dFZnVmluU2hhUGtabzBIVFAKZjE4eDZJREVkQWlPOE1xbzF5cDBDdEht ekdNQ0o1MG80R3JnZmpscjZnLyt2dEVPS2JobGVzek4yWHBKdnB3TQoyUWdHdm4vbGFUTFV1 OFBIOWFSV1RzN3FKSlpLS0tBYjRzeFljOTJGZWhQdTZGT0QwZERpeWhsREFxNGxPVjJtCmRC cHpRYmlvam9aelFMTVF3anBnQ1RLMjU3MmVLOUVPRVF5U1VUaFhyU0l6NkFTZW5wNE5ZVEZI czl0dUpRdlgKazlnWkRkUFNsM2JwKzQ3ZEd4bHhFV0xwQklNN3pJT053NGtzNGF6Z1Q4bnZE WnhBNUlaSHR2cUJsSkxCT2JZWQowTGU2MVdwMHkzVGxCRGgycWRLOGVZTDQyNlc0c2NFTVN1 aWc1Z2I4T0F0UWlCVzZrMnNHVXh4ZWl2OG92V3U4CllBWmdLSmZ1b1dJK3VSbk1FZGRydVk4 SnNvTTU0S2FLdlppa2tLczJiZzFuZHRMVnpIcEo2cUZaQzdRVmplSFUKaDYvQm1ndmRqV1Ba WUZUdE4rS0E5Q1dYM0dRS0tnTjN1dTk4OHl6bkQ3TG5COThUNEVVSDFIQS9HbmZCcU1WMQpn cHpUdlBjNHFWUWluQ21Ja0VGcDgzemwrRzVmQ2pKSjNXN2l2ekNuWW80S2hLTHBGVW05N29r VEtSMkxXM3haCnpFVzRjTFNXTzM4N01USzNDekRPeDVxZTZzNGE5MVp1Wk0vai9UUWRUTERh cU5uODNrQTRIcTQ4VUhYWXhjSWgKK05kOGsvM3c2bEZ1b0swd3JPRml5d2pMeCswdXI1am1t YmVjQkdIYzF4ZGhBRkc1QWcwRVRJQnlaQUVRQUthRgo2NzhUOXd5SDR3alRyVjFQejNjREVv U25WLzBaVXJPVDM3cDFkY0d5ai9JWHExeDY3MEhSVmFoQW1rMHNacFljCjI1UEY5RDVHUFlI RldsTmp1UFU5NnJEbmRYQjNoZWRtQlJoTGRDNGJBWGpJNERWK2JtZFZlK3EvSU1ubFpSYVYK bG05RWlNQ1ZBUjZ3MTNzUmV1N3FYa1c5cjNSd1kyQXpYc2twL3RBZTRCUktyMVptYnZpMm5i blE2ZXBFQzQycgpSYngwQjFFaGpiSVFaNUpIR2syNGlQVDdMZEJnbk5tb3M1d1lqendObGtN UUQ1VDBZZHpoazdKK1V4d0E1bTQ2Cm1PaFJEQzJyRlYvQTBnbTVUTHk4RFhqdi9Fc2M0Z1lu WWFpNlNRcW5VRVZoNUx1VjhZQ0pCbmlqcytUaXc3MXgKMWljbW42eEdJNDVFdWdKT2dlYyty THlwWWdwVnA0eDBISTVUODhxQlJZQ2t4SDNLZzhRbytFV05BOUE0TFJROQpEWDhuam9uYTBn ZjBzMDN0b2NLOGtCTjY2VW9xcVB0SEJuYzRlTWdCeW1DZmxLMTJlS2ZkMllZeG55ZzljWmF6 CldBNVZzbHZUeHBtNzZoYmc1b2lBRUgvVmcvOE14SHlBblBoZnJnd3lQcm1KRWNWQmFmZHNw Sm5ZUXhCWU5jbzIKTEZQSWhsT3ZXaDhyNGF0K3MrTTNMYjI2b1VUY3psZ2RXMVNmM1NEQTc3 Qk1SbkYwRlF5RSs3QXpWNzlNQk40eQpraXFhZXpReHRhRjFGeS90dmtoZmZTbzh1K2R3RzBF Z0poK3RlMzhnVGNJU1ZyMEdJUHBsTHo2WWhqcmJIclBSCkYxQ041VXVMOURCR2p4dU4zNVJM TlZFZnRhNlJVRmxSNk5jdFRqdnJBQkVCQUFHSkFpVUVHQUVDQUE4RkFreUEKY21RQ0d3d0ZD UkxNQXdBQUNna1E3WmZwRG1LcWZqU3JIQS8rS3pBS3ZUeFJoQTlNV05MeEl5SjdTNXVKMTZn cwpUM29DalpyQktHRWhLTU9HWDRPMEdBNlZPRXJ5TzdRUkNDWWFoM294U0czOElBbk5laXdK WGdVOUJ6a2s4NVVHCmJQRWQ3SEdGL1ZTZUhDUXdXb3U2anFVRFRTRHZuOVloTlRkRzBLWFBN NzRhQyt4cjJab3cxTzJtaFhpaGdXS0QKMER3KzBMWVBuVU9zUTBLT0Z4SFhYWUhtUnJTMU9a UFU1OUJMdmMrVFJoSWhhZlNIS0x3YlhLKzZja2t4Qng2aAo4ejVjY3BHMFFzNGJGaGRGWW5G ckVpZURMb0dtbkUyWUxoZFY2c3dKOVZOQ1M2cExpRW9oVDNmbTdhWG0xNXRaCk9JeXpNWmhI UlNBUGJsWHhRMFpTV2pxOG9ScmNZTkZ4YzRXMVVScEFrQkNPWUpvWHZRZkQ1TDNscUFsOFRD cUQKVXpZeGhIL3RKaGJEZEhycUhINzY3amFEYVRCMStUYWxwLzJBTUt3Y1hOT2Rpa2xHeGJt SFZHNllHbDZnOExyYgpzdTlOWkVJNHlMbEh6dWlrdGhKV2d6KzN2WmhWR3lObHQrSE5Jb0Y2 Q2pETDJvbXU1Y0VxNFJESE00NFFxUGs2Cmw3TzBwVXZOMW1UNEIrUzFiMDhSS3BxbS9mZjAx NUUzN0hOVi9waUl2Smx4R0FZejhQU2Z1R0NCMXRoTVlxbG0KZ2RoZDkvQmFiR0ZiR0dZSEE2 VTQvVDV6cVUrZjZ4SHkxU3NBUVoxTVNLbEx3ZWtCSVQrNC9jTFJHcUNIam5WMApxNUgvVDZh N3Q1bVBrYnpTck9MU280cHVqK0lUb05qWXlZSURCV3pobEExOWF2T2ErcnZVam1IdEQzc0ZO N2NYCld0a0dvaThidU5jYnk0VT0KPUFMNm8KLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxP Q0stLS0tLQo= Organization: UCLA Computer Science Department Message-ID: <9b502c26-1406-9a38-fb25-177e59fc6388@cs.ucla.edu> Date: Thu, 18 Jun 2020 14:06:31 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> Content-Type: multipart/mixed; boundary="------------E94B5D9223D64F8718A4F1F8" Content-Language: en-US X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41936-done Cc: 41936-done@debbugs.gnu.org, eli zaretskii , uyennhi.qm@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This is a multi-part message in MIME format. --------------E94B5D9223D64F8718A4F1F8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 6/18/20 1:12 PM, Tino Calancha wrote: > Is it OK for you to add the following patch? Yes, good idea. I wondered a while ago (to myself) why AREF doesn't check subscripts when Emacs is configured with --enable-checking. Now that I think about it more, it's most likely because AREF was a macro and didn't want to evaluate its index argument multiple times. We don't need to worry about that any more. aref_addr should have a similar check (off by one since one can address one past the end of an array). There's no need to change test/manual/etags/c-src/emacs/src/lisp.h as that's just a data file (and changes can be harmful there as they can mess up the tests). I installed the attached. --------------E94B5D9223D64F8718A4F1F8 Content-Type: text/x-patch; charset=UTF-8; name="0001-Check-AREF-and-aref_addr-subscripts.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Check-AREF-and-aref_addr-subscripts.patch" >From e14eec7cd4a4217a0908a35415610e0fdb8604f0 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 18 Jun 2020 14:01:56 -0700 Subject: [PATCH] Check AREF and aref_addr subscripts * src/lisp.h (gc_asize): Move before first use. (AREF, aref_addr): Check subscripts. Co-authored-by: Tino Calancha --- src/lisp.h | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/lisp.h b/src/lisp.h index 3442699088..7b4f484b9b 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1671,6 +1671,13 @@ ASIZE (Lisp_Object array) return size; } +INLINE ptrdiff_t +gc_asize (Lisp_Object array) +{ + /* Like ASIZE, but also can be used in the garbage collector. */ + return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; +} + INLINE ptrdiff_t PVSIZE (Lisp_Object pv) { @@ -1853,22 +1860,17 @@ bool_vector_set (Lisp_Object a, EMACS_INT i, bool b) INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } INLINE Lisp_Object * aref_addr (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx <= gc_asize (array)); return & XVECTOR (array)->contents[idx]; } -INLINE ptrdiff_t -gc_asize (Lisp_Object array) -{ - /* Like ASIZE, but also can be used in the garbage collector. */ - return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; -} - INLINE void ASET (Lisp_Object array, ptrdiff_t idx, Lisp_Object val) { -- 2.17.1 --------------E94B5D9223D64F8718A4F1F8-- ------------=_1592514421-11504-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 Jun 2020 20:12:58 +0000 Received: from localhost ([127.0.0.1]:54471 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm0u6-0001eb-KB for submit@debbugs.gnu.org; Thu, 18 Jun 2020 16:12:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:38838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm0u2-0001eR-LQ for submit@debbugs.gnu.org; Thu, 18 Jun 2020 16:12:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52982) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jm0u2-0007ZW-FN for bug-gnu-emacs@gnu.org; Thu, 18 Jun 2020 16:12:50 -0400 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]:44102) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jm0u0-0001ho-OY for bug-gnu-emacs@gnu.org; Thu, 18 Jun 2020 16:12:50 -0400 Received: by mail-ed1-x52a.google.com with SMTP id s28so5817215edw.11 for ; Thu, 18 Jun 2020 13:12:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=DbBzzFyrTHgXf505znLnVORUO5AFA3LwP0V0ozNacZg=; b=Lzy+Z0G1BLchg+nSxmveVEhqkraDPVEUAxZ3CBS/MaXMDrgf9T65H3zsOCulge4DJk FthQBJTHxbBAcCRIbz6ZKNBojC1J9YPjHohT1fa3W0NDVK6v0oc6hb0SDT4Ql2k7q5NM y9mIaa6MxgjaXjSVrfeuBiKIpeb5lj3XPt3dpaJPPXRdVQ4Zuq7vl+bv4ttBmeamjuI5 Wwik5IHk4N5RrPO71R+OcQFfDqcC9re0rJTj2H96Ckjqa/N0etXVNqRkzkD6jjuKdDGV VJE3/8IspQ3pLADPwVJj2/gCnnKgqGnpdAqWy+xX8mLpZ1vSPmuBAqo6T1XDT7f1evP8 svUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=DbBzzFyrTHgXf505znLnVORUO5AFA3LwP0V0ozNacZg=; b=Zgn0MIvmAmLCLKw3F3MI+jhJgGSXmJtwM9+fsFwIxQ/XeZAT+fRKByHvWRe8eRSr+K +KRJrb9CYpfR9Ixf94wDLMlac9bYBbRfM5Xp6oZWHR4aM0vzlc6NdGEf4f/5t5bG6ksw KTLmHRPFO/k3AWuv7AEin769WYFz5cZ79d2DPVi2QNQMxmAY1EdJb0qaoUHyov9EjxKx /gEL0abkAvqqQTrzMY6eyh9Sua5Jt4QqpDWH6qiPil73jvTomQ8GMjpJAIrS/NAjbbGt 9ku42nTW8M3vp8oq+QyDFLI4hDn9DcoR8or+GC3C3cQOKQ6KrKVqoBFCWCAVI0Pydi8T YAag== X-Gm-Message-State: AOAM532mD3+hGSV7sGP37QyNTglqt5mcB42zs98nh23JYUtCBnG6/g6+ BeSqmbTW3HUYuyO+vQ1pVIifseGYAsg= X-Google-Smtp-Source: ABdhPJxplbnn48u2AZzkWqsnNzb87frVpKP4yND+hR2zVhRw5tkL8qqjPizfDD04auLdxtZKkFDu0A== X-Received: by 2002:a50:ce45:: with SMTP id k5mr5913771edj.80.1592511166662; Thu, 18 Jun 2020 13:12:46 -0700 (PDT) Received: from calancha-pc.dy.bbexcite.jp ([31.7.242.222]) by smtp.gmail.com with ESMTPSA id p23sm2985124ejw.125.2020.06.18.13.12.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 13:12:45 -0700 (PDT) From: Tino Calancha To: bug-gnu-emacs@gnu.org Subject: 28.0.50; AREF: assert that the index is inside bounds Date: Thu, 18 Jun 2020 22:12:20 +0200 Message-ID: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2a00:1450:4864:20::52a; envelope-from=tino.calancha@gmail.com; helo=mail-ed1-x52a.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Severity: wishlist,patch X-Debbugs-Cc: Paul Eggert , Eli Zaretskii , I was bitten by an out-of-bounds index at AREF while working in a new feature. A similar assert as we do in ASET would have allowed me to diagnostic the bug in minutes; instead, it took me few days to realize the bug. Is it OK for you to add the following patch? --8<-----------------------------cut here---------------start------------->8--- commit 8d904d41fcb8ef29ac8205761077a11f900916bc Author: Tino Calancha Date: Thu Jun 18 22:01:07 2020 +0200 AREF: assert that the index is inside bounds * src/lisp.h (gc_asize): Move before first use. (AREF): Assert the index is inside its bounds. * test/manual/etags/c-src/emacs/src/lisp.h (AREF): Same. diff --git a/src/lisp.h b/src/lisp.h index 3442699088..21722e4a78 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1671,6 +1671,13 @@ ASIZE (Lisp_Object array) return size; } +INLINE ptrdiff_t +gc_asize (Lisp_Object array) +{ + /* Like ASIZE, but also can be used in the garbage collector. */ + return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; +} + INLINE ptrdiff_t PVSIZE (Lisp_Object pv) { @@ -1853,6 +1860,7 @@ bool_vector_set (Lisp_Object a, EMACS_INT i, bool b) INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } @@ -1862,13 +1870,6 @@ aref_addr (Lisp_Object array, ptrdiff_t idx) return & XVECTOR (array)->contents[idx]; } -INLINE ptrdiff_t -gc_asize (Lisp_Object array) -{ - /* Like ASIZE, but also can be used in the garbage collector. */ - return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; -} - INLINE void ASET (Lisp_Object array, ptrdiff_t idx, Lisp_Object val) { diff --git a/test/manual/etags/c-src/emacs/src/lisp.h b/test/manual/etags/c-src/emacs/src/lisp.h index eceef4c00d..b2e32554c3 100644 --- a/test/manual/etags/c-src/emacs/src/lisp.h +++ b/test/manual/etags/c-src/emacs/src/lisp.h @@ -1478,6 +1478,7 @@ enum INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } --8<-----------------------------cut here---------------end--------------->8--- In GNU Emacs 28.0.50 (build 3, x86_64-pc-linux-gnu, GTK+ Version 3.24.5, cairo version 1.16.0) of 2020-06-18 built on calancha-pc.dy.bbexcite.jp Repository revision: ba450b6f462e278fcd3bc96c88f154fce219f5fc Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.12004000 System Description: Debian GNU/Linux 10 (buster) ------------=_1592514421-11504-1--