From unknown Tue Jun 17 01:49:32 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#41936 <41936@debbugs.gnu.org> To: bug#41936 <41936@debbugs.gnu.org> Subject: Status: 28.0.50; AREF: assert that the index is inside bounds Reply-To: bug#41936 <41936@debbugs.gnu.org> Date: Tue, 17 Jun 2025 08:49:32 +0000 retitle 41936 28.0.50; AREF: assert that the index is inside bounds reassign 41936 emacs submitter 41936 Tino Calancha severity 41936 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 18 16:12:58 2020 Received: (at submit) by debbugs.gnu.org; 18 Jun 2020 20:12:58 +0000 Received: from localhost ([127.0.0.1]:54471 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm0u6-0001eb-KB for submit@debbugs.gnu.org; Thu, 18 Jun 2020 16:12:58 -0400 Received: from lists.gnu.org ([209.51.188.17]:38838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm0u2-0001eR-LQ for submit@debbugs.gnu.org; Thu, 18 Jun 2020 16:12:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52982) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jm0u2-0007ZW-FN for bug-gnu-emacs@gnu.org; Thu, 18 Jun 2020 16:12:50 -0400 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]:44102) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jm0u0-0001ho-OY for bug-gnu-emacs@gnu.org; Thu, 18 Jun 2020 16:12:50 -0400 Received: by mail-ed1-x52a.google.com with SMTP id s28so5817215edw.11 for ; Thu, 18 Jun 2020 13:12:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=DbBzzFyrTHgXf505znLnVORUO5AFA3LwP0V0ozNacZg=; b=Lzy+Z0G1BLchg+nSxmveVEhqkraDPVEUAxZ3CBS/MaXMDrgf9T65H3zsOCulge4DJk FthQBJTHxbBAcCRIbz6ZKNBojC1J9YPjHohT1fa3W0NDVK6v0oc6hb0SDT4Ql2k7q5NM y9mIaa6MxgjaXjSVrfeuBiKIpeb5lj3XPt3dpaJPPXRdVQ4Zuq7vl+bv4ttBmeamjuI5 Wwik5IHk4N5RrPO71R+OcQFfDqcC9re0rJTj2H96Ckjqa/N0etXVNqRkzkD6jjuKdDGV VJE3/8IspQ3pLADPwVJj2/gCnnKgqGnpdAqWy+xX8mLpZ1vSPmuBAqo6T1XDT7f1evP8 svUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=DbBzzFyrTHgXf505znLnVORUO5AFA3LwP0V0ozNacZg=; b=Zgn0MIvmAmLCLKw3F3MI+jhJgGSXmJtwM9+fsFwIxQ/XeZAT+fRKByHvWRe8eRSr+K +KRJrb9CYpfR9Ixf94wDLMlac9bYBbRfM5Xp6oZWHR4aM0vzlc6NdGEf4f/5t5bG6ksw KTLmHRPFO/k3AWuv7AEin769WYFz5cZ79d2DPVi2QNQMxmAY1EdJb0qaoUHyov9EjxKx /gEL0abkAvqqQTrzMY6eyh9Sua5Jt4QqpDWH6qiPil73jvTomQ8GMjpJAIrS/NAjbbGt 9ku42nTW8M3vp8oq+QyDFLI4hDn9DcoR8or+GC3C3cQOKQ6KrKVqoBFCWCAVI0Pydi8T YAag== X-Gm-Message-State: AOAM532mD3+hGSV7sGP37QyNTglqt5mcB42zs98nh23JYUtCBnG6/g6+ BeSqmbTW3HUYuyO+vQ1pVIifseGYAsg= X-Google-Smtp-Source: ABdhPJxplbnn48u2AZzkWqsnNzb87frVpKP4yND+hR2zVhRw5tkL8qqjPizfDD04auLdxtZKkFDu0A== X-Received: by 2002:a50:ce45:: with SMTP id k5mr5913771edj.80.1592511166662; Thu, 18 Jun 2020 13:12:46 -0700 (PDT) Received: from calancha-pc.dy.bbexcite.jp ([31.7.242.222]) by smtp.gmail.com with ESMTPSA id p23sm2985124ejw.125.2020.06.18.13.12.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 13:12:45 -0700 (PDT) From: Tino Calancha To: bug-gnu-emacs@gnu.org Subject: 28.0.50; AREF: assert that the index is inside bounds Date: Thu, 18 Jun 2020 22:12:20 +0200 Message-ID: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2a00:1450:4864:20::52a; envelope-from=tino.calancha@gmail.com; helo=mail-ed1-x52a.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Severity: wishlist,patch X-Debbugs-Cc: Paul Eggert , Eli Zaretskii , I was bitten by an out-of-bounds index at AREF while working in a new feature. A similar assert as we do in ASET would have allowed me to diagnostic the bug in minutes; instead, it took me few days to realize the bug. Is it OK for you to add the following patch? --8<-----------------------------cut here---------------start------------->8--- commit 8d904d41fcb8ef29ac8205761077a11f900916bc Author: Tino Calancha Date: Thu Jun 18 22:01:07 2020 +0200 AREF: assert that the index is inside bounds * src/lisp.h (gc_asize): Move before first use. (AREF): Assert the index is inside its bounds. * test/manual/etags/c-src/emacs/src/lisp.h (AREF): Same. diff --git a/src/lisp.h b/src/lisp.h index 3442699088..21722e4a78 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1671,6 +1671,13 @@ ASIZE (Lisp_Object array) return size; } +INLINE ptrdiff_t +gc_asize (Lisp_Object array) +{ + /* Like ASIZE, but also can be used in the garbage collector. */ + return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; +} + INLINE ptrdiff_t PVSIZE (Lisp_Object pv) { @@ -1853,6 +1860,7 @@ bool_vector_set (Lisp_Object a, EMACS_INT i, bool b) INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } @@ -1862,13 +1870,6 @@ aref_addr (Lisp_Object array, ptrdiff_t idx) return & XVECTOR (array)->contents[idx]; } -INLINE ptrdiff_t -gc_asize (Lisp_Object array) -{ - /* Like ASIZE, but also can be used in the garbage collector. */ - return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; -} - INLINE void ASET (Lisp_Object array, ptrdiff_t idx, Lisp_Object val) { diff --git a/test/manual/etags/c-src/emacs/src/lisp.h b/test/manual/etags/c-src/emacs/src/lisp.h index eceef4c00d..b2e32554c3 100644 --- a/test/manual/etags/c-src/emacs/src/lisp.h +++ b/test/manual/etags/c-src/emacs/src/lisp.h @@ -1478,6 +1478,7 @@ enum INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } --8<-----------------------------cut here---------------end--------------->8--- In GNU Emacs 28.0.50 (build 3, x86_64-pc-linux-gnu, GTK+ Version 3.24.5, cairo version 1.16.0) of 2020-06-18 built on calancha-pc.dy.bbexcite.jp Repository revision: ba450b6f462e278fcd3bc96c88f154fce219f5fc Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.12004000 System Description: Debian GNU/Linux 10 (buster) From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 18 17:06:41 2020 Received: (at 41936-done) by debbugs.gnu.org; 18 Jun 2020 21:06:41 +0000 Received: from localhost ([127.0.0.1]:54498 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm1k9-0002yz-9q for submit@debbugs.gnu.org; Thu, 18 Jun 2020 17:06:41 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:33992) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm1k7-0002ym-8P for 41936-done@debbugs.gnu.org; Thu, 18 Jun 2020 17:06:39 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 815831600E1; Thu, 18 Jun 2020 14:06:33 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id VEWUm-ytArY8; Thu, 18 Jun 2020 14:06:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 9A43C1600E3; Thu, 18 Jun 2020 14:06:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ph4PGZmoTk_N; Thu, 18 Jun 2020 14:06:32 -0700 (PDT) Received: from [192.168.1.9] (cpe-23-242-74-103.socal.res.rr.com [23.242.74.103]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id E28961600E1; Thu, 18 Jun 2020 14:06:31 -0700 (PDT) Subject: Re: bug#41936: 28.0.50; AREF: assert that the index is inside bounds To: Tino Calancha References: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> From: Paul Eggert Autocrypt: addr=eggert@cs.ucla.edu; prefer-encrypt=mutual; keydata= LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkV5QWNtUUJFQURB QXlIMnhvVHU3cHBHNUQzYThGTVpFb243NGRDdmM0K3ExWEEySjJ0QnkycHdhVHFmCmhweHhk R0E5Smo1MFVKM1BENGJTVUVnTjh0TFowc2FuNDdsNVhUQUZMaTI0NTZjaVNsNW04c0thSGxH ZHQ5WG0KQUF0bVhxZVpWSVlYL1VGUzk2ZkR6ZjR4aEVtbS95N0xiWUVQUWRVZHh1NDd4QTVL aFRZcDVibHRGM1dZRHoxWQpnZDdneDA3QXV3cDdpdzdlTnZub0RUQWxLQWw4S1lEWnpiRE5D UUdFYnBZM2VmWkl2UGRlSStGV1FONFcra2doCnkrUDZhdTZQcklJaFlyYWV1YTdYRGRiMkxT MWVuM1NzbUUzUWpxZlJxSS9BMnVlOEpNd3N2WGUvV0szOEV6czYKeDc0aVRhcUkzQUZINmls QWhEcXBNbmQvbXNTRVNORnQ3NkRpTzFaS1FNcjlhbVZQa25qZlBtSklTcWRoZ0IxRApsRWR3 MzRzUk9mNlY4bVp3MHhmcVQ2UEtFNDZMY0ZlZnpzMGtiZzRHT1JmOHZqRzJTZjF0azVlVThN Qml5Ti9iClowM2JLTmpOWU1wT0REUVF3dVA4NGtZTGtYMndCeHhNQWhCeHdiRFZadWR6eERa SjFDMlZYdWpDT0pWeHEya2wKakJNOUVUWXVVR3FkNzVBVzJMWHJMdzYrTXVJc0hGQVlBZ1Jy NytLY3dEZ0JBZndoUEJZWDM0blNTaUhsbUxDKwpLYUhMZUNMRjVaSTJ2S20zSEVlQ1R0bE9n N3haRU9OZ3d6TCtmZEtvK0Q2U29DOFJSeEpLczhhM3NWZkk0dDZDCm5yUXp2SmJCbjZneGRn Q3U1aTI5SjFRQ1lyQ1l2cWwyVXlGUEFLK2RvOTkvMWpPWFQ0bTI4MzZqMXdBUkFRQUIKdENC UVlYVnNJRVZuWjJWeWRDQThaV2RuWlhKMFFHTnpMblZqYkdFdVpXUjFQb2tDUGdRVEFRSUFL QVVDVElCeQpaQUliQXdVSkVzd0RBQVlMQ1FnSEF3SUdGUWdDQ1FvTEJCWUNBd0VDSGdFQ0Y0 QUFDZ2tRN1pmcERtS3FmalJSCkd3LytJajAzZGhZZllsL2dYVlJpdXpWMWdHcmJIayt0bmZy SS9DN2ZBZW9GelE1dFZnVmluU2hhUGtabzBIVFAKZjE4eDZJREVkQWlPOE1xbzF5cDBDdEht ekdNQ0o1MG80R3JnZmpscjZnLyt2dEVPS2JobGVzek4yWHBKdnB3TQoyUWdHdm4vbGFUTFV1 OFBIOWFSV1RzN3FKSlpLS0tBYjRzeFljOTJGZWhQdTZGT0QwZERpeWhsREFxNGxPVjJtCmRC cHpRYmlvam9aelFMTVF3anBnQ1RLMjU3MmVLOUVPRVF5U1VUaFhyU0l6NkFTZW5wNE5ZVEZI czl0dUpRdlgKazlnWkRkUFNsM2JwKzQ3ZEd4bHhFV0xwQklNN3pJT053NGtzNGF6Z1Q4bnZE WnhBNUlaSHR2cUJsSkxCT2JZWQowTGU2MVdwMHkzVGxCRGgycWRLOGVZTDQyNlc0c2NFTVN1 aWc1Z2I4T0F0UWlCVzZrMnNHVXh4ZWl2OG92V3U4CllBWmdLSmZ1b1dJK3VSbk1FZGRydVk4 SnNvTTU0S2FLdlppa2tLczJiZzFuZHRMVnpIcEo2cUZaQzdRVmplSFUKaDYvQm1ndmRqV1Ba WUZUdE4rS0E5Q1dYM0dRS0tnTjN1dTk4OHl6bkQ3TG5COThUNEVVSDFIQS9HbmZCcU1WMQpn cHpUdlBjNHFWUWluQ21Ja0VGcDgzemwrRzVmQ2pKSjNXN2l2ekNuWW80S2hLTHBGVW05N29r VEtSMkxXM3haCnpFVzRjTFNXTzM4N01USzNDekRPeDVxZTZzNGE5MVp1Wk0vai9UUWRUTERh cU5uODNrQTRIcTQ4VUhYWXhjSWgKK05kOGsvM3c2bEZ1b0swd3JPRml5d2pMeCswdXI1am1t YmVjQkdIYzF4ZGhBRkc1QWcwRVRJQnlaQUVRQUthRgo2NzhUOXd5SDR3alRyVjFQejNjREVv U25WLzBaVXJPVDM3cDFkY0d5ai9JWHExeDY3MEhSVmFoQW1rMHNacFljCjI1UEY5RDVHUFlI RldsTmp1UFU5NnJEbmRYQjNoZWRtQlJoTGRDNGJBWGpJNERWK2JtZFZlK3EvSU1ubFpSYVYK bG05RWlNQ1ZBUjZ3MTNzUmV1N3FYa1c5cjNSd1kyQXpYc2twL3RBZTRCUktyMVptYnZpMm5i blE2ZXBFQzQycgpSYngwQjFFaGpiSVFaNUpIR2syNGlQVDdMZEJnbk5tb3M1d1lqendObGtN UUQ1VDBZZHpoazdKK1V4d0E1bTQ2Cm1PaFJEQzJyRlYvQTBnbTVUTHk4RFhqdi9Fc2M0Z1lu WWFpNlNRcW5VRVZoNUx1VjhZQ0pCbmlqcytUaXc3MXgKMWljbW42eEdJNDVFdWdKT2dlYyty THlwWWdwVnA0eDBISTVUODhxQlJZQ2t4SDNLZzhRbytFV05BOUE0TFJROQpEWDhuam9uYTBn ZjBzMDN0b2NLOGtCTjY2VW9xcVB0SEJuYzRlTWdCeW1DZmxLMTJlS2ZkMllZeG55ZzljWmF6 CldBNVZzbHZUeHBtNzZoYmc1b2lBRUgvVmcvOE14SHlBblBoZnJnd3lQcm1KRWNWQmFmZHNw Sm5ZUXhCWU5jbzIKTEZQSWhsT3ZXaDhyNGF0K3MrTTNMYjI2b1VUY3psZ2RXMVNmM1NEQTc3 Qk1SbkYwRlF5RSs3QXpWNzlNQk40eQpraXFhZXpReHRhRjFGeS90dmtoZmZTbzh1K2R3RzBF Z0poK3RlMzhnVGNJU1ZyMEdJUHBsTHo2WWhqcmJIclBSCkYxQ041VXVMOURCR2p4dU4zNVJM TlZFZnRhNlJVRmxSNk5jdFRqdnJBQkVCQUFHSkFpVUVHQUVDQUE4RkFreUEKY21RQ0d3d0ZD UkxNQXdBQUNna1E3WmZwRG1LcWZqU3JIQS8rS3pBS3ZUeFJoQTlNV05MeEl5SjdTNXVKMTZn cwpUM29DalpyQktHRWhLTU9HWDRPMEdBNlZPRXJ5TzdRUkNDWWFoM294U0czOElBbk5laXdK WGdVOUJ6a2s4NVVHCmJQRWQ3SEdGL1ZTZUhDUXdXb3U2anFVRFRTRHZuOVloTlRkRzBLWFBN NzRhQyt4cjJab3cxTzJtaFhpaGdXS0QKMER3KzBMWVBuVU9zUTBLT0Z4SFhYWUhtUnJTMU9a UFU1OUJMdmMrVFJoSWhhZlNIS0x3YlhLKzZja2t4Qng2aAo4ejVjY3BHMFFzNGJGaGRGWW5G ckVpZURMb0dtbkUyWUxoZFY2c3dKOVZOQ1M2cExpRW9oVDNmbTdhWG0xNXRaCk9JeXpNWmhI UlNBUGJsWHhRMFpTV2pxOG9ScmNZTkZ4YzRXMVVScEFrQkNPWUpvWHZRZkQ1TDNscUFsOFRD cUQKVXpZeGhIL3RKaGJEZEhycUhINzY3amFEYVRCMStUYWxwLzJBTUt3Y1hOT2Rpa2xHeGJt SFZHNllHbDZnOExyYgpzdTlOWkVJNHlMbEh6dWlrdGhKV2d6KzN2WmhWR3lObHQrSE5Jb0Y2 Q2pETDJvbXU1Y0VxNFJESE00NFFxUGs2Cmw3TzBwVXZOMW1UNEIrUzFiMDhSS3BxbS9mZjAx NUUzN0hOVi9waUl2Smx4R0FZejhQU2Z1R0NCMXRoTVlxbG0KZ2RoZDkvQmFiR0ZiR0dZSEE2 VTQvVDV6cVUrZjZ4SHkxU3NBUVoxTVNLbEx3ZWtCSVQrNC9jTFJHcUNIam5WMApxNUgvVDZh N3Q1bVBrYnpTck9MU280cHVqK0lUb05qWXlZSURCV3pobEExOWF2T2ErcnZVam1IdEQzc0ZO N2NYCld0a0dvaThidU5jYnk0VT0KPUFMNm8KLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxP Q0stLS0tLQo= Organization: UCLA Computer Science Department Message-ID: <9b502c26-1406-9a38-fb25-177e59fc6388@cs.ucla.edu> Date: Thu, 18 Jun 2020 14:06:31 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <87bllggml7.fsf@calancha-pc.dy.bbexcite.jp> Content-Type: multipart/mixed; boundary="------------E94B5D9223D64F8718A4F1F8" Content-Language: en-US X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41936-done Cc: 41936-done@debbugs.gnu.org, eli zaretskii , uyennhi.qm@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This is a multi-part message in MIME format. --------------E94B5D9223D64F8718A4F1F8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 6/18/20 1:12 PM, Tino Calancha wrote: > Is it OK for you to add the following patch? Yes, good idea. I wondered a while ago (to myself) why AREF doesn't check subscripts when Emacs is configured with --enable-checking. Now that I think about it more, it's most likely because AREF was a macro and didn't want to evaluate its index argument multiple times. We don't need to worry about that any more. aref_addr should have a similar check (off by one since one can address one past the end of an array). There's no need to change test/manual/etags/c-src/emacs/src/lisp.h as that's just a data file (and changes can be harmful there as they can mess up the tests). I installed the attached. --------------E94B5D9223D64F8718A4F1F8 Content-Type: text/x-patch; charset=UTF-8; name="0001-Check-AREF-and-aref_addr-subscripts.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Check-AREF-and-aref_addr-subscripts.patch" >From e14eec7cd4a4217a0908a35415610e0fdb8604f0 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 18 Jun 2020 14:01:56 -0700 Subject: [PATCH] Check AREF and aref_addr subscripts * src/lisp.h (gc_asize): Move before first use. (AREF, aref_addr): Check subscripts. Co-authored-by: Tino Calancha --- src/lisp.h | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/lisp.h b/src/lisp.h index 3442699088..7b4f484b9b 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1671,6 +1671,13 @@ ASIZE (Lisp_Object array) return size; } +INLINE ptrdiff_t +gc_asize (Lisp_Object array) +{ + /* Like ASIZE, but also can be used in the garbage collector. */ + return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; +} + INLINE ptrdiff_t PVSIZE (Lisp_Object pv) { @@ -1853,22 +1860,17 @@ bool_vector_set (Lisp_Object a, EMACS_INT i, bool b) INLINE Lisp_Object AREF (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx < gc_asize (array)); return XVECTOR (array)->contents[idx]; } INLINE Lisp_Object * aref_addr (Lisp_Object array, ptrdiff_t idx) { + eassert (0 <= idx && idx <= gc_asize (array)); return & XVECTOR (array)->contents[idx]; } -INLINE ptrdiff_t -gc_asize (Lisp_Object array) -{ - /* Like ASIZE, but also can be used in the garbage collector. */ - return XVECTOR (array)->header.size & ~ARRAY_MARK_FLAG; -} - INLINE void ASET (Lisp_Object array, ptrdiff_t idx, Lisp_Object val) { -- 2.17.1 --------------E94B5D9223D64F8718A4F1F8-- From unknown Tue Jun 17 01:49:32 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 17 Jul 2020 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator