From unknown Sat Jun 21 10:21:59 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#53333 <53333@debbugs.gnu.org> To: bug#53333 <53333@debbugs.gnu.org> Subject: Status: Fix for crash in ebrowse Reply-To: bug#53333 <53333@debbugs.gnu.org> Date: Sat, 21 Jun 2025 17:21:59 +0000 retitle 53333 Fix for crash in ebrowse reassign 53333 emacs submitter 53333 Jan Stranik severity 53333 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 17 19:55:24 2022 Received: (at submit) by debbugs.gnu.org; 18 Jan 2022 00:55:24 +0000 Received: from localhost ([127.0.0.1]:48467 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9cmO-0003p9-Bs for submit@debbugs.gnu.org; Mon, 17 Jan 2022 19:55:24 -0500 Received: from lists.gnu.org ([209.51.188.17]:54384) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9abJ-0000T3-4E for submit@debbugs.gnu.org; Mon, 17 Jan 2022 17:35:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52930) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9abI-0005m5-Nu for bug-gnu-emacs@gnu.org; Mon, 17 Jan 2022 17:35:44 -0500 Received: from stranik.org ([95.216.183.163]:57757) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9abH-0007Gm-63 for bug-gnu-emacs@gnu.org; Mon, 17 Jan 2022 17:35:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=stranik.org ; s=2020nix; h=Subject:To:From; bh=Z8bBYTNy8gpaASmgNQn5Wvfg30laN2CchNfNVprHCd4=; b=FCdTtyd91pJbAzxxDdn1R5hBDA Chu5QROUPb+EsTrB5kMv+BF8yX7st0cvcc+cl7SyAtS4T9Yer69Cd7VUq7GQoNlMPG6Ew1p5UwmRF tSZoh7UzYNL5dM0d1nY4GxallWVcmrNwXwODFvFvoXPlXMwabOy2OzeUJRoA60tbz1FQ=; Received: from ool-2f14040e.dyn.optonline.net ([47.20.4.14] helo=localhost) by stranik.org with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1n9abB-00051k-Rp for bug-gnu-emacs@gnu.org; Mon, 17 Jan 2022 22:35:38 +0000 From: Jan Stranik To: bug-gnu-emacs@gnu.org Subject: Fix for crash in ebrowse Date: Mon, 17 Jan 2022 17:35:36 -0500 Message-ID: <87fspm0z47.fsf@stranik.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=95.216.183.163; envelope-from=jan@stranik.org; helo=stranik.org X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 17 Jan 2022 19:55:18 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain Hello -- attached is a patch to ebrowse. Noticed a one-off write error in case of identifiers that are too long and need escaping. The patch prevents the write to memory outside of allocated range which on my platform caused segfault. Best, --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=ebrowse-emacs-27.2-fix.diff Dont crash on C source code (one off error) The fix avoids one off error in case the last character in the buffer needs to be escaped but there is not enough space in buffer to perform the escape. The change just simiply ignores the character in such case. Author: Jan Stranik *** /var/home/janstranik/src/emacs-27.2/lib-src/ebrowse.c~ 2021-01-28 11:52:16.000000000 -0600 --- /var/home/janstranik/src/emacs-27.2/lib-src/ebrowse.c 2021-09-24 09:31:49.136287028 -0500 *************** *** 1924,1931 **** { *--s = *--t; ! if (*s == '"' || *s == '\\') ! *--s = '\\'; } *(matching_regexp_end_buf - 1) = '\0'; --- 1924,1937 ---- { *--s = *--t; ! if (*s == '"' || *s == '\\') { ! if (s > matching_regexp_buffer) ! *--s = '\\'; ! else { ! s++; ! break; ! } ! } } *(matching_regexp_end_buf - 1) = '\0'; --=-=-= Content-Type: text/plain -- Jan Stranik --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 18 13:09:37 2022 Received: (at 53333) by debbugs.gnu.org; 18 Jan 2022 18:09:37 +0000 Received: from localhost ([127.0.0.1]:51652 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9svI-0000XG-QO for submit@debbugs.gnu.org; Tue, 18 Jan 2022 13:09:36 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39410) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9svE-0000Wx-UB for 53333@debbugs.gnu.org; Tue, 18 Jan 2022 13:09:36 -0500 Received: from [2001:470:142:3::e] (port=42988 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9sv7-0005XO-Su; Tue, 18 Jan 2022 13:09:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=3M0kIsRemBHzAnLWcpNLMGReEq3niTwUQtsywB9sbPo=; b=PmzfahYdkbya GiaR3/zDP1YbR2pM5uQ9IWeAW4OUnngrqNxQXdFObvf4HPCi+9y3e1lbj5uCMc6qqEqdYLNKUMwEp FHdKgwfRVBuMCdo02M98erDuOQAmgVcg/kreqRDzOjK64x2WlJRBa599+Qi67hXT0Biz7zr+musuX SIIDXJu8/IMUAhbjaVDvMmaDCAR9zPw9mrF2Snl0Q1wKuSD2j3AhhDNpZAGLoTwlunc5wUZS3rGFb WDQt7Z95fel/QrevNOfAnveleEyQQZd6iZoEIkLHXXPmk/KMmeKsZuR5R1EisAFX4J0tTjVMheTza YE9Vi8oRpJ8cpSX4SBl7rw==; Received: from [87.69.77.57] (port=2702 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9sv7-0004ZM-SN; Tue, 18 Jan 2022 13:09:26 -0500 Date: Tue, 18 Jan 2022 20:09:18 +0200 Message-Id: <835yqgvru9.fsf@gnu.org> From: Eli Zaretskii To: Jan Stranik In-Reply-To: <87fspm0z47.fsf@stranik.org> (bug-gnu-emacs@gnu.org) Subject: Re: bug#53333: Fix for crash in ebrowse References: <87fspm0z47.fsf@stranik.org> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53333 Cc: 53333@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Mon, 17 Jan 2022 17:35:36 -0500 > From: Jan Stranik via "Bug reports for GNU Emacs, > the Swiss army knife of text editors" > > attached is a patch to ebrowse. Noticed a one-off write error in case of > identifiers that are too long and need escaping. The patch prevents the > write to memory outside of allocated range which on my platform caused > segfault. Thanks, but can you explain the need for this part: > ! else { > ! s++; > ! break; > ! } > ! } Why do we need to advance the pointer 's' in the 'else' clause? why not leave it alone? Or maybe I will understand the reason if you show some simple code that hits this problem (which would be a good thing of its own, as we'd then have a test to add to our test suite)? From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 18 20:33:05 2022 Received: (at 53333) by debbugs.gnu.org; 19 Jan 2022 01:33:05 +0000 Received: from localhost ([127.0.0.1]:52013 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9zqS-0008O6-GL for submit@debbugs.gnu.org; Tue, 18 Jan 2022 20:33:05 -0500 Received: from stranik.org ([95.216.183.163]:46471) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9zqN-0008Na-5R for 53333@debbugs.gnu.org; Tue, 18 Jan 2022 20:33:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=stranik.org ; s=2020nix; h=Subject:To:From; bh=00hJJoQMznj89lUbc2wGyRt31f9DNfAbtzG3jiSnW3o=; b=Bf2EyEG2ISUCCa05B8wHUhNPuN WfgEG16iz+jW09fk9W16aRiHjeu1w47kn8m97fGYVkA2i8f8Rn+b3TLk/VIGeQ5iVRPVus5PJbMmH 5h8YqrZy87NnNOtAccI31zU7oZVBPKRXecIlKWp3b26KHfwleTA5ydUQPUWJ6+JyLFz8=; Received: from ool-2f14040e.dyn.optonline.net ([47.20.4.14] helo=localhost) by stranik.org with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1n9zqL-00094B-4u; Wed, 19 Jan 2022 01:32:57 +0000 From: Jan Stranik To: Eli Zaretskii Subject: Re: bug#53333: Fix for crash in ebrowse References: <87fspm0z47.fsf@stranik.org> <835yqgvru9.fsf@gnu.org> Date: Tue, 18 Jan 2022 20:32:55 -0500 In-Reply-To: <835yqgvru9.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 18 Jan 2022 20:09:18 +0200") Message-ID: <878rvc1pdk.fsf@stranik.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam_score: -0.1 X-Spam_score_int: 0 X-Spam_bar: / X-Spam_report: Action: no action Symbol: ARC_NA(0.00) Symbol: RCVD_VIA_SMTP_AUTH(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: MIME_GOOD(-0.10) Symbol: RCPT_COUNT_TWO(0.00) Symbol: RCVD_COUNT_ONE(0.00) Symbol: FROM_EQ_ENVFROM(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: RCVD_TLS_ALL(0.00) Symbol: MID_RHS_MATCH_FROM(0.00) Message-ID: 878rvc1pdk.fsf@stranik.org X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53333 Cc: 53333@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > > Thanks, but can you explain the need for this part: > >> ! else { >> ! s++; >> ! break; >> ! } >> ! } > > Why do we need to advance the pointer 's' in the 'else' clause? why > not leave it alone? The identifier is copied from end to the buffer. As we are copying, we want to escape quote and backslash characters. Normally if we encounter any of these characters we just prepend \ to in front. If there is not enough space in the buffer to insert the \, we should increase the s, to back-out the character that we wanted to escape. If we would not do that, the first character might not be escaped. If that character were a quote, it would break the lisp expressions written later to the BROWSE file. > Or maybe I will understand the reason if you show some simple code > that hits this problem (which would be a good thing of its own, as > we'd then have a test to add to our test suite)? I encountered this in a c++ header file with very long identifiers that just filled the buffer but the first character had to be escaped. -- Jan Stranik From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 20 06:46:34 2022 Received: (at 53333-done) by debbugs.gnu.org; 20 Jan 2022 11:46:34 +0000 Received: from localhost ([127.0.0.1]:56557 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAVth-0004Ke-US for submit@debbugs.gnu.org; Thu, 20 Jan 2022 06:46:34 -0500 Received: from eggs.gnu.org ([209.51.188.92]:57626) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAVtf-0004KQ-IP for 53333-done@debbugs.gnu.org; Thu, 20 Jan 2022 06:46:31 -0500 Received: from [2001:470:142:3::e] (port=39410 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nAVtE-0000mH-Aa; Thu, 20 Jan 2022 06:46:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=Rr344AdRTMey7jHHstaisn18FK+lH2yssXBHmhWvqf8=; b=X/7VZtY38ewb SEMiA0Kliam3KxUesxkMHVZBCQmhefhq2XaeJ7DkSGux34IufffErrnjYJ0DtYItpT/K5RGUsMXZt uttkN08GkL+n2rZtPSl/D3X8SiiYlP8B5ytG4kW5GyoU2T3tGmxKvIih8zuBUEMRHxvrqoUMMtr/k rgF0HeJDgtZe5xiWq4sN5l1XzN984AXKxJf/rpIE6v5hFXAKCsZpEo/oQ4eVODcK6uPmEVk0qbm/C ad4Ld8JUPjKgaPvKVhRV3eJrcwDnDFIq5NilC8ynBXBn8holiXit7ruG+gm21GVGq5v3ZfuCUFTr6 TOvXBVtgKhlhBelNgJ8ztg==; Received: from [87.69.77.57] (port=1743 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nAVsj-0004U1-Ux; Thu, 20 Jan 2022 06:45:41 -0500 Date: Thu, 20 Jan 2022 13:45:31 +0200 Message-Id: <83zgnqpr50.fsf@gnu.org> From: Eli Zaretskii To: Jan Stranik In-Reply-To: <878rvc1pdk.fsf@stranik.org> (message from Jan Stranik on Tue, 18 Jan 2022 20:32:55 -0500) Subject: Re: bug#53333: Fix for crash in ebrowse References: <87fspm0z47.fsf@stranik.org> <835yqgvru9.fsf@gnu.org> <878rvc1pdk.fsf@stranik.org> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53333-done Cc: 53333-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Jan Stranik > Cc: 53333@debbugs.gnu.org > Date: Tue, 18 Jan 2022 20:32:55 -0500 > > > > > Thanks, but can you explain the need for this part: > > > >> ! else { > >> ! s++; > >> ! break; > >> ! } > >> ! } > > > > Why do we need to advance the pointer 's' in the 'else' clause? why > > not leave it alone? > > The identifier is copied from end to the buffer. As we are copying, we > want to escape quote and backslash characters. Normally if we encounter > any of these characters we just prepend \ to in front. If there is not > enough space in the buffer to insert the \, we should increase the s, to > back-out the character that we wanted to escape. > > If we would not do that, the first character might not be escaped. If > that character were a quote, it would break the lisp expressions written > later to the BROWSE file. Thanks, I installed the change on the emacs-28 branch, and I'm marking this bug done. From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 27 16:20:43 2022 Received: (at 53333-done) by debbugs.gnu.org; 27 Jan 2022 21:20:43 +0000 Received: from localhost ([127.0.0.1]:56716 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDCCB-0004LE-Eq for submit@debbugs.gnu.org; Thu, 27 Jan 2022 16:20:43 -0500 Received: from stranik.org ([95.216.183.163]:34193) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDCC8-0004L3-UD for 53333-done@debbugs.gnu.org; Thu, 27 Jan 2022 16:20:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=stranik.org ; s=2020nix; h=Subject:To:From; bh=OEX3DuxOpL/E8xs8qO8v5C0o9kkiHgJu/a1tSRCMJDo=; b=qL0PfJv3QKgDi7ghREqE2lx9Az D9mwjKlktBMb8NH/hruBOD6UXtj2hIYbdP0dNwUYR+z8m9CAuQnjomt7QMGWDv5Pnm484UwV363Xc KUuWFNZx2qkZwD85zVOs8CjCgqsTZtH7LgA7EhWzdujarYXk8gpNklb+N3lPO/Ym2oXE=; Received: from ool-2f14040e.dyn.optonline.net ([47.20.4.14] helo=localhost) by stranik.org with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1nDCC6-000BSB-E2; Thu, 27 Jan 2022 21:20:39 +0000 From: Jan Stranik To: Eli Zaretskii Subject: Re: bug#53333: Fix for crash in ebrowse References: <87fspm0z47.fsf@stranik.org> <835yqgvru9.fsf@gnu.org> <878rvc1pdk.fsf@stranik.org> <83zgnqpr50.fsf@gnu.org> Date: Thu, 27 Jan 2022 16:20:37 -0500 In-Reply-To: <83zgnqpr50.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 20 Jan 2022 13:45:31 +0200") Message-ID: <87czkcyixm.fsf@stranik.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam_score: -0.1 X-Spam_score_int: 0 X-Spam_bar: / X-Spam_report: Action: no action Symbol: ARC_NA(0.00) Symbol: RCVD_VIA_SMTP_AUTH(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: MIME_GOOD(-0.10) Symbol: RCPT_COUNT_TWO(0.00) Symbol: RCVD_COUNT_ONE(0.00) Symbol: FROM_EQ_ENVFROM(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: RCVD_TLS_ALL(0.00) Symbol: MID_RHS_MATCH_FROM(0.00) Message-ID: 87czkcyixm.fsf@stranik.org X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53333-done Cc: 53333-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > > Thanks, I installed the change on the emacs-28 branch, and I'm marking > this bug done. Thank you for pushing the change. -- Jan Stranik From unknown Sat Jun 21 10:21:59 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 25 Feb 2022 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator