GNU bug report logs - #53333
Fix for crash in ebrowse

Previous Next

Package: emacs;

Reported by: Jan Stranik <jan <at> stranik.org>

Date: Tue, 18 Jan 2022 00:56:02 UTC

Severity: normal

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#53333: closed (Fix for crash in ebrowse)
Date: Thu, 20 Jan 2022 11:47:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 20 Jan 2022 13:45:31 +0200
with message-id <83zgnqpr50.fsf <at> gnu.org>
and subject line Re: bug#53333: Fix for crash in ebrowse
has caused the debbugs.gnu.org bug report #53333,
regarding Fix for crash in ebrowse
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
53333: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=53333
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Jan Stranik <jan <at> stranik.org>
To: bug-gnu-emacs <at> gnu.org
Subject: Fix for crash in ebrowse
Date: Mon, 17 Jan 2022 17:35:36 -0500

[Message part 3 (text/plain, inline)]
Hello --

attached is a patch to ebrowse. Noticed a one-off write error in case of
identifiers that are too long and need escaping. The patch prevents the
write to memory outside of allocated range which on my platform caused
segfault.

Best,



[ebrowse-emacs-27.2-fix.diff (text/x-diff, attachment)]
[Message part 5 (text/plain, inline)]
-- 

Jan Stranik

[Message part 6 (message/rfc822, inline)]
From: Eli Zaretskii <eliz <at> gnu.org>
To: Jan Stranik <jan <at> stranik.org>
Cc: 53333-done <at> debbugs.gnu.org
Subject: Re: bug#53333: Fix for crash in ebrowse
Date: Thu, 20 Jan 2022 13:45:31 +0200

> From: Jan Stranik <jan <at> stranik.org>
> Cc: 53333 <at> debbugs.gnu.org
> Date: Tue, 18 Jan 2022 20:32:55 -0500
> 
> >
> > Thanks, but can you explain the need for this part:
> >
> >> !           else {
> >> !               s++;
> >> !               break;
> >> !           }
> >> !       }
> >
> > Why do we need to advance the pointer 's' in the 'else' clause? why
> > not leave it alone?
> 
> The identifier is copied from end to the buffer. As we are copying, we
> want to escape quote and backslash characters. Normally if we encounter
> any of these characters we just prepend \ to in front. If there is not
> enough space in the buffer to insert the \, we should increase the s, to
> back-out the character that we wanted to escape.
> 
> If we would not do that, the first character might not be escaped. If
> that character were a quote, it would break the lisp expressions written
> later to the BROWSE file.

Thanks, I installed the change on the emacs-28 branch, and I'm marking
this bug done.
This bug report was last modified 3 years and 116 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.