From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 18 19:14:11 2010 Received: (at submit) by debbugs.gnu.org; 19 Feb 2010 00:14:11 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVX-0000yN-Jv for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:11 -0500 Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVV-0000yF-H5 for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:09 -0500 Received: from mail.gnu.org ([199.232.76.166]:36586 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVR-0000s9-Pq for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:05 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NiGVP-0005Jb-Vb for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:05 -0500 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on monty-python X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,UNPARSEABLE_RELAY autolearn=ham version=3.1.0 Received: from lists.gnu.org ([199.232.76.165]:36511) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1NiGVP-0005JX-Pc for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:03 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NiGVP-00018z-Bk for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:14:03 -0500 Received: from [140.186.70.92] (port=52187 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NiGVK-000169-E4 for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:14:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NiGVF-0002xO-FG for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:13:58 -0500 Received: from mailout1-14.pacific.net.au ([125.255.80.133]:40249 helo=mailout1.pacific.net.au) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVE-0002xH-S5 for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:13:53 -0500 Received: from mailproxy2.pacific.net.au (mailproxy2.pacific.net.au [61.8.2.163]) by mailout1.pacific.net.au (Postfix) with ESMTP id 83FC152DF76 for ; Fri, 19 Feb 2010 11:13:51 +1100 (EST) Received: from blah.blah (ppp24EF.dyn.pacific.net.au [61.8.36.239]) by mailproxy2.pacific.net.au (Postfix) with ESMTP id B38692740B for ; Fri, 19 Feb 2010 11:13:50 +1100 (EST) Received: from gg by blah.blah with local (Exim 4.71) (envelope-from ) id 1NiGV7-0001p6-31 for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 11:13:45 +1100 From: Kevin Ryde To: bug-gnu-emacs@gnu.org Subject: 23.1; etags Scheme_functions past \0 terminator Date: Fri, 19 Feb 2010 11:13:44 +1100 Message-ID: <87eikiaxqf.fsf@blah.blah> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.5 (-----) --=-=-= In etags.c Scheme_functions, I think the loop while (notinname (*bp)) bp++; will take bp past the '\0' string terminator, because '\0' is a notinname(). I can't spot any obvious ill effect, only that a line of only (define is tagged, perhaps depending on what was on the line before it. In any case doesn't sound good to look into possibly uninitialized parts of the input buffer. (Another helper skip_notinname() to try to be clearer than a double-negative loop :-) 2010-02-19 Kevin Ryde * etags.c (Scheme_functions): Don't go past '\0' terminator. (skip_notinname): New helper. --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=etags.c.scheme-terminator.diff --- etags.c.~3.93.~ 2009-11-29 08:42:32.000000000 +1100 +++ etags.c 2010-02-19 11:04:42.000000000 +1100 @@ -4989,6 +4989,16 @@ * (set! xyzzy * Original code by Ken Haase (1985?) */ + +static char * +skip_notinname (char *cp) +{ + /* '\0' is a notinname(), don't continue past it */ + while (*cp && notinname (*cp)) + cp++; + return cp; +} + static void Scheme_functions (inf) FILE *inf; @@ -5001,8 +5011,7 @@ { bp = skip_non_spaces (bp+4); /* Skip over open parens and white space */ - while (notinname (*bp)) - bp++; + bp = skip_notinname (bp); get_tag (bp, NULL); } if (LOOKING_AT (bp, "(SET!") || LOOKING_AT (bp, "(set!")) --=-=-= In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.16.5) of 2009-09-14 on raven, modified by Debian configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS='' --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 19 06:10:47 2010 Received: (at submit) by debbugs.gnu.org; 19 Feb 2010 11:10:47 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiQkv-0000Pb-La for submit@debbugs.gnu.org; Fri, 19 Feb 2010 06:10:45 -0500 Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiPLy-0007tV-Bw for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:58 -0500 Received: from mx10.gnu.org ([199.232.76.166]:58911) by fencepost.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiPLv-0008K7-Jd for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:51 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NiPLt-0004yk-11 for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:51 -0500 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on monty-python X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, UNPARSEABLE_RELAY autolearn=ham version=3.1.0 Received: from lists.gnu.org ([199.232.76.165]:60028) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1NiPLs-0004yb-QP for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:48 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NiPLs-0007Z9-5P for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:48 -0500 Received: from [140.186.70.92] (port=38638 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NiPLq-0007YQ-IJ for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NiPLn-0003D2-7j for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:46 -0500 Received: from blade3.isti.cnr.it ([194.119.192.19]:56415) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiPLn-0003Ch-1X for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:43 -0500 Received: from conversionlocal.isti.cnr.it by mx.isti.cnr.it (PMDF V6.5-b2 #31825) id <01NJUE2L3FSGBF2BYI@mx.isti.cnr.it> for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 10:39:35 +0100 Received: from tucano.isti.cnr.it (tucano.isti.cnr.it [146.48.81.102]) by mx.isti.cnr.it (PMDF V6.5-b2 #31826) with ESMTPSA id <01NJUE2JJWFSBJSE3W@mx.isti.cnr.it>; Fri, 19 Feb 2010 10:39:32 +0100 (MET) Received: from pot by tucano.isti.cnr.it with local (Exim 4.71) (envelope-from ) id 1NiPKg-0000oy-3Q; Fri, 19 Feb 2010 10:39:34 +0100 Date: Fri, 19 Feb 2010 10:39:34 +0100 From: Francesco =?utf-8?Q?Potort=C3=AC?= Subject: Re: bug#5601: 23.1; etags Scheme_functions past \0 terminator In-reply-to: <87eikiaxqf.fsf@blah.blah> To: Kevin Ryde Message-id: Organization: X-INSM-ip-source: 146.48.81.102 Auth Done X-fingerprint: 4B02 6187 5C03 D6B1 2E31 7666 09DF 2DC9 BE21 6115 References: <87eikiaxqf.fsf@blah.blah> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -5.2 (-----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 19 Feb 2010 06:10:41 -0500 Cc: bug-gnu-emacs@gnu.org, owner@debbugs.gnu.org, 5601@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.3 (-----) >In etags.c Scheme_functions, I think the loop > > while (notinname (*bp)) > bp++; > >will take bp past the '\0' string terminator, because '\0' is a >notinname(). Yes, it appears so. This is a long-standing bug. Thanks for spotting it. >(Another helper skip_notinname() to try to be clearer >than a double-negative loop :-) I don't think a helper function is granted here. There is a single use of this construct in the file, and a lot of different constructs: we have not a helper function for each of them. Let's try to stick to the comomn ones only, else we will only add to the confusion. So, please do not define a helper function for this case. Again, I can do the change myself, or else you can do it yourself, as you like. >2010-02-19 Kevin Ryde > > * etags.c (Scheme_functions): Don't go past '\0' terminator. > (skip_notinname): New helper. > >--- etags.c.~3.93.~ 2009-11-29 08:42:32.000000000 +1100 >+++ etags.c 2010-02-19 11:04:42.000000000 +1100 >@@ -4989,6 +4989,16 @@ > * (set! xyzzy > * Original code by Ken Haase (1985?) > */ >+ >+static char * >+skip_notinname (char *cp) >+{ >+ /* '\0' is a notinname(), don't continue past it */ >+ while (*cp && notinname (*cp)) >+ cp++; >+ return cp; >+} >+ > static void > Scheme_functions (inf) > FILE *inf; >@@ -5001,8 +5011,7 @@ > { > bp = skip_non_spaces (bp+4); > /* Skip over open parens and white space */ >- while (notinname (*bp)) >- bp++; >+ bp = skip_notinname (bp); > get_tag (bp, NULL); > } > if (LOOKING_AT (bp, "(SET!") || LOOKING_AT (bp, "(set!")) > > > >In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.16.5) > of 2009-09-14 on raven, modified by Debian >configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS='' From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 20 09:12:35 2010 Received: (at 5601) by debbugs.gnu.org; 20 Feb 2010 14:12:35 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4Q-0004WU-R8 for submit@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:35 -0500 Received: from pantheon-po34.its.yale.edu ([130.132.50.80]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4O-0004WL-Ol for 5601@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:32 -0500 Received: from furry (adsl-99-96-75-7.dsl.wlfrct.sbcglobal.net [99.96.75.7]) (authenticated bits=0) by pantheon-po34.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id o1KECQZS026756 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 20 Feb 2010 09:12:27 -0500 Received: by furry (Postfix, from userid 1000) id 5C792C05D; Sat, 20 Feb 2010 09:12:26 -0500 (EST) From: Chong Yidong To: Francesco =?utf-8?Q?Potort=C3=AC?= Subject: Re: bug#5601: 23.1; etags Scheme_functions past \0 terminator Date: Sat, 20 Feb 2010 09:12:26 -0500 Message-ID: <87iq9s0zed.fsf@stupidchicken.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-YaleITSMailFilter: Version 1.2c (attachment(s) not renamed) X-Spam-Score: -2.5 (--) X-Debbugs-Envelope-To: 5601 Cc: Kevin Ryde , 5601@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.5 (--) > >In etags.c Scheme_functions, I think the loop > > > > while (notinname (*bp)) > > bp++; > > > >will take bp past the '\0' string terminator, because '\0' is a > >notinname(). > > Yes, it appears so. This is a long-standing bug. Thanks for spotting > it. > > >(Another helper skip_notinname() to try to be clearer > >than a double-negative loop :-) > > I don't think a helper function is granted here. There is a single use > of this construct in the file, and a lot of different constructs: we > have not a helper function for each of them. I've checked in the patch, without the helper function. Thanks. From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 20 09:12:43 2010 Received: (at control) by debbugs.gnu.org; 20 Feb 2010 14:12:43 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4Z-0004Wf-AN for submit@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:43 -0500 Received: from pantheon-po34.its.yale.edu ([130.132.50.80]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4X-0004Wa-Li for control@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:41 -0500 Received: from furry (adsl-99-96-75-7.dsl.wlfrct.sbcglobal.net [99.96.75.7]) (authenticated bits=0) by pantheon-po34.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id o1KECafg026775 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 20 Feb 2010 09:12:36 -0500 Received: by furry (Postfix, from userid 1000) id 02679C05D; Sat, 20 Feb 2010 09:12:36 -0500 (EST) From: Chong Yidong To: control@debbugs.gnu.org Subject: close 5601 Date: Sat, 20 Feb 2010 09:12:35 -0500 Message-ID: <87fx4w0ze4.fsf@stupidchicken.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-YaleITSMailFilter: Version 1.2c (attachment(s) not renamed) X-Spam-Score: -2.5 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.5 (--) close 5601 thanks From unknown Sun Jun 22 00:53:56 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 21 Mar 2010 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A long time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator