From unknown Sun Jun 22 08:07:38 2025 X-Loop: bug-gnu-emacs@gnu.org Subject: bug#5601: 23.1; etags Scheme_functions past \0 terminator Resent-From: Kevin Ryde Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Feb 2010 00:15:02 +0000 Resent-Message-ID: Resent-Sender: bug-gnu-emacs@gnu.org X-Emacs-PR-Message: report 5601 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: To: 5601@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.12665384513746 (code B ref -1); Fri, 19 Feb 2010 00:15:02 +0000 Received: (at submit) by debbugs.gnu.org; 19 Feb 2010 00:14:11 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVX-0000yN-Jv for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:11 -0500 Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVV-0000yF-H5 for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:09 -0500 Received: from mail.gnu.org ([199.232.76.166]:36586 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVR-0000s9-Pq for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:05 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NiGVP-0005Jb-Vb for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:05 -0500 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on monty-python X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,UNPARSEABLE_RELAY autolearn=ham version=3.1.0 Received: from lists.gnu.org ([199.232.76.165]:36511) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1NiGVP-0005JX-Pc for submit@debbugs.gnu.org; Thu, 18 Feb 2010 19:14:03 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NiGVP-00018z-Bk for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:14:03 -0500 Received: from [140.186.70.92] (port=52187 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NiGVK-000169-E4 for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:14:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NiGVF-0002xO-FG for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:13:58 -0500 Received: from mailout1-14.pacific.net.au ([125.255.80.133]:40249 helo=mailout1.pacific.net.au) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiGVE-0002xH-S5 for bug-gnu-emacs@gnu.org; Thu, 18 Feb 2010 19:13:53 -0500 Received: from mailproxy2.pacific.net.au (mailproxy2.pacific.net.au [61.8.2.163]) by mailout1.pacific.net.au (Postfix) with ESMTP id 83FC152DF76 for ; Fri, 19 Feb 2010 11:13:51 +1100 (EST) Received: from blah.blah (ppp24EF.dyn.pacific.net.au [61.8.36.239]) by mailproxy2.pacific.net.au (Postfix) with ESMTP id B38692740B for ; Fri, 19 Feb 2010 11:13:50 +1100 (EST) Received: from gg by blah.blah with local (Exim 4.71) (envelope-from ) id 1NiGV7-0001p6-31 for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 11:13:45 +1100 From: Kevin Ryde Date: Fri, 19 Feb 2010 11:13:44 +1100 Message-ID: <87eikiaxqf.fsf@blah.blah> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -5.5 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.5 (-----) --=-=-= In etags.c Scheme_functions, I think the loop while (notinname (*bp)) bp++; will take bp past the '\0' string terminator, because '\0' is a notinname(). I can't spot any obvious ill effect, only that a line of only (define is tagged, perhaps depending on what was on the line before it. In any case doesn't sound good to look into possibly uninitialized parts of the input buffer. (Another helper skip_notinname() to try to be clearer than a double-negative loop :-) 2010-02-19 Kevin Ryde * etags.c (Scheme_functions): Don't go past '\0' terminator. (skip_notinname): New helper. --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=etags.c.scheme-terminator.diff --- etags.c.~3.93.~ 2009-11-29 08:42:32.000000000 +1100 +++ etags.c 2010-02-19 11:04:42.000000000 +1100 @@ -4989,6 +4989,16 @@ * (set! xyzzy * Original code by Ken Haase (1985?) */ + +static char * +skip_notinname (char *cp) +{ + /* '\0' is a notinname(), don't continue past it */ + while (*cp && notinname (*cp)) + cp++; + return cp; +} + static void Scheme_functions (inf) FILE *inf; @@ -5001,8 +5011,7 @@ { bp = skip_non_spaces (bp+4); /* Skip over open parens and white space */ - while (notinname (*bp)) - bp++; + bp = skip_notinname (bp); get_tag (bp, NULL); } if (LOOKING_AT (bp, "(SET!") || LOOKING_AT (bp, "(set!")) --=-=-= In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.16.5) of 2009-09-14 on raven, modified by Debian configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS='' --=-=-=-- From unknown Sun Jun 22 08:07:38 2025 X-Loop: bug-gnu-emacs@gnu.org Subject: bug#5601: 23.1; etags Scheme_functions past \0 terminator Resent-From: Francesco =?UTF-8?Q?Potort=C3=AC?= Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Feb 2010 11:11:03 +0000 Resent-Message-ID: Resent-Sender: bug-gnu-emacs@gnu.org X-Emacs-PR-Message: followup 5601 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: To: Kevin Ryde Cc: bug-gnu-emacs@gnu.org, owner@debbugs.gnu.org, 5601@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.12665778471593 (code B ref -1); Fri, 19 Feb 2010 11:11:03 +0000 Received: (at submit) by debbugs.gnu.org; 19 Feb 2010 11:10:47 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiQkv-0000Pb-La for submit@debbugs.gnu.org; Fri, 19 Feb 2010 06:10:45 -0500 Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiPLy-0007tV-Bw for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:58 -0500 Received: from mx10.gnu.org ([199.232.76.166]:58911) by fencepost.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiPLv-0008K7-Jd for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:51 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NiPLt-0004yk-11 for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:51 -0500 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on monty-python X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, UNPARSEABLE_RELAY autolearn=ham version=3.1.0 Received: from lists.gnu.org ([199.232.76.165]:60028) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1NiPLs-0004yb-QP for submit@debbugs.gnu.org; Fri, 19 Feb 2010 04:40:48 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NiPLs-0007Z9-5P for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:48 -0500 Received: from [140.186.70.92] (port=38638 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NiPLq-0007YQ-IJ for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NiPLn-0003D2-7j for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:46 -0500 Received: from blade3.isti.cnr.it ([194.119.192.19]:56415) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NiPLn-0003Ch-1X for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 04:40:43 -0500 Received: from conversionlocal.isti.cnr.it by mx.isti.cnr.it (PMDF V6.5-b2 #31825) id <01NJUE2L3FSGBF2BYI@mx.isti.cnr.it> for bug-gnu-emacs@gnu.org; Fri, 19 Feb 2010 10:39:35 +0100 Received: from tucano.isti.cnr.it (tucano.isti.cnr.it [146.48.81.102]) by mx.isti.cnr.it (PMDF V6.5-b2 #31826) with ESMTPSA id <01NJUE2JJWFSBJSE3W@mx.isti.cnr.it>; Fri, 19 Feb 2010 10:39:32 +0100 (MET) Received: from pot by tucano.isti.cnr.it with local (Exim 4.71) (envelope-from ) id 1NiPKg-0000oy-3Q; Fri, 19 Feb 2010 10:39:34 +0100 Date: Fri, 19 Feb 2010 10:39:34 +0100 From: Francesco =?UTF-8?Q?Potort=C3=AC?= In-reply-to: <87eikiaxqf.fsf@blah.blah> Message-id: Organization: X-INSM-ip-source: 146.48.81.102 Auth Done X-fingerprint: 4B02 6187 5C03 D6B1 2E31 7666 09DF 2DC9 BE21 6115 References: <87eikiaxqf.fsf@blah.blah> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -5.2 (-----) X-Mailman-Approved-At: Fri, 19 Feb 2010 06:10:41 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.3 (-----) >In etags.c Scheme_functions, I think the loop > > while (notinname (*bp)) > bp++; > >will take bp past the '\0' string terminator, because '\0' is a >notinname(). Yes, it appears so. This is a long-standing bug. Thanks for spotting it. >(Another helper skip_notinname() to try to be clearer >than a double-negative loop :-) I don't think a helper function is granted here. There is a single use of this construct in the file, and a lot of different constructs: we have not a helper function for each of them. Let's try to stick to the comomn ones only, else we will only add to the confusion. So, please do not define a helper function for this case. Again, I can do the change myself, or else you can do it yourself, as you like. >2010-02-19 Kevin Ryde > > * etags.c (Scheme_functions): Don't go past '\0' terminator. > (skip_notinname): New helper. > >--- etags.c.~3.93.~ 2009-11-29 08:42:32.000000000 +1100 >+++ etags.c 2010-02-19 11:04:42.000000000 +1100 >@@ -4989,6 +4989,16 @@ > * (set! xyzzy > * Original code by Ken Haase (1985?) > */ >+ >+static char * >+skip_notinname (char *cp) >+{ >+ /* '\0' is a notinname(), don't continue past it */ >+ while (*cp && notinname (*cp)) >+ cp++; >+ return cp; >+} >+ > static void > Scheme_functions (inf) > FILE *inf; >@@ -5001,8 +5011,7 @@ > { > bp = skip_non_spaces (bp+4); > /* Skip over open parens and white space */ >- while (notinname (*bp)) >- bp++; >+ bp = skip_notinname (bp); > get_tag (bp, NULL); > } > if (LOOKING_AT (bp, "(SET!") || LOOKING_AT (bp, "(set!")) > > > >In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.16.5) > of 2009-09-14 on raven, modified by Debian >configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS='' From unknown Sun Jun 22 08:07:38 2025 X-Loop: bug-gnu-emacs@gnu.org Subject: bug#5601: 23.1; etags Scheme_functions past \0 terminator References: <87eikiaxqf.fsf@blah.blah> In-Reply-To: <87eikiaxqf.fsf@blah.blah> Resent-From: Chong Yidong Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 20 Feb 2010 14:13:02 +0000 Resent-Message-ID: Resent-Sender: bug-gnu-emacs@gnu.org X-Emacs-PR-Message: followup 5601 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: To: Francesco =?UTF-8?Q?Potort=C3=AC?= Cc: Kevin Ryde , 5601@debbugs.gnu.org Received: via spool by 5601-submit@debbugs.gnu.org id=B5601.126667515517393 (code B ref 5601); Sat, 20 Feb 2010 14:13:02 +0000 Received: (at 5601) by debbugs.gnu.org; 20 Feb 2010 14:12:35 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4Q-0004WU-R8 for submit@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:35 -0500 Received: from pantheon-po34.its.yale.edu ([130.132.50.80]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4O-0004WL-Ol for 5601@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:32 -0500 Received: from furry (adsl-99-96-75-7.dsl.wlfrct.sbcglobal.net [99.96.75.7]) (authenticated bits=0) by pantheon-po34.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id o1KECQZS026756 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 20 Feb 2010 09:12:27 -0500 Received: by furry (Postfix, from userid 1000) id 5C792C05D; Sat, 20 Feb 2010 09:12:26 -0500 (EST) From: Chong Yidong Date: Sat, 20 Feb 2010 09:12:26 -0500 Message-ID: <87iq9s0zed.fsf@stupidchicken.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-YaleITSMailFilter: Version 1.2c (attachment(s) not renamed) X-Spam-Score: -2.5 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.5 (--) > >In etags.c Scheme_functions, I think the loop > > > > while (notinname (*bp)) > > bp++; > > > >will take bp past the '\0' string terminator, because '\0' is a > >notinname(). > > Yes, it appears so. This is a long-standing bug. Thanks for spotting > it. > > >(Another helper skip_notinname() to try to be clearer > >than a double-negative loop :-) > > I don't think a helper function is granted here. There is a single use > of this construct in the file, and a lot of different constructs: we > have not a helper function for each of them. I've checked in the patch, without the helper function. Thanks. From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 20 09:12:43 2010 Received: (at control) by debbugs.gnu.org; 20 Feb 2010 14:12:43 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4Z-0004Wf-AN for submit@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:43 -0500 Received: from pantheon-po34.its.yale.edu ([130.132.50.80]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Niq4X-0004Wa-Li for control@debbugs.gnu.org; Sat, 20 Feb 2010 09:12:41 -0500 Received: from furry (adsl-99-96-75-7.dsl.wlfrct.sbcglobal.net [99.96.75.7]) (authenticated bits=0) by pantheon-po34.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id o1KECafg026775 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 20 Feb 2010 09:12:36 -0500 Received: by furry (Postfix, from userid 1000) id 02679C05D; Sat, 20 Feb 2010 09:12:36 -0500 (EST) From: Chong Yidong To: control@debbugs.gnu.org Subject: close 5601 Date: Sat, 20 Feb 2010 09:12:35 -0500 Message-ID: <87fx4w0ze4.fsf@stupidchicken.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-YaleITSMailFilter: Version 1.2c (attachment(s) not renamed) X-Spam-Score: -2.5 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.5 (--) close 5601 thanks