GNU bug report logs - #58334
29.0.50; ASAN heap use after free in gui_produce_glyphs

Previous Next

Full log

Message #116 received at 58334 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Po Lu <luangruo <at> yahoo.com>
Cc: gerd.moellmann <at> gmail.com, 58334 <at> debbugs.gnu.org
Subject: Re: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs
Date: Fri, 07 Oct 2022 15:16:44 +0300

> From: Po Lu <luangruo <at> yahoo.com>
> Cc: Eli Zaretskii <eliz <at> gnu.org>,  58334 <at> debbugs.gnu.org
> Date: Fri, 07 Oct 2022 20:12:58 +0800
> 
> In the recent past, Emacs also used to run Lisp as part of the character
> conversion of keyboard input, straight from handle_one_xevent:
> 
> 	    if (nchars < nbytes)
> 	      {
> 		/* Decode the input data.  */
> 
> 		/* The input should be decoded with `coding_system'
> 		   which depends on which X*LookupString function
> 		   we used just above and the locale.  */
> 		setup_coding_system (coding_system, &coding);
> 		coding.src_multibyte = false;
> 		coding.dst_multibyte = true;
> 		/* The input is converted to events, thus we can't
> 		   handle composition.  Anyway, there's no XIM that
> 		   gives us composition information.  */
> 		coding.common_flags &= ~CODING_ANNOTATION_MASK;
> 
> 		SAFE_NALLOCA (coding.destination, MAX_MULTIBYTE_LENGTH,
> 			      nbytes);
> 		coding.dst_bytes = MAX_MULTIBYTE_LENGTH * nbytes;
> 		coding.mode |= CODING_MODE_LAST_BLOCK;
> 		decode_coding_c_string (&coding, copy_bufptr, nbytes, Qnil);
> 		nbytes = coding.produced;
> 		nchars = coding.produced_char;
> 		copy_bufptr = coding.destination;
> 	      }
> 
> How come that never caused problems?

Why should it cause problems? what kind of problems?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.