GNU bug report logs - #58334
29.0.50; ASAN heap use after free in gui_produce_glyphs

Package: emacs;

Reported by: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Date: Thu, 6 Oct 2022 15:04:01 UTC

Severity: normal

Found in version 29.0.50

Message #80 received at 58334 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Po Lu <luangruo <at> yahoo.com>
Cc: gerd.moellmann <at> gmail.com, 58334 <at> debbugs.gnu.org
Subject: Re: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs
Date: Fri, 07 Oct 2022 14:34:57 +0300

> From: Po Lu <luangruo <at> yahoo.com>
> Cc: Eli Zaretskii <eliz <at> gnu.org>,  58334 <at> debbugs.gnu.org
> Date: Fri, 07 Oct 2022 19:19:53 +0800
> 
> Gerd Möllmann <gerd.moellmann <at> gmail.com> writes:
> 
> > So, do you agree that block_input wouldn't solve the problem?  Or does
> > it?
> 
> It should, because it prevents the read_socket_hook from being called.
> However, you must keep in mind that anything that can call unblock_input
> can also run redisplay, as unblock_input reads pending async input if
> the input is completely unblocked.

IMNSHO, we cannot start blocking input left and right, because it will
make Emacs unresponsive.

I think a better alternative is to audit the uses of FACE_FROM_ID and
see what we can do to protect their callers from a situation where the
frame's face cache was freed since the face ID was obtained.  We could
even make the remedy be part of FACE_FROM_ID itself, so it will
"self-heal", so to speak.

This bug report was last modified 2 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #58334 29.0.50; ASAN heap use after free in gui_produce_glyphs

GNU bug report logs - #58334
29.0.50; ASAN heap use after free in gui_produce_glyphs