GNU bug report logs - #58850
29.0.50; sqlite crashes on error

Previous Next

Package: emacs;

Reported by: Andrew Hyatt <ahyatt <at> gmail.com>

Date: Sat, 29 Oct 2022 00:48:02 UTC

Severity: normal

Found in version 29.0.50

Fixed in version 29.1

Done: Andrew Hyatt <ahyatt <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #34 received at 58850 <at> debbugs.gnu.org (full text, mbox):

From: Gerd Möllmann <gerd.moellmann <at> gmail.com>
To: Andrew Hyatt <ahyatt <at> gmail.com>
Cc: 58850 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>
Subject: Re: bug#58850: 29.0.50; sqlite crashes on error
Date: Wed, 2 Nov 2022 06:00:08 +0100

On 02.11.22 04:33, Andrew Hyatt wrote:
> It does work for me, thank you for the fix!  I don't think I really 
> understand what is going on here either (does anyone? is the length of 
> the path in the name the relevant thing here?), but if there's a 
> solution that works, then that's enough for me, thanks.  I'll close this 
> bug.

It was a classical stack-buffer overflow.  The "name=..." part of the
printed representation of SQLite objects was printed to a fixed-size
buffer on the processor stack.  With a long enough name, this overwrites
other stuff on the stack, like the return address, and boom.  I fixed
this by not using a buffer al all, which is the way this is done
normally.  There was actually no need for using the buffer in the first
place.

Thanks for the report, and the testing!
This bug report was last modified 2 years and 202 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.