GNU bug report logs - #59104
28.2; Uninitialized field command_modes in Lisp_Module_Function

Previous Next

Package: emacs;

Reported by: Richard Copley <rcopley <at> gmail.com>

Date: Mon, 7 Nov 2022 11:32:02 UTC

Severity: normal

Found in version 28.2

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59104 in the body.
You can then email your comments to 59104 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#59104; Package emacs. (Mon, 07 Nov 2022 11:32:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Richard Copley <rcopley <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Mon, 07 Nov 2022 11:32:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Richard Copley <rcopley <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 28.2; Uninitialized field command_modes in Lisp_Module_Function
Date: Mon, 7 Nov 2022 11:30:51 +0000

1. Save the "next-prime" sample C program in section E.8.3 "Module
Values" of the Elisp manual to file "sample.c"

2. Add these three lines before "return 0;" in function
"emacs_module_init" at the end of the file:

        const char s[] = "nInteger: ";
        emacs_value spec = env->make_string(env, s, sizeof s - 1);
        env->make_interactive (env, func, spec);

3. Save and compile (compile-command: "gcc --shared -o ~/sample.so
sample.c -lgmp").

4. (Dangerous) Load the module and attempt to access the command_modes
field of the Lisp_Module_Function object for the next-prime command.

        emacs --batch -eval "(load-library \"~/sample.so\")" -eval
"(print (command-modes 'next-prime))"

The command_modes field seems to be uninitialized. This might print a
random integer, print a randomly selected lisp object from memory, or
segfault.


In GNU Emacs 28.2 (build 2, x86_64-w64-mingw32)
 of 2022-10-11 built on fv-az365-328
Repository revision: b35f9af313a5d5c42988eb5a7751209b4234a67e
Repository branch: master
Windowing system distributor 'Microsoft Corp.', version 10.0.19045
System Description: Microsoft Windows 10 Pro (v10.0.2009.19045.2130)

Configured using:
 'configure --prefix=/mingw64 --host=x86_64-w64-mingw32
 --build=x86_64-w64-mingw32 --with-modules --without-dbus
 --without-compress-install --with-native-compilation
 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe'
 CPPFLAGS=-D__USE_MINGW_ANSI_STDIO=1 LDFLAGS=-pipe'

Configured features:
ACL GIF GMP GNUTLS HARFBUZZ JPEG JSON LIBXML2 MODULES NATIVE_COMP NOTIFY
W32NOTIFY PDUMPER PNG RSVG SOUND THREADS TIFF TOOLKIT_SCROLL_BARS XPM
ZLIB

Important settings:
  value of $LANG: ENG
  locale-coding-system: cp1252

Major mode: Fundamental

Minor modes in effect:
  shell-dirtrack-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  indent-tabs-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message rmc puny rfc822 mml mml-sec epa
derived epg rfc6068 epg-config gnus-util rmail rmail-loaddefs
auth-source eieio eieio-core eieio-loaddefs password-cache json map
mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils
mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr
mail-utils time-date misearch multi-isearch shell pcomplete compile
text-property-search comint ansi-color ring vc-git diff-mode easy-mmode
vc-dispatcher cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles
cc-align cc-engine cc-vars cc-defs dired-aux dired comp comp-cstr
warnings subr-x rx cl-seq cl-macs cl-extra help-mode seq byte-opt gv
cl-loaddefs cl-lib bytecomp byte-compile cconv dired-loaddefs iso-transl
tooltip eldoc paren electric uniquify ediff-hook vc-hooks
lisp-float-type elisp-mode mwheel dos-w32 ls-lisp disp-table
term/w32-win w32-win w32-vars term/common-win tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite emoji-zwj charscript charprop case-table
epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice
button loaddefs faces cus-face macroexp files window text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote threads w32notify w32 multi-tty
make-network-process native-compile emacs)

Memory information:
((conses 16 166842 11642)
 (symbols 48 11063 1)
 (strings 32 38698 2749)
 (string-bytes 1 1480785)
 (vectors 16 24357)
 (vector-slots 8 430076 60478)
 (floats 8 42 269)
 (intervals 56 2483 0)
 (buffers 992 18))
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#59104; Package emacs. (Wed, 09 Nov 2022 16:25:02 GMT) Full text and rfc822 format available.

Message #8 received at 59104 <at> debbugs.gnu.org (full text, mbox):

From: Richard Copley <rcopley <at> gmail.com>
To: 59104 <at> debbugs.gnu.org
Subject: Re: 28.2; Uninitialized field command_modes in Lisp_Module_Function
Date: Wed, 9 Nov 2022 16:24:35 +0000

> The command_modes field seems to be uninitialized. This might print a
> random integer, print a randomly selected lisp object from memory, or
> segfault.

I can confirm that changing the 'field' argument from "interactive_form" 
to "command_modes", in the invocation of ALLOCATE_PSEUDOVECTOR in 
allocate_module_function (), fixes the problem. See "emacs-module.c", 
line 564.
Reply sent to Eli Zaretskii <eliz <at> gnu.org>:
You have taken responsibility. (Thu, 10 Nov 2022 10:57:01 GMT) Full text and rfc822 format available.
Notification sent to Richard Copley <rcopley <at> gmail.com>:
bug acknowledged by developer. (Thu, 10 Nov 2022 10:57:02 GMT) Full text and rfc822 format available.

Message #13 received at 59104-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Richard Copley <rcopley <at> gmail.com>
Cc: 59104-done <at> debbugs.gnu.org
Subject: Re: bug#59104: 28.2;
 Uninitialized field command_modes in Lisp_Module_Function
Date: Thu, 10 Nov 2022 12:56:30 +0200

> Date: Wed, 9 Nov 2022 16:24:35 +0000
> From: Richard Copley <rcopley <at> gmail.com>
> 
> > The command_modes field seems to be uninitialized. This might print a
> > random integer, print a randomly selected lisp object from memory, or
> > segfault.
> 
> I can confirm that changing the 'field' argument from "interactive_form" 
> to "command_modes", in the invocation of ALLOCATE_PSEUDOVECTOR in 
> allocate_module_function (), fixes the problem. See "emacs-module.c", 
> line 564.

Thanks, I think this is the right fix, so I've now installed this on
the master branch, and I'm closing the bug.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 08 Dec 2022 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 2 years and 280 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.