GNU bug report logs -
#61896
30.0.50; Emacs crashes because of an invalid free
Previous Next
Reported by: Philip Kaludercic <philipk <at> posteo.net>
Date: Wed, 1 Mar 2023 20:26:02 UTC
Severity: normal
Found in version 30.0.50
Done: Stefan Kangas <stefankangas <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
> From: Philip Kaludercic <philipk <at> posteo.net>
> Cc: Mattias EngdegÄrd <mattiase <at> acm.org>,
> 61896 <at> debbugs.gnu.org
> Date: Thu, 02 Mar 2023 08:53:54 +0000
>
> >From what I recall, the address being freed was on the stack. How does
> the byte-code interpreter behave when the input is broken? Is there
> some way of validating if the byte-code is "coherent"? If I manually
> modify the byte code and replace random bytes, is the interpreter
> written to expect this kind of issue?
Sorry, I don't understand the questions. Maybe Mattias will.
My interpretation of this problem is that some corruption happened to
the specpdl stuff, which causes SAFE_FREE decide that some data should
be 'free'd when it was actually allocated off the stack. The question
is how could that happen.
This bug report was last modified 1 year and 317 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.