GNU bug report logs - #61896
30.0.50; Emacs crashes because of an invalid free

Previous Next

Package: emacs;

Reported by: Philip Kaludercic <philipk <at> posteo.net>

Date: Wed, 1 Mar 2023 20:26:02 UTC

Severity: normal

Found in version 30.0.50

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 61896 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Philip Kaludercic <philipk <at> posteo.net>
Cc: mattiase <at> acm.org, 61896 <at> debbugs.gnu.org
Subject: Re: bug#61896: 30.0.50; Emacs crashes because of an invalid free
Date: Thu, 02 Mar 2023 11:41:05 +0200

> From: Philip Kaludercic <philipk <at> posteo.net>
> Cc: Mattias EngdegÄrd <mattiase <at> acm.org>,
>   61896 <at> debbugs.gnu.org
> Date: Thu, 02 Mar 2023 08:53:54 +0000
> 
> >From what I recall, the address being freed was on the stack.  How does
> the byte-code interpreter behave when the input is broken?  Is there
> some way of validating if the byte-code is "coherent"?  If I manually
> modify the byte code and replace random bytes, is the interpreter
> written to expect this kind of issue?

Sorry, I don't understand the questions.  Maybe Mattias will.

My interpretation of this problem is that some corruption happened to
the specpdl stuff, which causes SAFE_FREE decide that some data should
be 'free'd when it was actually allocated off the stack.  The question
is how could that happen.
This bug report was last modified 1 year and 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.