GNU bug report logs - #63063
CVE-2021-36699 report

Previous Next

Package: emacs;

Reported by: Eli Zaretskii <eliz <at> gnu.org>

Date: Tue, 25 Apr 2023 07:14:02 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Po Lu <luangruo <at> yahoo.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 63063 <at> debbugs.gnu.org, fuomag9 <fuo <at> fuo.fi>
Subject: bug#63063: CVE-2021-36699 report
Date: Tue, 25 Apr 2023 15:24:31 +0800

Eli Zaretskii <eliz <at> gnu.org> writes:

> Please tell more about the buffer overflow: where does it happen in
> the Emacs sources, which buffer overflows, and why.  I cannot find
> these details in your report.

It happens because the dump file is deliberately edited to be invalid.
It is not a dump file that Emacs will generate under any circumstance,
and as such it's not a bug; by the same means, a pointer to an invalid
Lisp object could be created, causing a similar crash.  Emacs is not
expected to operate from a corrupt dump file any more than it is
expected to operate from a corrupt executable.
This bug report was last modified 2 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.