GNU bug report logs - #68421
Possible use after free in w32notify.c

Previous Next

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Sat, 13 Jan 2024 07:50:01 UTC

Severity: normal

Fixed in version 30.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 68421 in the body.
You can then email your comments to 68421 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#68421; Package emacs. (Sat, 13 Jan 2024 07:50:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Stefan Kangas <stefankangas <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Sat, 13 Jan 2024 07:50:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefankangas <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: Possible use after free in w32notify.c
Date: Sat, 13 Jan 2024 01:49:36 -0600

[Message part 1 (text/plain, inline)]
Could someone familiar with w32notify.c look over the attached patch?

It looks like we are trying to dereference NULL in add_watch, and
returning an already freed value from start_watching.

[w32notify-ub.diff (text/x-diff, attachment)]
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#68421; Package emacs. (Sat, 13 Jan 2024 09:14:02 GMT) Full text and rfc822 format available.

Message #8 received at 68421 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: 68421 <at> debbugs.gnu.org
Subject: Re: bug#68421: Possible use after free in w32notify.c
Date: Sat, 13 Jan 2024 11:12:31 +0200

> From: Stefan Kangas <stefankangas <at> gmail.com>
> Date: Sat, 13 Jan 2024 01:49:36 -0600
> 
> Could someone familiar with w32notify.c look over the attached patch?
> 
> It looks like we are trying to dereference NULL in add_watch, and
> returning an already freed value from start_watching.

Feel free to install on master, and thanks.
Reply sent to Stefan Kangas <stefankangas <at> gmail.com>:
You have taken responsibility. (Sat, 13 Jan 2024 09:26:01 GMT) Full text and rfc822 format available.
Notification sent to Stefan Kangas <stefankangas <at> gmail.com>:
bug acknowledged by developer. (Sat, 13 Jan 2024 09:26:01 GMT) Full text and rfc822 format available.

Message #13 received at 68421-done <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 68421-done <at> debbugs.gnu.org
Subject: Re: bug#68421: Possible use after free in w32notify.c
Date: Sat, 13 Jan 2024 03:25:44 -0600

Version: 30.1

Eli Zaretskii <eliz <at> gnu.org> writes:

>> From: Stefan Kangas <stefankangas <at> gmail.com>
>> Date: Sat, 13 Jan 2024 01:49:36 -0600
>>
>> Could someone familiar with w32notify.c look over the attached patch?
>>
>> It looks like we are trying to dereference NULL in add_watch, and
>> returning an already freed value from start_watching.
>
> Feel free to install on master, and thanks.

Thanks, done in commit 893829021bd.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 10 Feb 2024 12:24:08 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 187 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.