From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 13 02:49:53 2024 Received: (at submit) by debbugs.gnu.org; 13 Jan 2024 07:49:53 +0000 Received: from localhost ([127.0.0.1]:38303 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOYm6-0003Pz-N6 for submit@debbugs.gnu.org; Sat, 13 Jan 2024 02:49:53 -0500 Received: from lists.gnu.org ([2001:470:142::17]:60778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOYm1-0003Ph-4f for submit@debbugs.gnu.org; Sat, 13 Jan 2024 02:49:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rOYlx-00064L-3x for bug-gnu-emacs@gnu.org; Sat, 13 Jan 2024 02:49:41 -0500 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rOYlv-0003Ax-K3 for bug-gnu-emacs@gnu.org; Sat, 13 Jan 2024 02:49:40 -0500 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-40e68dc8c2fso7380405e9.2 for ; Fri, 12 Jan 2024 23:49:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705132178; x=1705736978; darn=gnu.org; h=to:subject:message-id:date:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=uDqn+1qiu3bWq+dBuV1upc1BLi1WMCV6QIxjZoyUSmA=; b=PBasMxYLXHPZHIXN+550awxD7GvWZiPCl2lV6acBif7ttxOO53skfNWXuZc/mL+TFS qi2aWclVYKHvu/1mD6EAw6P3q/UszIi7QOY8rXFqhcNXuzLr8NLYCPUNLrr4i1amQuiF rvwlqkIH8HbjrABdCjnrkpBtIlwyg5Y25GCpsQpq6sgTdSUkP2i/PByn/M/BkrSK1BQq SGFJ2faGjsExvM8Qq3JhtDk2zftQ1Z5MWqZpkOL4hDZFanL+WK/QF5uwiwVfJCctHD1x N7Gp+EzaTFcUgOChhgxAv8aNuAdIXfIkDbR7k83s3SuZPuhpbKsTUys8giY9td2d1/dw iRsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705132178; x=1705736978; h=to:subject:message-id:date:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uDqn+1qiu3bWq+dBuV1upc1BLi1WMCV6QIxjZoyUSmA=; b=RJ4qzgwDE8w/8MvSFqDpS01wVxPQqZGMdnV7HrLnfbb67SvwPGcQ4a3XUiHm2vmxpa hCy3gw7sjtoNLdBNPQw0AXkxxDbSiC2SP6Be6qOZxT1Qj1L8bnkxuHU7CtO60jxqsHVH cVpjmYOmYssrFZds5nBSmyOju+kU59o1XHoqFOowBdceubPHeUSFEvbEpFilp8Vyu2IW 52eKQS8b+6Cc68mg947XoKbnvpe+D3Zu7dublTuTox5LRdLG4yonA+oQIdJP6FtvzuvK gXbrGmJ8DUnhiJDB/m0T5XPAqSKt64zFSzFZU7MEn+h4goeCzlZTjvf72TBQmPFoD00J fpaQ== X-Gm-Message-State: AOJu0YzuJwggKMLdChaagC5qmbNlNE1X3wRhOhkfBZV1fOSnDYDI5Qcp 3G2hSRbQNxILotuH5BkwHl2aQHOK1i4yvfdW/s3qUu3g X-Google-Smtp-Source: AGHT+IGn4bCX3/VVofQzuuP45bEd5hXH76eJF2GzJyQOHnVfVOBAAy8QGsXlqPmqEuilUJeX1nYtPLPAmAovkAQRj9A= X-Received: by 2002:a05:600c:5010:b0:40e:6d68:432f with SMTP id n16-20020a05600c501000b0040e6d68432fmr215560wmr.42.1705132177835; Fri, 12 Jan 2024 23:49:37 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 13 Jan 2024 01:49:36 -0600 From: Stefan Kangas MIME-Version: 1.0 Date: Sat, 13 Jan 2024 01:49:36 -0600 Message-ID: Subject: Possible use after free in w32notify.c To: bug-gnu-emacs@gnu.org Content-Type: multipart/mixed; boundary="000000000000c18887060ecf053c" Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=stefankangas@gmail.com; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --000000000000c18887060ecf053c Content-Type: text/plain; charset="UTF-8" Could someone familiar with w32notify.c look over the attached patch? It looks like we are trying to dereference NULL in add_watch, and returning an already freed value from start_watching. --000000000000c18887060ecf053c Content-Type: text/x-diff; charset="US-ASCII"; name="w32notify-ub.diff" Content-Disposition: attachment; filename="w32notify-ub.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: 115090e90f742961_0.1 ZGlmZiAtLWdpdCBhL3NyYy93MzJub3RpZnkuYyBiL3NyYy93MzJub3RpZnkuYwppbmRleCA5Zjhh NjJhMWRhYS4uYzkzZTg3OTZmZTIgMTAwNjQ0Ci0tLSBhL3NyYy93MzJub3RpZnkuYworKysgYi9z cmMvdzMybm90aWZ5LmMKQEAgLTM1MCw2ICszNTAsNyBAQCBzdGFydF93YXRjaGluZyAoY29uc3Qg Y2hhciAqZmlsZSwgSEFORExFIGhkaXIsIEJPT0wgc3ViZGlycywgRFdPUkQgZmxhZ3MpCiAgICAg ICB4ZnJlZSAoZGlyd2F0Y2gtPmlvX2luZm8pOwogICAgICAgeGZyZWUgKGRpcndhdGNoLT53YXRj aGVlKTsKICAgICAgIHhmcmVlIChkaXJ3YXRjaCk7CisgICAgICByZXR1cm4gTlVMTDsKICAgICB9 CiAgIHJldHVybiBkaXJ3YXRjaDsKIH0KQEAgLTQxMiwxMCArNDEzLDcgQEAgYWRkX3dhdGNoIChj b25zdCBjaGFyICpwYXJlbnRfZGlyLCBjb25zdCBjaGFyICpmaWxlLCBCT09MIHN1YmRpcnMsIERX T1JEIGZsYWdzKQogICAgIHJldHVybiBOVUxMOwogCiAgIGlmICgoZGlyd2F0Y2ggPSBzdGFydF93 YXRjaGluZyAoZmlsZSwgaGRpciwgc3ViZGlycywgZmxhZ3MpKSA9PSBOVUxMKQotICAgIHsKLSAg ICAgIENsb3NlSGFuZGxlIChoZGlyKTsKLSAgICAgIGRpcndhdGNoLT5kaXIgPSBOVUxMOwotICAg IH0KKyAgICBDbG9zZUhhbmRsZSAoaGRpcik7CiAKICAgcmV0dXJuIGRpcndhdGNoOwogfQo= --000000000000c18887060ecf053c-- From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 13 04:13:13 2024 Received: (at 68421) by debbugs.gnu.org; 13 Jan 2024 09:13:13 +0000 Received: from localhost ([127.0.0.1]:38379 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOa4n-00029b-6M for submit@debbugs.gnu.org; Sat, 13 Jan 2024 04:13:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:48824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOa4l-00029O-2w for 68421@debbugs.gnu.org; Sat, 13 Jan 2024 04:13:11 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rOa4h-0006cb-0u; Sat, 13 Jan 2024 04:13:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=id5/x97R7nTuBgeABLyyDRoIVaqwzoZwopMxbZxyP0k=; b=A10sWjq4cBJ4 7kfB02ULrxiYty/Q942NDFIoYx+OF2wt7tZbZU4y1WtmpdPU9jGmkwjEawtwm9CY7tSYX/1PGqee6 9YK8AQN7z1IxEKVgLYrDcF9xyIZ47cdx17quPhZyHrkv9Px+PRsgoB6EdHQrqECz7KKSqyJkEVJU8 It6tvASULPW9Eka8LASmf2w02dfXZWCbesCTL4TqrndZSAKrInO6/nmBCq3CfM48i9KodJRLr6Qk9 ABCwklQf3wJlMzDqCTp6XGFW+cGcFQEVk8T4tIqaPNOsywAt2BnSRgnfXhff06hDUV+wauytsdlYL fy9mZIfL6zseWrQLiNaM0Q==; Date: Sat, 13 Jan 2024 11:12:31 +0200 Message-Id: <83jzodha0w.fsf@gnu.org> From: Eli Zaretskii To: Stefan Kangas In-Reply-To: (message from Stefan Kangas on Sat, 13 Jan 2024 01:49:36 -0600) Subject: Re: bug#68421: Possible use after free in w32notify.c References: X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 68421 Cc: 68421@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Stefan Kangas > Date: Sat, 13 Jan 2024 01:49:36 -0600 > > Could someone familiar with w32notify.c look over the attached patch? > > It looks like we are trying to dereference NULL in add_watch, and > returning an already freed value from start_watching. Feel free to install on master, and thanks. From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 13 04:25:51 2024 Received: (at 68421-done) by debbugs.gnu.org; 13 Jan 2024 09:25:52 +0000 Received: from localhost ([127.0.0.1]:38397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOaH1-0005A6-NG for submit@debbugs.gnu.org; Sat, 13 Jan 2024 04:25:51 -0500 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]:44511) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOaGz-00059u-Nf for 68421-done@debbugs.gnu.org; Sat, 13 Jan 2024 04:25:51 -0500 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-558fc54e28eso264332a12.1 for <68421-done@debbugs.gnu.org>; Sat, 13 Jan 2024 01:25:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705137945; x=1705742745; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=u5CHuu47lZBY4ar72sUGfHT9K8v5NO8GrqWby9vFamw=; b=UqauOEn8pVRCxCAlGWvsfDTXtug0LuGJr+3/WQDlEXOB9rqD9MviYA7qc6MeAAZRx4 NKOMp8EhVXuoxkMAl+H0iDFQb+qejVIozutXyiy1xnzExWlDWBoB00p+sueE3AQ17xQR /aG1mupkV6YYon1VpHnRiSTg+5ILgWbb5l4WP/SjSiy5zVH5IOLmaCeOznHQABp7tsp/ xeNFu4G0citfj+8oQ9p75JKluJHmTX+53vrZwhZZ1ulH1yVo0c3o53Vv7peXoaLLEmGX 3G0SsSzzAwAF0d1lrJ6k+upd8Nlm9GPMDcS9DQpoYkQYphI8CE5JLDLoowWxjVxyEe9G TomQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705137945; x=1705742745; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u5CHuu47lZBY4ar72sUGfHT9K8v5NO8GrqWby9vFamw=; b=VUybQRvEtif7rbdCxcxCYhBrTY9+lFlvYfjdBGZwPuYOMzzF5D9dzWutGNjkKyx/JG 3la437B5xFRY8xQ+PXL6yu6btuobcDzeVNIPHH5SoRByG9vVJT9mMT+YzYv4Dvs4UG9Y LpKURG1aMzEJUYMIK7b14E4BWMvupAz54UVdnpYy4K+uhTSG3bkhB28uJXC4lbw93tsU tt+p6H64qcW/lvCvYZ+f1yrw8LWDHi9YThABUa/+C8X2d/5VUMYnrApTazWlxtDx46Mo BZmK77LwZPNYBLYsStyp85Cb+6VasgetAM9KJlTlaGxVv4f9ZCPKxsZT1Dk7O+eXFWpC Y3Xg== X-Gm-Message-State: AOJu0Ywqmshjy6g/BVlFYGlH0IYrTvGJIRf/kmDk5gQpClYwMLqgRRWY 9m7AbCggTg8k8AlWPuixBD2VXzmFqjD0EqRFRF2rf97E X-Google-Smtp-Source: AGHT+IFZBGYGJUkre/AXNUjRaJrMsGjxuXYwSHuCu/HnZvENDyKaZslrYqVHWtFXWrekYmutmQAXUAcRD2S3KHfA7Mw= X-Received: by 2002:a05:6402:909:b0:559:2e6:bb1c with SMTP id g9-20020a056402090900b0055902e6bb1cmr200596edz.63.1705137945307; Sat, 13 Jan 2024 01:25:45 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 13 Jan 2024 03:25:44 -0600 From: Stefan Kangas In-Reply-To: <83jzodha0w.fsf@gnu.org> References: <83jzodha0w.fsf@gnu.org> MIME-Version: 1.0 Date: Sat, 13 Jan 2024 03:25:44 -0600 Message-ID: Subject: Re: bug#68421: Possible use after free in w32notify.c To: Eli Zaretskii Content-Type: text/plain; charset="UTF-8" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68421-done Cc: 68421-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Version: 30.1 Eli Zaretskii writes: >> From: Stefan Kangas >> Date: Sat, 13 Jan 2024 01:49:36 -0600 >> >> Could someone familiar with w32notify.c look over the attached patch? >> >> It looks like we are trying to dereference NULL in add_watch, and >> returning an already freed value from start_watching. > > Feel free to install on master, and thanks. Thanks, done in commit 893829021bd. From unknown Sat Aug 16 19:16:44 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 10 Feb 2024 12:24:08 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator