From unknown Sat Aug 16 23:49:01 2025 X-Loop: help-debbugs@gnu.org Subject: bug#68421: Possible use after free in w32notify.c Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 13 Jan 2024 07:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68421 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 68421@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.170513219313152 (code B ref -1); Sat, 13 Jan 2024 07:50:01 +0000 Received: (at submit) by debbugs.gnu.org; 13 Jan 2024 07:49:53 +0000 Received: from localhost ([127.0.0.1]:38303 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOYm6-0003Pz-N6 for submit@debbugs.gnu.org; Sat, 13 Jan 2024 02:49:53 -0500 Received: from lists.gnu.org ([2001:470:142::17]:60778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOYm1-0003Ph-4f for submit@debbugs.gnu.org; Sat, 13 Jan 2024 02:49:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rOYlx-00064L-3x for bug-gnu-emacs@gnu.org; Sat, 13 Jan 2024 02:49:41 -0500 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rOYlv-0003Ax-K3 for bug-gnu-emacs@gnu.org; Sat, 13 Jan 2024 02:49:40 -0500 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-40e68dc8c2fso7380405e9.2 for ; Fri, 12 Jan 2024 23:49:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705132178; x=1705736978; darn=gnu.org; h=to:subject:message-id:date:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=uDqn+1qiu3bWq+dBuV1upc1BLi1WMCV6QIxjZoyUSmA=; b=PBasMxYLXHPZHIXN+550awxD7GvWZiPCl2lV6acBif7ttxOO53skfNWXuZc/mL+TFS qi2aWclVYKHvu/1mD6EAw6P3q/UszIi7QOY8rXFqhcNXuzLr8NLYCPUNLrr4i1amQuiF rvwlqkIH8HbjrABdCjnrkpBtIlwyg5Y25GCpsQpq6sgTdSUkP2i/PByn/M/BkrSK1BQq SGFJ2faGjsExvM8Qq3JhtDk2zftQ1Z5MWqZpkOL4hDZFanL+WK/QF5uwiwVfJCctHD1x N7Gp+EzaTFcUgOChhgxAv8aNuAdIXfIkDbR7k83s3SuZPuhpbKsTUys8giY9td2d1/dw iRsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705132178; x=1705736978; h=to:subject:message-id:date:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uDqn+1qiu3bWq+dBuV1upc1BLi1WMCV6QIxjZoyUSmA=; b=RJ4qzgwDE8w/8MvSFqDpS01wVxPQqZGMdnV7HrLnfbb67SvwPGcQ4a3XUiHm2vmxpa hCy3gw7sjtoNLdBNPQw0AXkxxDbSiC2SP6Be6qOZxT1Qj1L8bnkxuHU7CtO60jxqsHVH cVpjmYOmYssrFZds5nBSmyOju+kU59o1XHoqFOowBdceubPHeUSFEvbEpFilp8Vyu2IW 52eKQS8b+6Cc68mg947XoKbnvpe+D3Zu7dublTuTox5LRdLG4yonA+oQIdJP6FtvzuvK gXbrGmJ8DUnhiJDB/m0T5XPAqSKt64zFSzFZU7MEn+h4goeCzlZTjvf72TBQmPFoD00J fpaQ== X-Gm-Message-State: AOJu0YzuJwggKMLdChaagC5qmbNlNE1X3wRhOhkfBZV1fOSnDYDI5Qcp 3G2hSRbQNxILotuH5BkwHl2aQHOK1i4yvfdW/s3qUu3g X-Google-Smtp-Source: AGHT+IGn4bCX3/VVofQzuuP45bEd5hXH76eJF2GzJyQOHnVfVOBAAy8QGsXlqPmqEuilUJeX1nYtPLPAmAovkAQRj9A= X-Received: by 2002:a05:600c:5010:b0:40e:6d68:432f with SMTP id n16-20020a05600c501000b0040e6d68432fmr215560wmr.42.1705132177835; Fri, 12 Jan 2024 23:49:37 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 13 Jan 2024 01:49:36 -0600 From: Stefan Kangas MIME-Version: 1.0 Date: Sat, 13 Jan 2024 01:49:36 -0600 Message-ID: Content-Type: multipart/mixed; boundary="000000000000c18887060ecf053c" Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=stefankangas@gmail.com; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --000000000000c18887060ecf053c Content-Type: text/plain; charset="UTF-8" Could someone familiar with w32notify.c look over the attached patch? It looks like we are trying to dereference NULL in add_watch, and returning an already freed value from start_watching. --000000000000c18887060ecf053c Content-Type: text/x-diff; charset="US-ASCII"; name="w32notify-ub.diff" Content-Disposition: attachment; filename="w32notify-ub.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: 115090e90f742961_0.1 ZGlmZiAtLWdpdCBhL3NyYy93MzJub3RpZnkuYyBiL3NyYy93MzJub3RpZnkuYwppbmRleCA5Zjhh NjJhMWRhYS4uYzkzZTg3OTZmZTIgMTAwNjQ0Ci0tLSBhL3NyYy93MzJub3RpZnkuYworKysgYi9z cmMvdzMybm90aWZ5LmMKQEAgLTM1MCw2ICszNTAsNyBAQCBzdGFydF93YXRjaGluZyAoY29uc3Qg Y2hhciAqZmlsZSwgSEFORExFIGhkaXIsIEJPT0wgc3ViZGlycywgRFdPUkQgZmxhZ3MpCiAgICAg ICB4ZnJlZSAoZGlyd2F0Y2gtPmlvX2luZm8pOwogICAgICAgeGZyZWUgKGRpcndhdGNoLT53YXRj aGVlKTsKICAgICAgIHhmcmVlIChkaXJ3YXRjaCk7CisgICAgICByZXR1cm4gTlVMTDsKICAgICB9 CiAgIHJldHVybiBkaXJ3YXRjaDsKIH0KQEAgLTQxMiwxMCArNDEzLDcgQEAgYWRkX3dhdGNoIChj b25zdCBjaGFyICpwYXJlbnRfZGlyLCBjb25zdCBjaGFyICpmaWxlLCBCT09MIHN1YmRpcnMsIERX T1JEIGZsYWdzKQogICAgIHJldHVybiBOVUxMOwogCiAgIGlmICgoZGlyd2F0Y2ggPSBzdGFydF93 YXRjaGluZyAoZmlsZSwgaGRpciwgc3ViZGlycywgZmxhZ3MpKSA9PSBOVUxMKQotICAgIHsKLSAg ICAgIENsb3NlSGFuZGxlIChoZGlyKTsKLSAgICAgIGRpcndhdGNoLT5kaXIgPSBOVUxMOwotICAg IH0KKyAgICBDbG9zZUhhbmRsZSAoaGRpcik7CiAKICAgcmV0dXJuIGRpcndhdGNoOwogfQo= --000000000000c18887060ecf053c-- From unknown Sat Aug 16 23:49:01 2025 X-Loop: help-debbugs@gnu.org Subject: bug#68421: Possible use after free in w32notify.c Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 13 Jan 2024 09:14:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68421 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Stefan Kangas Cc: 68421@debbugs.gnu.org Received: via spool by 68421-submit@debbugs.gnu.org id=B68421.17051371938287 (code B ref 68421); Sat, 13 Jan 2024 09:14:02 +0000 Received: (at 68421) by debbugs.gnu.org; 13 Jan 2024 09:13:13 +0000 Received: from localhost ([127.0.0.1]:38379 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOa4n-00029b-6M for submit@debbugs.gnu.org; Sat, 13 Jan 2024 04:13:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:48824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOa4l-00029O-2w for 68421@debbugs.gnu.org; Sat, 13 Jan 2024 04:13:11 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rOa4h-0006cb-0u; Sat, 13 Jan 2024 04:13:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=id5/x97R7nTuBgeABLyyDRoIVaqwzoZwopMxbZxyP0k=; b=A10sWjq4cBJ4 7kfB02ULrxiYty/Q942NDFIoYx+OF2wt7tZbZU4y1WtmpdPU9jGmkwjEawtwm9CY7tSYX/1PGqee6 9YK8AQN7z1IxEKVgLYrDcF9xyIZ47cdx17quPhZyHrkv9Px+PRsgoB6EdHQrqECz7KKSqyJkEVJU8 It6tvASULPW9Eka8LASmf2w02dfXZWCbesCTL4TqrndZSAKrInO6/nmBCq3CfM48i9KodJRLr6Qk9 ABCwklQf3wJlMzDqCTp6XGFW+cGcFQEVk8T4tIqaPNOsywAt2BnSRgnfXhff06hDUV+wauytsdlYL fy9mZIfL6zseWrQLiNaM0Q==; Date: Sat, 13 Jan 2024 11:12:31 +0200 Message-Id: <83jzodha0w.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: (message from Stefan Kangas on Sat, 13 Jan 2024 01:49:36 -0600) References: X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Stefan Kangas > Date: Sat, 13 Jan 2024 01:49:36 -0600 > > Could someone familiar with w32notify.c look over the attached patch? > > It looks like we are trying to dereference NULL in add_watch, and > returning an already freed value from start_watching. Feel free to install on master, and thanks. From unknown Sat Aug 16 23:49:01 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Stefan Kangas Subject: bug#68421: closed (Re: bug#68421: Possible use after free in w32notify.c) Message-ID: References: X-Gnu-PR-Message: they-closed 68421 X-Gnu-PR-Package: emacs Reply-To: 68421@debbugs.gnu.org Date: Sat, 13 Jan 2024 09:26:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1705137961-19872-1" This is a multi-part message in MIME format... ------------=_1705137961-19872-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #68421: Possible use after free in w32notify.c which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 68421@debbugs.gnu.org. --=20 68421: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D68421 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1705137961-19872-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 68421-done) by debbugs.gnu.org; 13 Jan 2024 09:25:52 +0000 Received: from localhost ([127.0.0.1]:38397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOaH1-0005A6-NG for submit@debbugs.gnu.org; Sat, 13 Jan 2024 04:25:51 -0500 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]:44511) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOaGz-00059u-Nf for 68421-done@debbugs.gnu.org; Sat, 13 Jan 2024 04:25:51 -0500 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-558fc54e28eso264332a12.1 for <68421-done@debbugs.gnu.org>; Sat, 13 Jan 2024 01:25:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705137945; x=1705742745; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=u5CHuu47lZBY4ar72sUGfHT9K8v5NO8GrqWby9vFamw=; b=UqauOEn8pVRCxCAlGWvsfDTXtug0LuGJr+3/WQDlEXOB9rqD9MviYA7qc6MeAAZRx4 NKOMp8EhVXuoxkMAl+H0iDFQb+qejVIozutXyiy1xnzExWlDWBoB00p+sueE3AQ17xQR /aG1mupkV6YYon1VpHnRiSTg+5ILgWbb5l4WP/SjSiy5zVH5IOLmaCeOznHQABp7tsp/ xeNFu4G0citfj+8oQ9p75JKluJHmTX+53vrZwhZZ1ulH1yVo0c3o53Vv7peXoaLLEmGX 3G0SsSzzAwAF0d1lrJ6k+upd8Nlm9GPMDcS9DQpoYkQYphI8CE5JLDLoowWxjVxyEe9G TomQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705137945; x=1705742745; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u5CHuu47lZBY4ar72sUGfHT9K8v5NO8GrqWby9vFamw=; b=VUybQRvEtif7rbdCxcxCYhBrTY9+lFlvYfjdBGZwPuYOMzzF5D9dzWutGNjkKyx/JG 3la437B5xFRY8xQ+PXL6yu6btuobcDzeVNIPHH5SoRByG9vVJT9mMT+YzYv4Dvs4UG9Y LpKURG1aMzEJUYMIK7b14E4BWMvupAz54UVdnpYy4K+uhTSG3bkhB28uJXC4lbw93tsU tt+p6H64qcW/lvCvYZ+f1yrw8LWDHi9YThABUa/+C8X2d/5VUMYnrApTazWlxtDx46Mo BZmK77LwZPNYBLYsStyp85Cb+6VasgetAM9KJlTlaGxVv4f9ZCPKxsZT1Dk7O+eXFWpC Y3Xg== X-Gm-Message-State: AOJu0Ywqmshjy6g/BVlFYGlH0IYrTvGJIRf/kmDk5gQpClYwMLqgRRWY 9m7AbCggTg8k8AlWPuixBD2VXzmFqjD0EqRFRF2rf97E X-Google-Smtp-Source: AGHT+IFZBGYGJUkre/AXNUjRaJrMsGjxuXYwSHuCu/HnZvENDyKaZslrYqVHWtFXWrekYmutmQAXUAcRD2S3KHfA7Mw= X-Received: by 2002:a05:6402:909:b0:559:2e6:bb1c with SMTP id g9-20020a056402090900b0055902e6bb1cmr200596edz.63.1705137945307; Sat, 13 Jan 2024 01:25:45 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 13 Jan 2024 03:25:44 -0600 From: Stefan Kangas In-Reply-To: <83jzodha0w.fsf@gnu.org> References: <83jzodha0w.fsf@gnu.org> MIME-Version: 1.0 Date: Sat, 13 Jan 2024 03:25:44 -0600 Message-ID: Subject: Re: bug#68421: Possible use after free in w32notify.c To: Eli Zaretskii Content-Type: text/plain; charset="UTF-8" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68421-done Cc: 68421-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Version: 30.1 Eli Zaretskii writes: >> From: Stefan Kangas >> Date: Sat, 13 Jan 2024 01:49:36 -0600 >> >> Could someone familiar with w32notify.c look over the attached patch? >> >> It looks like we are trying to dereference NULL in add_watch, and >> returning an already freed value from start_watching. > > Feel free to install on master, and thanks. Thanks, done in commit 893829021bd. ------------=_1705137961-19872-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 13 Jan 2024 07:49:53 +0000 Received: from localhost ([127.0.0.1]:38303 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOYm6-0003Pz-N6 for submit@debbugs.gnu.org; Sat, 13 Jan 2024 02:49:53 -0500 Received: from lists.gnu.org ([2001:470:142::17]:60778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rOYm1-0003Ph-4f for submit@debbugs.gnu.org; Sat, 13 Jan 2024 02:49:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rOYlx-00064L-3x for bug-gnu-emacs@gnu.org; Sat, 13 Jan 2024 02:49:41 -0500 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rOYlv-0003Ax-K3 for bug-gnu-emacs@gnu.org; Sat, 13 Jan 2024 02:49:40 -0500 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-40e68dc8c2fso7380405e9.2 for ; Fri, 12 Jan 2024 23:49:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705132178; x=1705736978; darn=gnu.org; h=to:subject:message-id:date:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=uDqn+1qiu3bWq+dBuV1upc1BLi1WMCV6QIxjZoyUSmA=; b=PBasMxYLXHPZHIXN+550awxD7GvWZiPCl2lV6acBif7ttxOO53skfNWXuZc/mL+TFS qi2aWclVYKHvu/1mD6EAw6P3q/UszIi7QOY8rXFqhcNXuzLr8NLYCPUNLrr4i1amQuiF rvwlqkIH8HbjrABdCjnrkpBtIlwyg5Y25GCpsQpq6sgTdSUkP2i/PByn/M/BkrSK1BQq SGFJ2faGjsExvM8Qq3JhtDk2zftQ1Z5MWqZpkOL4hDZFanL+WK/QF5uwiwVfJCctHD1x N7Gp+EzaTFcUgOChhgxAv8aNuAdIXfIkDbR7k83s3SuZPuhpbKsTUys8giY9td2d1/dw iRsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705132178; x=1705736978; h=to:subject:message-id:date:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uDqn+1qiu3bWq+dBuV1upc1BLi1WMCV6QIxjZoyUSmA=; b=RJ4qzgwDE8w/8MvSFqDpS01wVxPQqZGMdnV7HrLnfbb67SvwPGcQ4a3XUiHm2vmxpa hCy3gw7sjtoNLdBNPQw0AXkxxDbSiC2SP6Be6qOZxT1Qj1L8bnkxuHU7CtO60jxqsHVH cVpjmYOmYssrFZds5nBSmyOju+kU59o1XHoqFOowBdceubPHeUSFEvbEpFilp8Vyu2IW 52eKQS8b+6Cc68mg947XoKbnvpe+D3Zu7dublTuTox5LRdLG4yonA+oQIdJP6FtvzuvK gXbrGmJ8DUnhiJDB/m0T5XPAqSKt64zFSzFZU7MEn+h4goeCzlZTjvf72TBQmPFoD00J fpaQ== X-Gm-Message-State: AOJu0YzuJwggKMLdChaagC5qmbNlNE1X3wRhOhkfBZV1fOSnDYDI5Qcp 3G2hSRbQNxILotuH5BkwHl2aQHOK1i4yvfdW/s3qUu3g X-Google-Smtp-Source: AGHT+IGn4bCX3/VVofQzuuP45bEd5hXH76eJF2GzJyQOHnVfVOBAAy8QGsXlqPmqEuilUJeX1nYtPLPAmAovkAQRj9A= X-Received: by 2002:a05:600c:5010:b0:40e:6d68:432f with SMTP id n16-20020a05600c501000b0040e6d68432fmr215560wmr.42.1705132177835; Fri, 12 Jan 2024 23:49:37 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 13 Jan 2024 01:49:36 -0600 From: Stefan Kangas MIME-Version: 1.0 Date: Sat, 13 Jan 2024 01:49:36 -0600 Message-ID: Subject: Possible use after free in w32notify.c To: bug-gnu-emacs@gnu.org Content-Type: multipart/mixed; boundary="000000000000c18887060ecf053c" Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=stefankangas@gmail.com; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --000000000000c18887060ecf053c Content-Type: text/plain; charset="UTF-8" Could someone familiar with w32notify.c look over the attached patch? It looks like we are trying to dereference NULL in add_watch, and returning an already freed value from start_watching. --000000000000c18887060ecf053c Content-Type: text/x-diff; charset="US-ASCII"; name="w32notify-ub.diff" Content-Disposition: attachment; filename="w32notify-ub.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: 115090e90f742961_0.1 ZGlmZiAtLWdpdCBhL3NyYy93MzJub3RpZnkuYyBiL3NyYy93MzJub3RpZnkuYwppbmRleCA5Zjhh NjJhMWRhYS4uYzkzZTg3OTZmZTIgMTAwNjQ0Ci0tLSBhL3NyYy93MzJub3RpZnkuYworKysgYi9z cmMvdzMybm90aWZ5LmMKQEAgLTM1MCw2ICszNTAsNyBAQCBzdGFydF93YXRjaGluZyAoY29uc3Qg Y2hhciAqZmlsZSwgSEFORExFIGhkaXIsIEJPT0wgc3ViZGlycywgRFdPUkQgZmxhZ3MpCiAgICAg ICB4ZnJlZSAoZGlyd2F0Y2gtPmlvX2luZm8pOwogICAgICAgeGZyZWUgKGRpcndhdGNoLT53YXRj aGVlKTsKICAgICAgIHhmcmVlIChkaXJ3YXRjaCk7CisgICAgICByZXR1cm4gTlVMTDsKICAgICB9 CiAgIHJldHVybiBkaXJ3YXRjaDsKIH0KQEAgLTQxMiwxMCArNDEzLDcgQEAgYWRkX3dhdGNoIChj b25zdCBjaGFyICpwYXJlbnRfZGlyLCBjb25zdCBjaGFyICpmaWxlLCBCT09MIHN1YmRpcnMsIERX T1JEIGZsYWdzKQogICAgIHJldHVybiBOVUxMOwogCiAgIGlmICgoZGlyd2F0Y2ggPSBzdGFydF93 YXRjaGluZyAoZmlsZSwgaGRpciwgc3ViZGlycywgZmxhZ3MpKSA9PSBOVUxMKQotICAgIHsKLSAg ICAgIENsb3NlSGFuZGxlIChoZGlyKTsKLSAgICAgIGRpcndhdGNoLT5kaXIgPSBOVUxMOwotICAg IH0KKyAgICBDbG9zZUhhbmRsZSAoaGRpcik7CiAKICAgcmV0dXJuIGRpcndhdGNoOwogfQo= --000000000000c18887060ecf053c-- ------------=_1705137961-19872-1--