GNU bug report logs - #71694
30.0.50; heap-use-after-free in tty_defined_color

Previous Next

Full log

Message #3 received at 71694 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Daniel Clemente <n142857 <at> gmail.com>
Cc: 71694 <at> debbugs.gnu.org
Subject: Re: bug#71694: 30.0.50; heap-use-after-free in tty_defined_color
Date: Fri, 21 Jun 2024 17:22:42 +0300

> From: Daniel Clemente <n142857 <at> gmail.com>
> Date: Fri, 21 Jun 2024 10:47:01 +0000
> 
> I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside.
> I opened the daemon inside gdb with emacs --fg-daemon -Q
> 
> I don't remember what exactly I was doing here, but it only involved
> slowly opening 2 or 3 terminals like this
> urxvt -e "emacsclient" "-c" "-e" '(dired "~")'
> and then I might have opened 2 or 3 with this (in the same session)
> xterm -e "emacsclient" "-c" "-e" '(dired "~")'
> Plus switching between them and closing them.
> However that's not a reproduction formula, it's just what I was doing
> when this crash randomly happened. I don't know how to reproduce this
> yet.
> 
> =================================================================
> ==9677==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x625000123b30 at pc 0x55555695b2c9 bp 0x7fffffff9900 sp
> 0x7fffffff98f8
> READ of size 1 at 0x625000123b30 thread T0
>     #0 0x55555695b2c8 in tty_defined_color /w/emacs/src/xfaces.c:1115

I think this is bogus: -fsanitize doesn't understand the Emacs memory
management, in particular what's going in GC when we relocate strings.

In any case, the line numbers seem off: line 1115 of xfaces.c is a
comment.  Are your sources in sync with the Git repository?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.