GNU bug report logs - #76559
31.0.50; [-O3 + PGTK] Crash when 'copying as kill'/'killing word'

Previous Next

Package: emacs;

Reported by: Iurie Marian <marian.iurie <at> gmail.com>

Date: Tue, 25 Feb 2025 17:34:01 UTC

Severity: normal

Merged with 76729

Found in version 31.0.50

Full log

Message #101 received at 76559 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Po Lu <luangruo <at> yahoo.com>
Cc: Pip Cet <pipcet <at> protonmail.com>, iura.mail <at> gmail.com,
 Stefan Kangas <stefankangas <at> gmail.com>, michael.albinus <at> gmx.de,
 Eli Zaretskii <eliz <at> gnu.org>, 76559 <at> debbugs.gnu.org, marian.iurie <at> gmail.com
Subject: Re: bug#76559: 31.0.50; [-O3 + PGTK] Crash when 'copying as
 kill'/'killing word'
Date: Fri, 28 Feb 2025 10:34:07 -0800

[Message part 1 (text/plain, inline)]
On 2025-02-27 16:12, Po Lu wrote:
>>      kbd_buffer_store_buffered_event ((union buffered_input_event *) event,
>> 				     hold_quit);
>>    }
>>
>> That cast is invalid and the resulting code need not work as one might
>> expect with a circa 1978 C compiler.
> The cast is valid.  It is accessing a union buffered_input_event from
> the resultant pointer that is not.
> 
> "... an aggregate or union type that includes one of the aforementioned
> types among its members (including, recursively, a member of a
> subaggregate or contained union), or ..."

True, the later accessing is undefined as per C23 §6.5.1 ¶7. But the 
patch you proposed still does that sort of accessing, as the code still 
accesses event->kind when event is a union pointer not a struct pointer. 
(Also, the patched code doesn't copy the struct input_event on platforms 
where ! (HAVE_X11 || HAVE_PGTK); I assume that wasn't intended.)

One littler thing. The pointer cast (even without any further access) is 
undefined as per C23 §6.3.2.3 ¶7 if the original pointer is not 
correctly aligned for the cast's type. Although we have a static_assert 
that the alignment is OK, we don't need that assumption or its 
static_assert if we fix the more-important accessing problem.

So I propose the attached patch instead, to fix the above.
[0001-Fix-union-pointer-aliasing-when-storing-events.patch (text/x-patch, attachment)]
This bug report was last modified 108 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.