GNU bug report logs - #77325
Crash in Fjson_parse_buffer: ZV changes underneath it?

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Pip Cet <pipcet <at> protonmail.com>
Cc: dancol <at> dancol.org, 77325 <at> debbugs.gnu.org
Subject: bug#77325: Crash in Fjson_parse_buffer: ZV changes underneath it?
Date: Sat, 29 Mar 2025 15:38:42 +0300

> Date: Sat, 29 Mar 2025 11:53:49 +0000
> From: Pip Cet <pipcet <at> protonmail.com>
> Cc: dancol <at> dancol.org, 77325 <at> debbugs.gnu.org
> 
> "Eli Zaretskii" <eliz <at> gnu.org> writes:
> 
> Simply replacing Z_ADDR by ZV_ADDR would still set up the primary region
> to be [PT, GPT].  If GPT > ZV, that would mean that the primary region
> extends beyond ZV, which would mean we parse buffer text that should be
> inaccessible.
> 
> So, in this case, we need to limit the primary region to end at ZV_ADDR.
> That's what my patch does.
> 
> The code for the secondary region is correct, if unnecessary because
> sending up a paradoxical [GPT, ZV] range if ZV < GPT wouldn't hurt.
> 
> > In addition, the value of 'end' should be limited to not exceed
> > ZV_ADDR.  Or what am I missing?
> 
> That's what my patch does, yes.
> 
> > IOW, why does json-parse-buffer ignore the restriction?  No other
> > primitive does, with rare exceptions that are explicitly documented.
> 
> I assumed it was an accident, and that's why my patch changes it to
> respect the restriction.

Sorry, I've misread your patch.  It's fine (but please don't use
braces for a 1-line block).

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.