GNU bug report logs - #79156
igc: igc_xpalloc_ambig SEGV

Previous Next

Package: emacs;

Reported by: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Date: Sat, 2 Aug 2025 15:28:01 UTC

Severity: normal

Fixed in version 31.1

Done: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Full log

View this message in rfc822 format

From: Pip Cet <pipcet <at> protonmail.com>
To: Gerd Möllmann <gerd.moellmann <at> gmail.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, eller.helmut <at> gmail.com, 79156 <at> debbugs.gnu.org
Subject: bug#79156: igc: igc_xpalloc_ambig SEGV
Date: Sat, 02 Aug 2025 17:07:35 +0000

Gerd Möllmann <gerd.moellmann <at> gmail.com> writes:

> Eli Zaretskii <eliz <at> gnu.org> writes:
>
>>> Ouch. That seems to me to be a bug in how charset.c calls xpalloc, but
>>> I'm not sure whether there are other callers that rely on this behavior,
>>> so it's safest to work around it.
>>
>> xpalloc handles this case:
>>
>>   if (! pa)
>>     *nitems = 0;
>
> Yeah, I'd rather check the other igc variants of xpalloc, to make sure
> they are compatible with the original, even if no one else uses that
> particular feature.

That's what I did, I think?

The code above doesn't have any effect unless we run out of memory (even
then, it won't have an effect if NITEMS is a stack variable in a frame
that's unwound by memory_full).

However, xrealloc does handle the case, and evxprintf relies on that, so
we shouldn't change anything further at this point.

The FIXME comment in charset.c should be amended to point out that
charset_table usually lives in the pdump, and xpalloc does not like
pdumper object pointers, so we'd have to check that before freeing
charset_table.

Pip
This bug report was last modified 10 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.