GNU bug report logs -
#79156
igc: igc_xpalloc_ambig SEGV
Previous Next
Full log
View this message in rfc822 format
> Date: Sat, 02 Aug 2025 17:07:35 +0000
> From: Pip Cet <pipcet <at> protonmail.com>
> Cc: Eli Zaretskii <eliz <at> gnu.org>, eller.helmut <at> gmail.com, 79156 <at> debbugs.gnu.org
>
> Gerd Möllmann <gerd.moellmann <at> gmail.com> writes:
>
> > Eli Zaretskii <eliz <at> gnu.org> writes:
> >
> >>> Ouch. That seems to me to be a bug in how charset.c calls xpalloc, but
> >>> I'm not sure whether there are other callers that rely on this behavior,
> >>> so it's safest to work around it.
> >>
> >> xpalloc handles this case:
> >>
> >> if (! pa)
> >> *nitems = 0;
> >
> > Yeah, I'd rather check the other igc variants of xpalloc, to make sure
> > they are compatible with the original, even if no one else uses that
> > particular feature.
>
> That's what I did, I think?
>
> The code above doesn't have any effect unless we run out of memory (even
> then, it won't have an effect if NITEMS is a stack variable in a frame
> that's unwound by memory_full).
The code above in xpalloc doesn't have anything to do with running out
of memory, because it tests the value of the argument passed to
xpalloc before calling xrealloc.
> The FIXME comment in charset.c should be amended to point out that
> charset_table usually lives in the pdump, and xpalloc does not like
> pdumper object pointers, so we'd have to check that before freeing
> charset_table.
If this is the reason, then there's no reason to call xpalloc in the
first place, right? We could call xmalloc instead, since we already
memcpy the old table to the newly-allocated memory.
This bug report was last modified 11 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.