[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATCH: fix for memory corruption and eventual crash in print.c
|
From: |
YAMAMOTO Mitsuharu |
|
Subject: |
Re: PATCH: fix for memory corruption and eventual crash in print.c |
|
Date: |
Sun, 06 Jul 2008 16:45:04 +0900 |
|
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (Shijō) APEL/10.6 Emacs/23.0.50 (sparc-sun-solaris2.8) MULE/5.0 (SAKAKI) |
>>>>> On Sat, 5 Jul 2008 21:11:14 -0700, "Ami Fischman" <address@hidden> said:
> src/print.c:print_object() has this code:
> 1570 if (NILP (Vprint_circle) && NILP (Vprint_gensym))
> [...]
> 1581 being_printed[print_depth] = obj;
> [...]
> 1611 print_depth++;
> 1612
> 1613 /* See similar code in print_preprocess. */
> 1614 if (print_depth > PRINT_CIRCLE)
> 1615 error ("Apparently circular structure being printed");
> Note that being_printed[print_depth] is assigned to /before/ print_depth is
> checked for exceeding PRINT_CIRCLE (the declared size of being_printed).
This reminds me of a similar buffer overrun that had existed in
`print_preprocess' also with respect to `being_printed'.
http://lists.gnu.org/archive/html/emacs-devel/2004-07/msg00146.html
I think a fix for `print_object' should go to the EMACS_22_BASE branch
as well as the trunk so it may not be missed. Another candidate for
the inclusion to the EMACS_22_BASE branch would be the PNG background
color bit-depth fix below:
2008-05-09 Chong Yidong <address@hidden>
* image.c (png_load): Use correct bit-depth for setting background
color.
YAMAMOTO Mitsuharu
address@hidden