Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both

From:	Dmitry Antipov
Subject:	Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected]
Date:	Fri, 18 Jan 2013 09:11:58 +0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2

On 01/17/2013 10:12 PM, Dmitry Antipov wrote:

On 01/17/2013 09:50 PM, Eli Zaretskii wrote:

Can you tell which problems you found in the original code that these
changes are supposed to fix?


1) Original code do emacs_read to ((char *) BEG_ADDR + PT_BYTE - BEG_BYTE + 
offset
    without adjusting gap size, z and zv; this (IIUC) fools make_gap and so
    enlarge_buffer_text; we end up with the gap which is less than expected,
    read_non_regular do emacs_read into the buffer beyond allocated buffer text,
    which finally causes EFAULT from emacs_read or heap corruption.


This is diagnosed with valgrind 3.8.1 as:

24.2.92, valgrind --tool=memcheck ./src/temacs -Q, (insert-file-contents 
"/dev/sda") ==>

==6807== Syscall param read(buf) points to unaddressable byte(s)
==6807==    at 0x377DA0E090: __read_nocancel (syscall-template.S:82)
==6807==    by 0x56BC87: emacs_read (sysdep.c:2189)
==6807==    by 0x58F20F: read_non_regular (fileio.c:3283)
==6807==    by 0x5E4212: internal_condition_case_1 (eval.c:1327)
==6807==    by 0x59157D: Finsert_file_contents (fileio.c:4111)
==6807==    by 0x5E5EB0: eval_sub (eval.c:2154)
==6807==    by 0x5E57E5: Feval (eval.c:2005)
==6807==    by 0x5E731E: Ffuncall (eval.c:2778)
==6807==    by 0x62E169: exec_byte_code (bytecode.c:900)
==6807==    by 0x5E7D00: funcall_lambda (eval.c:3007)
==6807==    by 0x5E74EB: Ffuncall (eval.c:2824)
==6807==    by 0x5E66D1: Fapply (eval.c:2309)
==6807==  Address 0x1f7a2f10 is 0 bytes after a block of size 133,264 alloc'd
==6807==    at 0x4A08A0E: realloc (vg_replace_malloc.c:662)
==6807==    by 0x5C180D: xrealloc (alloc.c:708)
==6807==    by 0x579A97: enlarge_buffer_text (buffer.c:5073)
==6807==    by 0x57D5F2: make_gap_larger (insdel.c:401)
==6807==    by 0x57DAC8: make_gap (insdel.c:497)
==6807==    by 0x591524: Finsert_file_contents (fileio.c:4101)
==6807==    by 0x5E5EB0: eval_sub (eval.c:2154)
==6807==    by 0x5E57E5: Feval (eval.c:2005)
==6807==    by 0x5E731E: Ffuncall (eval.c:2778)
==6807==    by 0x62E169: exec_byte_code (bytecode.c:900)
==6807==    by 0x5E7D00: funcall_lambda (eval.c:3007)
==6807==    by 0x5E74EB: Ffuncall (eval.c:2824)
==6807==

valgrind: m_mallocfree.c:268 (mk_plain_bszB): Assertion 'bszB != 0' failed.
valgrind: This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.

Bzr trunk 111545, valgrind --tool=memcheck ./src/temacs -Q, (insert-file-contents 
"/dev/sda") ==>

==6993== Syscall param read(buf) points to unaddressable byte(s)
==6993==    at 0x377DA0E090: __read_nocancel (syscall-template.S:82)
==6993==    by 0x547C35: emacs_read (unistd.h:45)
==6993==    by 0x563DBE: read_non_regular (fileio.c:3423)
==6993==    by 0x5B38AA: internal_condition_case_1 (eval.c:1231)
==6993==    by 0x567BBE: Finsert_file_contents (fileio.c:4250)
==6993==    by 0x5B4993: eval_sub (eval.c:2054)
==6993==    by 0x5B73AD: Feval (eval.c:1902)
==6993==    by 0x5B598D: Ffuncall (eval.c:2678)
==6993==    by 0x5FC782: exec_byte_code (bytecode.c:898)
==6993==    by 0x5B5304: funcall_lambda (eval.c:2841)
==6993==    by 0x5B57AA: Ffuncall (eval.c:2736)
==6993==    by 0x5B687D: Fapply (eval.c:2209)
==6993==  Address 0x1f806890 is 0 bytes after a block of size 133,264 alloc'd
==6993==    at 0x4A08A0E: realloc (vg_replace_malloc.c:662)
==6993==    by 0x594F91: xrealloc (alloc.c:696)
==6993==    by 0x55636C: enlarge_buffer_text (buffer.c:5052)
==6993==    by 0x5595D7: make_gap (insdel.c:393)
==6993==    by 0x567C82: Finsert_file_contents (fileio.c:4243)
==6993==    by 0x5B4993: eval_sub (eval.c:2054)
==6993==    by 0x5B73AD: Feval (eval.c:1902)
==6993==    by 0x5B598D: Ffuncall (eval.c:2678)
==6993==    by 0x5FC782: exec_byte_code (bytecode.c:898)
==6993==    by 0x5B5304: funcall_lambda (eval.c:2841)
==6993==    by 0x5B57AA: Ffuncall (eval.c:2736)
==6993==    by 0x5B687D: Fapply (eval.c:2209)
==6993==

valgrind: m_mallocfree.c:268 (mk_plain_bszB): Assertion 'bszB != 0' failed.
valgrind: This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.

Dmitry

[Prev in Thread]

Current Thread

[Next in Thread]

Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected, Dmitry Antipov, 2013/01/15
- Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected, Eli Zaretskii, 2013/01/15
  - Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected, Dmitry Antipov, 2013/01/15
    - Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected, Eli Zaretskii, 2013/01/15
    - RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Dmitry Antipov, 2013/01/17
    - Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Eli Zaretskii, 2013/01/17
    - Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Dmitry Antipov, 2013/01/17
    - Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Dmitry Antipov <=
    - Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Eli Zaretskii, 2013/01/18
    - 24.2.92 fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Dmitry Antipov, 2013/01/21
    - Re: 24.2.92 fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Glenn Morris, 2013/01/21
    - Re: 24.2.92 fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Dmitry Antipov, 2013/01/21
    - Re: 24.2.92 fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected], Stefan Monnier, 2013/01/22

Prev by Date: CEDET version [was Re: Emacs pretest 24.2.92]
Next by Date: Re: Redundant (harmful) duplication of run-hooks in define-globalized-minor-mode [patch]
Previous by thread: Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected]
Next by thread: Re: RFC on proposal fix [Re: Crash caused by insert-file-contents, both trunk (bzr 111532) and 24.2.92 affected]
Index(es):
- Date
- Thread