Do not read unitialized memory in conv_sockaddr_to_lisp

author: Daniel Colascione 2014-03-21 20:04:24 -0700
committer: Daniel Colascione 2014-03-21 20:04:24 -0700
commit: ea64063f079e31f824de1f471074c69281fb06fd (patch)
tree: 16f9e845a7345ce66c03c73408d323de5e7ea24f
parent: aa4659075414a2730535eeb419847d761eb76f0d (diff)
download: emacs-ea64063f079e31f824de1f471074c69281fb06fd.tar.gz
emacs-ea64063f079e31f824de1f471074c69281fb06fd.zip
4 files changed, 31 insertions, 4 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index b35264cdf6b..214807697e1 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2014-03-21  Daniel Colascione  <dancol@dancol.org>
+        * mail/emacsbug.el (report-emacs-bug): Include memory usage
+        information in bug reports.
 2014-03-21  Glenn Morris  <rgm@gnu.org>
        * Makefile.in ($(MH_E_DIR)/mh-loaddefs.el)
diff --git a/lisp/mail/emacsbug.el b/lisp/mail/emacsbug.el
index 0f72d24ed1e..b994949e94d 100644
--- a/lisp/mail/emacsbug.el
+++ b/lisp/mail/emacsbug.el
@@ -322,6 +322,10 @@ usually do not have translators for other languages.\n\n")))
                shadows)))
    (insert (format "\nFeatures:\n%s\n" features))
    (fill-region (line-beginning-position 0) (point))
+    (insert (format "\nMemory information:\n"))
+    (pp (garbage-collect) (current-buffer))
+    
    ;; This is so the user has to type something in order to send easily.
    (use-local-map (nconc (make-sparse-keymap) (current-local-map)))
    (define-key (current-local-map) "\C-c\C-i" 'info-emacs-bug)
diff --git a/src/ChangeLog b/src/ChangeLog
index c491119041f..504716f8915 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2014-03-22  Daniel Colascione  <dancol@dancol.org>
+        * process.c (conv_sockaddr_to_lisp): When extracting the string
+        names of AF_LOCAL sockets, stop before reading uninitialized
+        memory.
 2014-03-21  Daniel Colascione  <dancol@dancol.org>
        * xterm.c (x_bitmap_icon): Stop reading the icon bitmap from disk
diff --git a/src/process.c b/src/process.c
index 187627dd85a..10a2984a053 100644
--- a/src/process.c
+++ b/src/process.c
@@ -2010,10 +2010,22 @@ conv_sockaddr_to_lisp (struct sockaddr *sa, int len)
    case AF_LOCAL:
      {
        struct sockaddr_un *sockun = (struct sockaddr_un *) sa;
-        for (i = 0; i < sizeof (sockun->sun_path); i++)
+        ptrdiff_t name_length = len - offsetof (struct sockaddr_un, sun_path);
-          if (sockun->sun_path[i] == 0)
+        /* If the first byte is NUL, the name is a Linux abstract
-            break;
+           socket name, and the name can contain embedded NULs.  If
-        return make_unibyte_string (sockun->sun_path, i);
+           it's not, we have a NUL-terminated string.  Be careful not
+           to walk past the end of the object looking for the name
+           terminator, however.  */
+        if (name_length > 0 && sockun->sun_path[0] != '\0')
+          {
+            const char* terminator =
+              memchr (sockun->sun_path, '\0', name_length);
+            if (terminator)
+              name_length = terminator - (const char*) sockun->sun_path;
+          }
+        return make_unibyte_string (sockun->sun_path, name_length);
      }
 #endif
    default:
author	Daniel Colascione	2014-03-21 20:04:24 -0700
committer	Daniel Colascione	2014-03-21 20:04:24 -0700
commit	ea64063f079e31f824de1f471074c69281fb06fd (patch)
tree	16f9e845a7345ce66c03c73408d323de5e7ea24f
parent	aa4659075414a2730535eeb419847d761eb76f0d (diff)
download	emacs-ea64063f079e31f824de1f471074c69281fb06fd.tar.gz emacs-ea64063f079e31f824de1f471074c69281fb06fd.zip

diff --git a/lisp/ChangeLog b/lisp/ChangeLog index b35264cdf6b..214807697e1 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
		1	2014-03-21 Daniel Colascione <dancol@dancol.org>
		2
		3	* mail/emacsbug.el (report-emacs-bug): Include memory usage
		4	information in bug reports.
		5
1	2014-03-21 Glenn Morris <rgm@gnu.org>	6	2014-03-21 Glenn Morris <rgm@gnu.org>
2		7
3	* Makefile.in ($(MH_E_DIR)/mh-loaddefs.el)	8	* Makefile.in ($(MH_E_DIR)/mh-loaddefs.el)


diff --git a/lisp/mail/emacsbug.el b/lisp/mail/emacsbug.el index 0f72d24ed1e..b994949e94d 100644 --- a/lisp/mail/emacsbug.el +++ b/lisp/mail/emacsbug.el
@@ -322,6 +322,10 @@ usually do not have translators for other languages.\n\n")))
322	shadows)))	322	shadows)))
323	(insert (format "\nFeatures:\n%s\n" features))	323	(insert (format "\nFeatures:\n%s\n" features))
324	(fill-region (line-beginning-position 0) (point))	324	(fill-region (line-beginning-position 0) (point))
		325
		326	(insert (format "\nMemory information:\n"))
		327	(pp (garbage-collect) (current-buffer))
		328
325	;; This is so the user has to type something in order to send easily.	329	;; This is so the user has to type something in order to send easily.
326	(use-local-map (nconc (make-sparse-keymap) (current-local-map)))	330	(use-local-map (nconc (make-sparse-keymap) (current-local-map)))
327	(define-key (current-local-map) "\C-c\C-i" 'info-emacs-bug)	331	(define-key (current-local-map) "\C-c\C-i" 'info-emacs-bug)


diff --git a/src/ChangeLog b/src/ChangeLog index c491119041f..504716f8915 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,9 @@
		1	2014-03-22 Daniel Colascione <dancol@dancol.org>
		2
		3	* process.c (conv_sockaddr_to_lisp): When extracting the string
		4	names of AF_LOCAL sockets, stop before reading uninitialized
		5	memory.
		6
1	2014-03-21 Daniel Colascione <dancol@dancol.org>	7	2014-03-21 Daniel Colascione <dancol@dancol.org>
2		8
3	* xterm.c (x_bitmap_icon): Stop reading the icon bitmap from disk	9	* xterm.c (x_bitmap_icon): Stop reading the icon bitmap from disk


diff --git a/src/process.c b/src/process.c index 187627dd85a..10a2984a053 100644 --- a/src/process.c +++ b/src/process.c
@@ -2010,10 +2010,22 @@ conv_sockaddr_to_lisp (struct sockaddr *sa, int len)
2010	case AF_LOCAL:	2010	case AF_LOCAL:
2011	{	2011	{
2012	struct sockaddr_un sockun = (struct sockaddr_un ) sa;	2012	struct sockaddr_un sockun = (struct sockaddr_un ) sa;
2013	for (i = 0; i < sizeof (sockun->sun_path); i++)	2013	ptrdiff_t name_length = len - offsetof (struct sockaddr_un, sun_path);
2014	if (sockun->sun_path[i] == 0)	2014	/* If the first byte is NUL, the name is a Linux abstract
2015	break;	2015	socket name, and the name can contain embedded NULs. If
2016	return make_unibyte_string (sockun->sun_path, i);	2016	it's not, we have a NUL-terminated string. Be careful not
		2017	to walk past the end of the object looking for the name
		2018	terminator, however. */
		2019	if (name_length > 0 && sockun->sun_path[0] != '\0')
		2020	{
		2021	const char* terminator =
		2022	memchr (sockun->sun_path, '\0', name_length);
		2023
		2024	if (terminator)
		2025	name_length = terminator - (const char*) sockun->sun_path;
		2026	}
		2027
		2028	return make_unibyte_string (sockun->sun_path, name_length);
2017	}	2029	}
2018	#endif	2030	#endif
2019	default:	2031	default: