GNU bug report logs - #34373
26.1; Missing range check in rx-submatch-n

Previous Next

Package: emacs;

Reported by: Mattias Engdegård <mattiase <at> acm.org>

Date: Thu, 7 Feb 2019 18:03:02 UTC

Severity: minor

Tags: patch

Found in version 26.1

Done: Mattias Engdegård <mattiase <at> acm.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34373 in the body.
You can then email your comments to 34373 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#34373; Package emacs. (Thu, 07 Feb 2019 18:03:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Mattias Engdegård <mattiase <at> acm.org>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Thu, 07 Feb 2019 18:03:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Mattias Engdegård <mattiase <at> acm.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 26.1; Missing range check in rx-submatch-n
Date: Thu, 7 Feb 2019 19:01:33 +0100

`rx' should protect its own abstractions and never generate an invalid regexp, but will if given a bad submatch number:

(rx (group-n 0 "x"))
=> "\\(?0:x\\)"

It's a missing range check in rx-submatch-n.

In GNU Emacs 26.1 (build 1, x86_64-apple-darwin14.5.0, NS appkit-1348.17 Version 10.10.5 (Build 14F2511))
 of 2018-05-31 built on builder10-10.porkrind.org
Windowing system distributor 'Apple', version 10.3.1671
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#34373; Package emacs. (Thu, 07 Feb 2019 18:09:01 GMT) Full text and rfc822 format available.

Message #8 received at 34373 <at> debbugs.gnu.org (full text, mbox):

From: Mattias Engdegård <mattiase <at> acm.org>
To: 34373 <at> debbugs.gnu.org
Subject: Re: bug#34373: Acknowledgement (26.1; Missing range check in
 rx-submatch-n)
Date: Thu, 7 Feb 2019 19:08:24 +0100

[Message part 1 (text/plain, inline)]
Patch.


[0001-Check-validity-of-rx-submatch-n-number.patch (application/octet-stream, attachment)]
[Message part 3 (text/plain, inline)]
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#34373; Package emacs. (Fri, 08 Feb 2019 15:07:02 GMT) Full text and rfc822 format available.

Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Andy Moreton <andrewjmoreton <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: Re: bug#34373: Acknowledgement (26.1;
 Missing range check in rx-submatch-n)
Date: Fri, 08 Feb 2019 15:05:57 +0000

On Thu 07 Feb 2019, Mattias Engdegård wrote:

> Patch.
>
> From cc7bbab39595b117f6f2ed2bcf5ea1782060e574 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Mattias=20Engdeg=C3=A5rd?= <mattiase <at> acm.org>
> Date: Thu, 7 Feb 2019 19:05:06 +0100
> Subject: [PATCH] Check validity of rx submatch-n number
>
> * lisp/emacs-lisp/rx.el (rx-submatch): Type and range check (Bug#34373).
> ---
>  lisp/emacs-lisp/rx.el | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/lisp/emacs-lisp/rx.el b/lisp/emacs-lisp/rx.el
> index 8b4551d0d3..d47beed975 100644
> --- a/lisp/emacs-lisp/rx.el
> +++ b/lisp/emacs-lisp/rx.el
> @@ -705,6 +705,8 @@ FORM is either `(repeat N FORM1)' or `(repeat N M FORMS...)'."
>  (defun rx-submatch-n (form)
>    "Parse and produce code from FORM, which is `(submatch-n N ...)'."
>    (let ((n (nth 1 form)))
> +    (unless (and (integerp n) (> n 0))
> +      (error "rx `submatch-n' argument must be positive"))
>      (concat "\\(?" (number-to-string n) ":"
>  	    (if (= 3 (length form))
>  		;; Only one sub-form.

You could use (natnump n) instead.

    AndyM
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#34373; Package emacs. (Sat, 16 Feb 2019 11:15:02 GMT) Full text and rfc822 format available.

Message #14 received at 34373 <at> debbugs.gnu.org (full text, mbox):

From: Mattias Engdegård <mattiase <at> acm.org>
To: 34373 <at> debbugs.gnu.org
Subject: Re: bug#34373: Acknowledgement (26.1; Missing range check in
 rx-submatch-n)
Date: Sat, 16 Feb 2019 12:14:08 +0100

No, natnump is true for zero but we only want positive integers here.
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#34373; Package emacs. (Sun, 23 Jun 2019 18:21:01 GMT) Full text and rfc822 format available.

Message #17 received at 34373 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Mattias Engdegård <mattiase <at> acm.org>
Cc: 34373 <at> debbugs.gnu.org
Subject: Re: bug#34373: Acknowledgement (26.1;
 Missing range check in rx-submatch-n)
Date: Sun, 23 Jun 2019 20:20:36 +0200

Mattias Engdegård <mattiase <at> acm.org> writes:

> * lisp/emacs-lisp/rx.el (rx-submatch): Type and range check (Bug#34373).

[...]

>  (defun rx-submatch-n (form)
>    "Parse and produce code from FORM, which is `(submatch-n N ...)'."
>    (let ((n (nth 1 form)))
> +    (unless (and (integerp n) (> n 0))
> +      (error "rx `submatch-n' argument must be positive"))

This looks like an eminently reasonable sanity check to me, but I'm
quite unfamiliar with the rx machinery.  Just push the change?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
Reply sent to Mattias Engdegård <mattiase <at> acm.org>:
You have taken responsibility. (Sun, 23 Jun 2019 18:35:02 GMT) Full text and rfc822 format available.
Notification sent to Mattias Engdegård <mattiase <at> acm.org>:
bug acknowledged by developer. (Sun, 23 Jun 2019 18:35:03 GMT) Full text and rfc822 format available.

Message #22 received at 34373-done <at> debbugs.gnu.org (full text, mbox):

From: Mattias Engdegård <mattiase <at> acm.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 34373-done <at> debbugs.gnu.org
Subject: Re: bug#34373: Acknowledgement (26.1; Missing range check in
 rx-submatch-n)
Date: Sun, 23 Jun 2019 20:34:07 +0200

23 juni 2019 kl. 20.20 skrev Lars Ingebrigtsen <larsi <at> gnus.org>:
> 
> This looks like an eminently reasonable sanity check to me, but I'm
> quite unfamiliar with the rx machinery.  Just push the change?

Thank you, pushed.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 22 Jul 2019 11:24:10 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 270 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.