X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Stefan Kangas <stefankangas@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Mon, 22 Jul 2024 14:37:02 +0000
Resent-Message-ID: <handler.72245.B.172165896816222 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: 72245 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-gnu-emacs@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.172165896816222
(code B ref -1); Mon, 22 Jul 2024 14:37:02 +0000
Received: (at submit) by debbugs.gnu.org; 22 Jul 2024 14:36:08 +0000
Received: from localhost ([127.0.0.1]:58411 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sVu92-0004DZ-CK
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 10:36:08 -0400
Received: from lists.gnu.org ([209.51.188.17]:57248)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <stefankangas@HIDDEN>) id 1sVu8y-0004DQ-9M
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 10:36:06 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <stefankangas@HIDDEN>)
id 1sVu8u-0000Vd-Rw
for bug-gnu-emacs@HIDDEN; Mon, 22 Jul 2024 10:36:00 -0400
Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <stefankangas@HIDDEN>)
id 1sVu8t-0006f3-8P
for bug-gnu-emacs@HIDDEN; Mon, 22 Jul 2024 10:36:00 -0400
Received: by mail-ed1-x529.google.com with SMTP id
4fb4d7f45d1cf-5a3458bf7cfso3420430a12.0
for <bug-gnu-emacs@HIDDEN>; Mon, 22 Jul 2024 07:35:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721658957; x=1722263757; darn=gnu.org;
h=to:subject:message-id:date:mime-version:from:from:to:cc:subject
:date:message-id:reply-to;
bh=vt7f2zlm5wdU5x1ThnpEm3mHs9s81i2WrRhOaQAczRQ=;
b=ciCuQj2DPfIMibZysWbtnK0yWFYS9vmp1Pxd/ThEmNBazUcd3fJybeZcNEFExRt2+8
WUFabQLXCM/bHlZ+7IebEw+m+Iutp//ZsRvcqAWHNmVuoTgwWtAx55z+eyd7YDF01jth
21CWUUKvSp84osI/iAfUiM4L53Dyy67F5loqSxnN4/sTlhqePb6ylYhMBYHuCbgXFsIb
jH9gVK/YKfWrjyRMaILgkBiwfU4xeQB8h2JfiGtPZH1K2S2FigFzLg/YEVdufzre+AfW
mO43QuI6SltKh8aBcFhoRHS/ccBwRbpIVQeCiWRtxSwmo17wB4tbr6dSAuvQ7GGRc158
5n6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721658957; x=1722263757;
h=to:subject:message-id:date:mime-version:from:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=vt7f2zlm5wdU5x1ThnpEm3mHs9s81i2WrRhOaQAczRQ=;
b=g+OBlTPHnJLx8goUao5fijwBnb+6T0SvKg7uZUhK8FtPcgUO3dbT3IvDAYIO8q3ON6
+Nfy+Op9Fh2zAsj9ViF6Av/PfsrDrpieApRPLEoEGuRxtiRJFAfJMuV0Y/5aLN/r0lMc
2IONK347oja6yfc5yEYUUF92XbR/HFK8UM5FiE+qTWwY/+XLz5qeGJUbtxm6wfZfSiCV
xBlCnRzheGC8YzvPArbcd2zh8j9Hw9y5BuQhm7Nk8rYU0vmsBFSx0/Yr4D0GBFafa6yy
XcYQZQrheDFC9d/BApb2zDkFRFlltiXdnkHHf8h3/Nx97odblCUI3HuTZjTJqC2Qxnzk
+jjw==
X-Gm-Message-State: AOJu0Yy8judmzBX54d7K4PyTODJYqxS0wFw6s2a08R3eN1ta9mu2AmDn
0g7w26srER8twD9Fc/gwBjLNF371NdtkrGedTwV/leyYzZIAUR8/iIw26TQC79DDG8xvHsobvTx
0kH2xl0n4IXEafIk8yhawDyi5LTF5jsZC
X-Google-Smtp-Source: AGHT+IE+vYqkL6ojxmBsuyaTr8clfXhoEhEsiV+qtK+5lIIeq3Eightep224G/QhmI28uE4OyNGNhvGJ8ZeEWhBima0=
X-Received: by 2002:a05:6402:510f:b0:5a2:68a2:ae57 with SMTP id
4fb4d7f45d1cf-5a47bb9258dmr5085950a12.31.1721658956976; Mon, 22 Jul 2024
07:35:56 -0700 (PDT)
Received: from 753933720722 named unknown by gmailapi.google.com with
HTTPREST; Mon, 22 Jul 2024 07:35:55 -0700
From: Stefan Kangas <stefankangas@HIDDEN>
MIME-Version: 1.0
Date: Mon, 22 Jul 2024 07:35:55 -0700
Message-ID: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
Content-Type: multipart/mixed; boundary="0000000000008e2af5061dd6f641"
Received-SPF: pass client-ip=2a00:1450:4864:20::529;
envelope-from=stefankangas@HIDDEN; helo=mail-ed1-x529.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
--0000000000008e2af5061dd6f641
Content-Type: text/plain; charset="UTF-8"
Severity: minor
Since XPM files are untrusted input, I think we'd better handle integer
overflow when parsing it, in case the file is malformed.
Proposed patch attached.
--0000000000008e2af5061dd6f641
Content-Type: text/x-patch; charset="US-ASCII";
name="0001-Fix-integer-overflow-when-reading-XPM.patch"
Content-Disposition: attachment;
filename="0001-Fix-integer-overflow-when-reading-XPM.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: e64cc34798664c06_0.1
RnJvbSAyYWEwZTFhYzk3MDUyMDE5MzliMzBhOGNhMzliMzM1NGNiZDYyYThlIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW4gS2FuZ2FzIDxzdGVmYW5rYW5nYXNAZ21haWwuY29t
PgpEYXRlOiBNb24sIDIyIEp1bCAyMDI0IDE2OjAwOjMwICswMjAwClN1YmplY3Q6IFtQQVRDSF0g
Rml4IGludGVnZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIFhQTQoKKiBzcmMvaW1hZ2UuYyAoeHBt
X3N0cl90b19pbnQpOiBOZXcgZnVuY3Rpb24uCih4cG1fbG9hZF9pbWFnZSk6IEF2b2lkIGludGVn
ZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIFhQTSBieSByZXBsYWNpbmcKc3NjYW5mIHdpdGggc3Ry
dG9sLCB0byBjb3JyZWN0bHkgaGFuZGxlIGludGVnZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIGEK
bWFsZm9ybWVkIFhQTSBmaWxlLgotLS0KIHNyYy9pbWFnZS5jIHwgMzQgKysrKysrKysrKysrKysr
KysrKysrKysrKysrKysrLS0tLQogMSBmaWxlIGNoYW5nZWQsIDMwIGluc2VydGlvbnMoKyksIDQg
ZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL2ltYWdlLmMgYi9zcmMvaW1hZ2UuYwppbmRl
eCA5MGU2MzEyZTEyOC4uZDhhOGRjNTdlYTkgMTAwNjQ0Ci0tLSBhL3NyYy9pbWFnZS5jCisrKyBi
L3NyYy9pbWFnZS5jCkBAIC0xOSw2ICsxOSw3IEBAIENvcHlyaWdodCAoQykgMTk4OS0yMDI0IEZy
ZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgogCiAjaW5jbHVkZSA8Y29uZmlnLmg+CiAKKyNp
bmNsdWRlIDxlcnJuby5oPgogI2luY2x1ZGUgPGZjbnRsLmg+CiAjaW5jbHVkZSA8bWF0aC5oPgog
I2luY2x1ZGUgPHVuaXN0ZC5oPgpAQCAtNjI1NCw2ICs2MjU1LDI3IEBAIHhwbV9zdHJfdG9fY29s
b3Jfa2V5IChjb25zdCBjaGFyICpzKQogICByZXR1cm4gLTE7CiB9CiAKK3N0YXRpYyBpbnQKK3hw
bV9zdHJfdG9faW50IChjaGFyICoqYnVmKQoreworICBjaGFyICpwOworCisgIGVycm5vID0gMDsK
KyAgbG9uZyByZXN1bHQgPSBzdHJ0b2wgKCpidWYsICZwLCAxMCk7CisgIGlmIChwID09ICpidWYg
fHwgZXJybm8gPT0gRVJBTkdFIHx8IGVycm5vID09IEVJTlZBTAorICAgICAgfHwgcmVzdWx0IDwg
SU5UX01JTiB8fCByZXN1bHQgPiBJTlRfTUFYKQorICAgIHJldHVybiAtMTsKKworICAvKiBFcnJv
ciBvdXQgaWYgd2Ugc2VlIHNvbWV0aGluZyBsaWtlICIxMngzeHl6Ii4gICovCisgIGlmICghY19p
c3NwYWNlICgqcCkgJiYgKnAgIT0gJ1wwJykKKyAgICByZXR1cm4gLTE7CisKKyAgLyogVXBkYXRl
IHBvc2l0aW9uIHRvIHJlYWQgbmV4dCBpbnRlZ2VyLiAgKi8KKyAgKmJ1ZiA9IHA7CisKKyAgcmV0
dXJuIChpbnQpcmVzdWx0OworfQorCiBzdGF0aWMgYm9vbAogeHBtX2xvYWRfaW1hZ2UgKHN0cnVj
dCBmcmFtZSAqZiwKICAgICAgICAgICAgICAgICBzdHJ1Y3QgaW1hZ2UgKmltZywKQEAgLTYzMTEs
MTAgKzYzMzMsMTQgQEAgI2RlZmluZSBleHBlY3RfaWRlbnQoSURFTlQpCQkJCQlcCiAgICAgZ290
byBmYWlsdXJlOwogICBtZW1jcHkgKGJ1ZmZlciwgYmVnLCBsZW4pOwogICBidWZmZXJbbGVuXSA9
ICdcMCc7Ci0gIGlmIChzc2NhbmYgKGJ1ZmZlciwgIiVkICVkICVkICVkIiwgJndpZHRoLCAmaGVp
Z2h0LAotCSAgICAgICZudW1fY29sb3JzLCAmY2hhcnNfcGVyX3BpeGVsKSAhPSA0Ci0gICAgICB8
fCB3aWR0aCA8PSAwIHx8IGhlaWdodCA8PSAwCi0gICAgICB8fCBudW1fY29sb3JzIDw9IDAgfHwg
Y2hhcnNfcGVyX3BpeGVsIDw9IDApCisgIGNoYXIgKm5leHRfaW50ID0gYnVmZmVyOworICBpZiAo
KHdpZHRoID0geHBtX3N0cl90b19pbnQgKCZuZXh0X2ludCkpIDw9IDApCisgICAgZ290byBmYWls
dXJlOworICBpZiAoKGhlaWdodCA9IHhwbV9zdHJfdG9faW50ICgmbmV4dF9pbnQpKSA8PSAwKQor
ICAgIGdvdG8gZmFpbHVyZTsKKyAgaWYgKChudW1fY29sb3JzID0geHBtX3N0cl90b19pbnQgKCZu
ZXh0X2ludCkpIDw9IDApCisgICAgZ290byBmYWlsdXJlOworICBpZiAoKGNoYXJzX3Blcl9waXhl
bCA9IHhwbV9zdHJfdG9faW50ICgmbmV4dF9pbnQpKSA8PSAwKQogICAgIGdvdG8gZmFpbHVyZTsK
IAogICBpZiAoIWNoZWNrX2ltYWdlX3NpemUgKGYsIHdpZHRoLCBoZWlnaHQpKQotLSAKMi40NS4y
Cgo=
--0000000000008e2af5061dd6f641--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Stefan Kangas <stefankangas@HIDDEN> Subject: bug#72245: Acknowledgement ([PATCH] Fix integer overflow when reading XPM) Message-ID: <handler.72245.B.172165896816222.ack <at> debbugs.gnu.org> References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN> X-Gnu-PR-Message: ack 72245 X-Gnu-PR-Package: emacs X-Gnu-PR-Keywords: patch Reply-To: 72245 <at> debbugs.gnu.org Date: Mon, 22 Jul 2024 14:37:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-gnu-emacs@HIDDEN If you wish to submit further information on this problem, please send it to 72245 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 72245: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D72245 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Eli Zaretskii <eliz@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Mon, 22 Jul 2024 15:03:02 +0000
Resent-Message-ID: <handler.72245.B72245.172166053118757 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Stefan Kangas <stefankangas@HIDDEN>, Paul Eggert <eggert@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172166053118757
(code B ref 72245); Mon, 22 Jul 2024 15:03:02 +0000
Received: (at 72245) by debbugs.gnu.org; 22 Jul 2024 15:02:11 +0000
Received: from localhost ([127.0.0.1]:58438 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sVuYE-0004sT-HS
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 11:02:10 -0400
Received: from eggs.gnu.org ([209.51.188.92]:39768)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <eliz@HIDDEN>) id 1sVuYC-0004sF-NC
for 72245 <at> debbugs.gnu.org; Mon, 22 Jul 2024 11:02:09 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
id 1sVuY2-0003Lv-Gt; Mon, 22 Jul 2024 11:01:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
mime-version; bh=IiCtJF7vJDIn4td2eENoEbnqkX3QCNBYgp196WXUQWk=; b=A3ewfnUNSgkQ
7DDVJ4OpmyJK+JvEBexHze27mENOiJvc3ffvzAXRb9bWRqp8Dd+1HiDZOVcltzW6WPsDLXY4cpDUG
z3Y47yaGzAdbaGYEn+jYXtTjnCT8ax2Xd1F2EiRTXc0NgidjR/QL+RWrZ0FT+rbrv7OPOxRnEUIdb
2r2wrS4kHEwh7ajxuYty1SdxPcCnJhyj+fKq9H7j0bNnE2lsjQLjwTjWuFOkeqRh1YJ38zJ9Iii5f
bqyYzLEeTfC7Dmgn1lwuLk6Ky3ZwXaqb5U4sazGVB5KGv4cWVtvcuAONbwBpfHfaglyRZfI7dlLmi
t3d4fLb+TgfAxIX0o+EqTQ==;
Date: Mon, 22 Jul 2024 18:01:54 +0300
Message-Id: <86ttgha2sd.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
In-Reply-To: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
(message from Stefan Kangas on Mon, 22 Jul 2024 07:35:55 -0700)
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Mon, 22 Jul 2024 07:35:55 -0700
>
> Since XPM files are untrusted input, I think we'd better handle integer
> overflow when parsing it, in case the file is malformed.
>
> Proposed patch attached.
Thanks.
Paul, any comments or suggestions?
> From 2aa0e1ac9705201939b30a8ca39b3354cbd62a8e Mon Sep 17 00:00:00 2001
> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Mon, 22 Jul 2024 16:00:30 +0200
> Subject: [PATCH] Fix integer overflow when reading XPM
>
> * src/image.c (xpm_str_to_int): New function.
> (xpm_load_image): Avoid integer overflow when reading XPM by replacing
> sscanf with strtol, to correctly handle integer overflow when reading a
> malformed XPM file.
> ---
> src/image.c | 34 ++++++++++++++++++++++++++++++----
> 1 file changed, 30 insertions(+), 4 deletions(-)
>
> diff --git a/src/image.c b/src/image.c
> index 90e6312e128..d8a8dc57ea9 100644
> --- a/src/image.c
> +++ b/src/image.c
> @@ -19,6 +19,7 @@ Copyright (C) 1989-2024 Free Software Foundation, Inc.
>
> #include <config.h>
>
> +#include <errno.h>
> #include <fcntl.h>
> #include <math.h>
> #include <unistd.h>
> @@ -6254,6 +6255,27 @@ xpm_str_to_color_key (const char *s)
> return -1;
> }
>
> +static int
> +xpm_str_to_int (char **buf)
> +{
> + char *p;
> +
> + errno = 0;
> + long result = strtol (*buf, &p, 10);
> + if (p == *buf || errno == ERANGE || errno == EINVAL
> + || result < INT_MIN || result > INT_MAX)
> + return -1;
> +
> + /* Error out if we see something like "12x3xyz". */
> + if (!c_isspace (*p) && *p != '\0')
> + return -1;
> +
> + /* Update position to read next integer. */
> + *buf = p;
> +
> + return (int)result;
> +}
> +
> static bool
> xpm_load_image (struct frame *f,
> struct image *img,
> @@ -6311,10 +6333,14 @@ #define expect_ident(IDENT) \
> goto failure;
> memcpy (buffer, beg, len);
> buffer[len] = '\0';
> - if (sscanf (buffer, "%d %d %d %d", &width, &height,
> - &num_colors, &chars_per_pixel) != 4
> - || width <= 0 || height <= 0
> - || num_colors <= 0 || chars_per_pixel <= 0)
> + char *next_int = buffer;
> + if ((width = xpm_str_to_int (&next_int)) <= 0)
> + goto failure;
> + if ((height = xpm_str_to_int (&next_int)) <= 0)
> + goto failure;
> + if ((num_colors = xpm_str_to_int (&next_int)) <= 0)
> + goto failure;
> + if ((chars_per_pixel = xpm_str_to_int (&next_int)) <= 0)
> goto failure;
>
> if (!check_image_size (f, width, height))
> --
> 2.45.2
>
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Paul Eggert <eggert@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Mon, 22 Jul 2024 15:40:01 +0000
Resent-Message-ID: <handler.72245.B72245.172166278522752 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Eli Zaretskii <eliz@HIDDEN>, Stefan Kangas <stefankangas@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172166278522752
(code B ref 72245); Mon, 22 Jul 2024 15:40:01 +0000
Received: (at 72245) by debbugs.gnu.org; 22 Jul 2024 15:39:45 +0000
Received: from localhost ([127.0.0.1]:58466 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sVv8b-0005uu-4y
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 11:39:45 -0400
Received: from mail.cs.ucla.edu ([131.179.128.66]:59820)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <eggert@HIDDEN>) id 1sVv8X-0005ug-G8
for 72245 <at> debbugs.gnu.org; Mon, 22 Jul 2024 11:39:43 -0400
Received: from localhost (localhost [127.0.0.1])
by mail.cs.ucla.edu (Postfix) with ESMTP id B8A883C00E400;
Mon, 22 Jul 2024 08:39:32 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
id FzUzR7VXEAvU; Mon, 22 Jul 2024 08:39:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by mail.cs.ucla.edu (Postfix) with ESMTP id 7C0053C00E40C;
Mon, 22 Jul 2024 08:39:32 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 7C0053C00E40C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1721662772;
bh=IKn5t3NVGfk5DvQsFe93n+TBDWAMOEwW8sRJwPbizBk=;
h=Message-ID:Date:MIME-Version:To:From;
b=ivt0tXXxBON+XgHW7RhZFOagbSAPvrLiqOvGZeA7zjnkJBcDiDTYiUtrHWsax0yIT
5WpdTiVbmaGMViLIgZA8ApcI+KQqSpCAfOrN+VLsMBluDYwDqE1F/J+2yqxlulN8uM
iDz/uHWIkzn1M+oE3nIXvt2wL8DWLXZzixXdON0orWrDSewHEDaW8Q08XPxfayfF+1
COU2Z2vFTsoClHMyt0Nuj4enyFk0gCMeqFyrZ9WYPNuAYh74lkQt9XOXzUPtnCHhyj
KC03yWgOMqFaFPEnoJjL04xcJwQdZmXzJil7/vaJ8SXO6ATufwt1XUXyuKXmYrRqEU
tVr8E2hzGvTTw==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
id A3FYMrKUiaAM; Mon, 22 Jul 2024 08:39:32 -0700 (PDT)
Received: from [192.168.254.12] (unknown [47.154.17.165])
by mail.cs.ucla.edu (Postfix) with ESMTPSA id 592FD3C00E400;
Mon, 22 Jul 2024 08:39:32 -0700 (PDT)
Message-ID: <def89214-f8e0-47ae-9d12-ca8c58590f8d@HIDDEN>
Date: Mon, 22 Jul 2024 08:39:32 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<86ttgha2sd.fsf@HIDDEN>
Content-Language: en-US
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
In-Reply-To: <86ttgha2sd.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
On 2024-07-22 08:01, Eli Zaretskii wrote:
> + if (p == *buf || errno == ERANGE || errno == EINVAL
This should be:
if (errno || p == *buf
as other errors are possible at least in theory, and p might be
uninitialized on error.
>> + return (int)result;
As a style matter this cast does more harm than good, as it will
suppress a static check if 'result' happens to be a pointer type, and it
could suppress a dynamic check on some debugging-oriented systems. I
would say just 'return result;'.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Stefan Kangas <stefankangas@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Mon, 22 Jul 2024 15:50:02 +0000
Resent-Message-ID: <handler.72245.B72245.172166338123646 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Paul Eggert <eggert@HIDDEN>, Eli Zaretskii <eliz@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172166338123646
(code B ref 72245); Mon, 22 Jul 2024 15:50:02 +0000
Received: (at 72245) by debbugs.gnu.org; 22 Jul 2024 15:49:41 +0000
Received: from localhost ([127.0.0.1]:58470 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sVvID-00069J-9C
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 11:49:41 -0400
Received: from mail-ed1-f51.google.com ([209.85.208.51]:46564)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <stefankangas@HIDDEN>) id 1sVvI8-000694-Iy
for 72245 <at> debbugs.gnu.org; Mon, 22 Jul 2024 11:49:39 -0400
Received: by mail-ed1-f51.google.com with SMTP id
4fb4d7f45d1cf-5a2ffc346ceso3207279a12.1
for <72245 <at> debbugs.gnu.org>; Mon, 22 Jul 2024 08:49:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721663307; x=1722268107; darn=debbugs.gnu.org;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=69jAXZIOIYbJuqilWgZLvhV61FXsEfKBEVfCl/OPg7o=;
b=P648QwLTF7sDLZEAE7vcKGVSId8GxNx+gskXuu2dPPuuMxLI4R3yOQHujYfT0jVgxe
1x9N88j55sh9GGvpy5Shv+7UUSp/f9OxYrSwgXcLIMJ7SWHaKDLg1pAGAkfR7RvVEeoP
z9Lmtl6TRRGYc296dMGgy+aFvpRGHAjDB/St5R2q5B4Me3z/Wr8i2NbtPs16T1am8Sw1
tdWQrnmicxD/ot7B+//R1LO63ujrJYMVOqhXlrJOnuTweuy483MC9aaMRSScEtbrU2/F
EJlb1yvAqpBPjsGilMMhCuUBu9eYfeF0m5Q3irGZ1Yij/6hWHLgzRAT895Eb0qTSIpL6
1R6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721663307; x=1722268107;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=69jAXZIOIYbJuqilWgZLvhV61FXsEfKBEVfCl/OPg7o=;
b=H5KYTYcCJXijAqcQsJ+8wMD8wOxzp5FAQe/4lvkhZ4n6s8svydgc2xK0u0ckX8tIFn
R7zJEjf4weB7iGPoth4bL9z9cYlOdghAjK+2TMpAaGClrFVUYCI6xfWr1lFFekSJdunk
ouLo08PEBrOgRrVVQevBnnYG5ybWXfNWcqjexePjd5g4Olzz19D01lPuKxD3IBuqN7vC
Jy60gBG0ZwaajERx9ky+pNC6OwyCsRyIjGQ1wNg6M66nQKsxD4GUGehDJK9cRLz1XdUs
NrnnKAAIvVFFUxPz3bQDnMg1s9/Xze+KCWH9ycDzXfNzdT9ZmbSb7I7JLkeYMPd7Eh3W
p4SQ==
X-Gm-Message-State: AOJu0Yz4cS0dyxpzWufcZv/dT4ItcDLz6N8yJUkNbsGX11A7dn7hom1B
YHvL5lwk5mcNN8z0A5VB4DODniPrBfDuD1dKb0KCiFg61hV0HRenODyj0IYEXjGj1sgI9roa0Mi
aTC/dzwd2T17g+osRGdRa0W2Zfss=
X-Google-Smtp-Source: AGHT+IGo1cSUDyr05NfxhyXxW/rhrQE4911u8R/bTZzecnBC4g4OvqEEAaITcRMTYwjHTPl4RWmMw6dyIZ02kDmPEh8=
X-Received: by 2002:a05:6402:35c8:b0:5a0:f666:88c5 with SMTP id
4fb4d7f45d1cf-5a941f17cbamr229613a12.13.1721663307407; Mon, 22 Jul 2024
08:48:27 -0700 (PDT)
Received: from 753933720722 named unknown by gmailapi.google.com with
HTTPREST; Mon, 22 Jul 2024 08:48:25 -0700
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <def89214-f8e0-47ae-9d12-ca8c58590f8d@HIDDEN>
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<86ttgha2sd.fsf@HIDDEN> <def89214-f8e0-47ae-9d12-ca8c58590f8d@HIDDEN>
MIME-Version: 1.0
Date: Mon, 22 Jul 2024 08:48:25 -0700
Message-ID: <CADwFkmn6e5DHREw56wT=+wqJZGmWdpN2TtsrxjsvGM8zu3Q6DQ@HIDDEN>
Content-Type: multipart/mixed; boundary="000000000000dc8d66061dd7f938"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--000000000000dc8d66061dd7f938
Content-Type: text/plain; charset="UTF-8"
Paul Eggert <eggert@HIDDEN> writes:
> On 2024-07-22 08:01, Eli Zaretskii wrote:
>> + if (p == *buf || errno == ERANGE || errno == EINVAL
>
> This should be:
>
> if (errno || p == *buf
>
> as other errors are possible at least in theory, and p might be
> uninitialized on error.
>
>>> + return (int)result;
>
> As a style matter this cast does more harm than good, as it will
> suppress a static check if 'result' happens to be a pointer type, and it
> could suppress a dynamic check on some debugging-oriented systems. I
> would say just 'return result;'.
Thanks for reviewing.
I've attached an updated patch with your proposed changes.
--000000000000dc8d66061dd7f938
Content-Type: text/x-patch; charset="US-ASCII";
name="0001-Fix-integer-overflow-when-reading-XPM.patch"
Content-Disposition: attachment;
filename="0001-Fix-integer-overflow-when-reading-XPM.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: 80183bf9a447c0c_0.1
RnJvbSA2NDQ0ZTRiYmQwYzVhM2FmMWU3OTE0YjZkYWZhYTViOWViMGNmYWQ2IE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW4gS2FuZ2FzIDxzdGVmYW5rYW5nYXNAZ21haWwuY29t
PgpEYXRlOiBNb24sIDIyIEp1bCAyMDI0IDE2OjAwOjMwICswMjAwClN1YmplY3Q6IFtQQVRDSF0g
Rml4IGludGVnZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIFhQTQoKKiBzcmMvaW1hZ2UuYyAoeHBt
X3N0cl90b19pbnQpOiBOZXcgZnVuY3Rpb24uCih4cG1fbG9hZF9pbWFnZSk6IEF2b2lkIGludGVn
ZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIFhQTSBieSByZXBsYWNpbmcKc3NjYW5mIHdpdGggc3Ry
dG9sLCB0byBjb3JyZWN0bHkgaGFuZGxlIGludGVnZXIgb3ZlcmZsb3cgd2hlbiByZWFkaW5nIGEK
bWFsZm9ybWVkIFhQTSBmaWxlLgotLS0KIHNyYy9pbWFnZS5jIHwgMzMgKysrKysrKysrKysrKysr
KysrKysrKysrKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgMjkgaW5zZXJ0aW9ucygrKSwgNCBk
ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9zcmMvaW1hZ2UuYyBiL3NyYy9pbWFnZS5jCmluZGV4
IDkwZTYzMTJlMTI4Li40NjRlNDU2N2RlMiAxMDA2NDQKLS0tIGEvc3JjL2ltYWdlLmMKKysrIGIv
c3JjL2ltYWdlLmMKQEAgLTE5LDYgKzE5LDcgQEAgQ29weXJpZ2h0IChDKSAxOTg5LTIwMjQgRnJl
ZSBTb2Z0d2FyZSBGb3VuZGF0aW9uLCBJbmMuCiAKICNpbmNsdWRlIDxjb25maWcuaD4KIAorI2lu
Y2x1ZGUgPGVycm5vLmg+CiAjaW5jbHVkZSA8ZmNudGwuaD4KICNpbmNsdWRlIDxtYXRoLmg+CiAj
aW5jbHVkZSA8dW5pc3RkLmg+CkBAIC02MjU0LDYgKzYyNTUsMjYgQEAgeHBtX3N0cl90b19jb2xv
cl9rZXkgKGNvbnN0IGNoYXIgKnMpCiAgIHJldHVybiAtMTsKIH0KIAorc3RhdGljIGludAoreHBt
X3N0cl90b19pbnQgKGNoYXIgKipidWYpCit7CisgIGNoYXIgKnA7CisKKyAgZXJybm8gPSAwOwor
ICBsb25nIHJlc3VsdCA9IHN0cnRvbCAoKmJ1ZiwgJnAsIDEwKTsKKyAgaWYgKGVycm5vIHx8IHAg
PT0gKmJ1ZiB8fCByZXN1bHQgPCBJTlRfTUlOIHx8IHJlc3VsdCA+IElOVF9NQVgpCisgICAgcmV0
dXJuIC0xOworCisgIC8qIEVycm9yIG91dCBpZiB3ZSBzZWUgc29tZXRoaW5nIGxpa2UgIjEyeDN4
eXoiLiAgKi8KKyAgaWYgKCFjX2lzc3BhY2UgKCpwKSAmJiAqcCAhPSAnXDAnKQorICAgIHJldHVy
biAtMTsKKworICAvKiBVcGRhdGUgcG9zaXRpb24gdG8gcmVhZCBuZXh0IGludGVnZXIuICAqLwor
ICAqYnVmID0gcDsKKworICByZXR1cm4gcmVzdWx0OworfQorCiBzdGF0aWMgYm9vbAogeHBtX2xv
YWRfaW1hZ2UgKHN0cnVjdCBmcmFtZSAqZiwKICAgICAgICAgICAgICAgICBzdHJ1Y3QgaW1hZ2Ug
KmltZywKQEAgLTYzMTEsMTAgKzYzMzIsMTQgQEAgI2RlZmluZSBleHBlY3RfaWRlbnQoSURFTlQp
CQkJCQlcCiAgICAgZ290byBmYWlsdXJlOwogICBtZW1jcHkgKGJ1ZmZlciwgYmVnLCBsZW4pOwog
ICBidWZmZXJbbGVuXSA9ICdcMCc7Ci0gIGlmIChzc2NhbmYgKGJ1ZmZlciwgIiVkICVkICVkICVk
IiwgJndpZHRoLCAmaGVpZ2h0LAotCSAgICAgICZudW1fY29sb3JzLCAmY2hhcnNfcGVyX3BpeGVs
KSAhPSA0Ci0gICAgICB8fCB3aWR0aCA8PSAwIHx8IGhlaWdodCA8PSAwCi0gICAgICB8fCBudW1f
Y29sb3JzIDw9IDAgfHwgY2hhcnNfcGVyX3BpeGVsIDw9IDApCisgIGNoYXIgKm5leHRfaW50ID0g
YnVmZmVyOworICBpZiAoKHdpZHRoID0geHBtX3N0cl90b19pbnQgKCZuZXh0X2ludCkpIDw9IDAp
CisgICAgZ290byBmYWlsdXJlOworICBpZiAoKGhlaWdodCA9IHhwbV9zdHJfdG9faW50ICgmbmV4
dF9pbnQpKSA8PSAwKQorICAgIGdvdG8gZmFpbHVyZTsKKyAgaWYgKChudW1fY29sb3JzID0geHBt
X3N0cl90b19pbnQgKCZuZXh0X2ludCkpIDw9IDApCisgICAgZ290byBmYWlsdXJlOworICBpZiAo
KGNoYXJzX3Blcl9waXhlbCA9IHhwbV9zdHJfdG9faW50ICgmbmV4dF9pbnQpKSA8PSAwKQogICAg
IGdvdG8gZmFpbHVyZTsKIAogICBpZiAoIWNoZWNrX2ltYWdlX3NpemUgKGYsIHdpZHRoLCBoZWln
aHQpKQotLSAKMi40NS4yCgo=
--000000000000dc8d66061dd7f938--
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Po Lu <luangruo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 02:07:02 +0000
Resent-Message-ID: <handler.72245.B72245.172170037823802 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Stefan Kangas <stefankangas@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172170037823802
(code B ref 72245); Tue, 23 Jul 2024 02:07:02 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 02:06:18 +0000
Received: from localhost ([127.0.0.1]:58823 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sW4uv-0006Bp-Vo
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 22:06:18 -0400
Received: from sonic311-25.consmr.mail.ne1.yahoo.com ([66.163.188.206]:43333)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <luangruo@HIDDEN>) id 1sW4ut-0006Bb-C9
for 72245 <at> debbugs.gnu.org; Mon, 22 Jul 2024 22:06:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721700365; bh=YkWrjVLt0ddpXuklNG/0uAuJ+Ub06bLsC0uNOXtpiyY=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To;
b=bGnsaqEp3mVk+L710IVyiFj378q3z/glbfLACf9Q24N/MqsLcDsb8MbCrJy8J1PjM0T75xGm8tDkK3rRT+ZjhokUjecmZdyRwLLmcr7a3RIFwVen2ndavUUY5eSO8T9QMUCHviM5pn6pCox+TKcNaXKA84jLlTL1YVsm/1Y1E4xxXf0ZVBqCFkvf2M87mtC78T6oaiVZf+Sk2oCUQzCx75WCjGMxb4ixTvJhx8k3SFMBa+cKl8vWvSADhOoQmWTGpmAuhhmqu4Sgjt19A6zuGl7pyj+xN1e8REsLqkyUGkOQ2+yRpgoo+x+u73wXWAutiK5a69sLxYYUI1YDlk9cZA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721700365; bh=8CZ2fZyTS9iZN/qHA3NAanDn1sP0AWxPo/xDgl2oSRf=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=GrV6YgKxVEIs1XWD4HSiYyKkuxrc8Nv3Yx/3sJ2q4ZB8HTFlPeYsYD65i4yhAcQny1HRavY889Bx+meHXmjPcmgZ3JTmRFj5uZgXx+vqBpN4GHIGF0yKzujOYjQC3d8g6oZZVzj0R1pj0benAjUD0XUmhzTZceKjK5y6j3zzvtsKg9u6NoDJnRbIV5ciFgqwZ+NQRpIg5y67oP8Vwiss/lv1pSvf6b/JadDpXYyC0SF21mRtCmM2VpqzBQw7DtVD5aBr7dFMecK+lNJ8tErTB/h0QvAu3K66bONtNyr4Ro/Brz/6wqVfkWw0EP8nEYDWwCpCI1qCrFSQraG6qNK2Bg==
X-YMail-OSG: 21GPbc8VM1lX.zlie7rkyqrqImRH5qUvX.KjsYifbqza4DhaKMhuM32Ku6qc_p4
gCjtkKfRFySr7YeaB2RjGR5EfTLiRQsrC2bPCQnkoTP2R5HkWROQsAcJLsxVFfzKZzvyE9mxYlMV
5z31POZZJkk2v75MEiIO5qIL2aS5TsFaHQuHzsqb9oRiYS0T8Rp6yvd7jycKhBp5lzYR.7bOZV2H
Cd.2RFAHV.5_Oj62qRZnUp1GmdCATNaNKBwaUVpMdeOvpebZfcQGh_P49ZeIXiDrS1PzVObXq1WY
oRZpDF.jRmRSbSwnwKNn3wDQXonHyqqpfuy_vDHJf3Z4hgB8nLDYLmSwtLSIo8xneOq47vr6ybw8
fOE7Mkema8ySU.7CE58.vbjonrrT.kKOjCNfdI7L_1SYKicd4ERoYHYuV7PvK5m7uylC2zKYNmo8
or8AWPvsahRfVfQodfFgrmQk7dxdtpc4iq49Aafs3Z4tE.NYGlzTSQRB22PbjSDAoWrXVVXe.Bqy
cMay22zXyJtVw1BBrRv9bhES4GRTafXW4h.J.or1GVhSMyXfcVFGO_yNpvuvFH.HRF3pf4ExPU0k
HEpQxrN39Kkoqk_O7K0fn9zvrwji_VJopgTYLDI9uYMHAJ3ecWKm6QYKCjUU.WxyLQ8E4gIgWK_9
fSBYCxiOShB8WumALDRIyouW2LFOs_CJqJUSoA8.q3YoWzUXqdY9hawWGElc7aRZqBS04zs8e7UA
klZYXpY2G_d44JqhI3pA1xhMF50DtO.sjCG4S9YRhjvm4pdJxycpYt075P0E11GyD7RmyhnnAunA
.ZBEt92gEPzChFQeZpYUrn79B.2l2hTVOJUQ3OjK0tz0da3r77hJFgy0cEVxuSATPZjIDFE1hv6s
RVMHIywoxlJMEfKVyeAw_hJOXZ01KVmzf.2yGoOcRhQpSZa8XnC_ctSxLCAvSn64FAioU9W97sqY
j57JnN.O0yE8YX119BVgdrbkd8jQjyqmx9opnaaidPLfZhqNmTJUelPW4D6k_Cf9Q5SPSPT5cO4_
.l82ZNKuTe3XTyMNpRqlg9f_J8EeXCUsxiw0me7wspuO.bcXZhIRoFV7aqF9OWYw46EtOqf2B5uo
tcVw2hhgE3VBDlMzzWQZNig7BFqac5y3GM0yUptcXl90Jj6xWSJ5oQecssyX8pGqqgzZz75.odux
k_Lagn8EtJ.Wd8Gb3e8gHxAqX5V65ArzUcjyf7E_wXnUNPdLT8qEekxxpuqECUmVYiLIgp3xfYtT
yLgzrPTUYR.hq5ap6TQ.hMPiNE59sFs6Mrzy_J6VYUUMWjht2hdhfV0jzd0Ec7qxmsoGl2gG.myz
5o0yvaRPMpaY2HoSoV_CQfKVdDsSKihWBb2sLCa_2UFRe036Cvt92dO93SKzqLJJVPYf4mGW3lic
KIg.a1ZyMxgoAR8_JGrSF9kFSJGzca2Cdp5ORxMufUaDUpv9yrVqvKQOI7hqmtQ6xUQeuxbFEQNV
2i87KMwC9UsLsSnq.aSfbiRXidKz00vnXPus8NBm3pW0Cf6bUk42Bnqo_1T_0dn9apnGEldEk4uH
mkcit0jB0DMia2mygzLZQVkiKHKxATS04aC0BDD9zjj2dDu0uoltV.o4rMVv_QuenzMYIxROD25N
ShJzKcswoztg_f3JxdOS.4fbXFVK4no.QsBv3MlwAGtEerZ3yKKBtF4R3GpXgr1zMXr5UJSpGG9q
YPr59VmD8PlrOIkibrTbS12dbvvjXtG2mCKpXhVX4hBHWePONE_NAtAfJfcnP.15E4WVQGfl9FLZ
0f.Dox9gCReExslYaARK5A3n29saSGUWJS0vFpMM0XWS41mQcYzYZ6WWikzmnEMuHMLceY_P61sT
P6QQ8BzwzLyx3NWSF4IdfzyyfFWrP_qMqSHOItjV.TQWp9srOIU55K.yEdflEbAfoaQgT1l8UivP
eFFnQPOa3Xf5iKOI.Km78p0as__C5xBucbAimWTvc4wvDsPgPdgWbT433kUorUAsyM7QWeEvynlB
IYeJ0dbuZs5E9QVBn8dxvAgwx8NQmKgqA2KcGeg5Dur3r2wlOEbyS4DgXzuwF5oh84WWQAPPASBl
XtU.ImrYlTUBJG1TCB7Jc1cDrzJdz0esq4cEpmb02i9r8IhCOSr6zwmX750KV36P4WsMPm.Fv42A
j7e2F5B8Qty1L4Hauk9rzMUDVoI.9fbne9SOQx.XDQ.NRH0izad6zgAAowdgR_E8aTWj8KdFCYc0
dT6ZeTG_5iC9zHgUwtkAogSk-
X-Sonic-MF: <luangruo@HIDDEN>
X-Sonic-ID: e5105737-20f6-445b-98b4-9813bf3e9cae
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic311.consmr.mail.ne1.yahoo.com with HTTP; Tue, 23 Jul 2024 02:06:05 +0000
Received: by hermes--production-sg3-85fdb5cfc8-9f8w5 (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID 76a97bec104d244cbb8407bac9679f54;
Tue, 23 Jul 2024 02:06:00 +0000 (UTC)
From: Po Lu <luangruo@HIDDEN>
In-Reply-To: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
(Stefan Kangas's message of "Mon, 22 Jul 2024 07:35:55 -0700")
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
Date: Tue, 23 Jul 2024 10:06:01 +0800
Message-ID: <s54o76oooae.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: WebService/1.1.22501
mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
Content-Length: 334
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Stefan Kangas <stefankangas@HIDDEN> writes:
> Severity: minor
>
> Since XPM files are untrusted input, I think we'd better handle
> integer
> overflow when parsing it, in case the file is malformed.
>
> Proposed patch attached.
What are the security implications of accepting whatever scanf produces
in the event of an overflow?
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Stefan Kangas <stefankangas@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 03:06:01 +0000
Resent-Message-ID: <handler.72245.B72245.172170393729401 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Po Lu <luangruo@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172170393729401
(code B ref 72245); Tue, 23 Jul 2024 03:06:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 03:05:37 +0000
Received: from localhost ([127.0.0.1]:58861 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sW5qL-0007e8-7t
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 23:05:37 -0400
Received: from mail-ed1-f52.google.com ([209.85.208.52]:51627)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <stefankangas@HIDDEN>) id 1sW5qI-0007ds-6V
for 72245 <at> debbugs.gnu.org; Mon, 22 Jul 2024 23:05:36 -0400
Received: by mail-ed1-f52.google.com with SMTP id
4fb4d7f45d1cf-5a167b9df7eso4915244a12.3
for <72245 <at> debbugs.gnu.org>; Mon, 22 Jul 2024 20:05:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721703864; x=1722308664; darn=debbugs.gnu.org;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=uVf9z17RaQevAqWlGn6ncehVVjLVa+LdQwaIcZFJNSY=;
b=VHOwp9ZmmvRXI9ciCT2R1UMseRfiMmuMqCNlYqe+Cw79j4/0dNaxaVBYJ6lYXPkPNE
KOno/sTddFuI2MqWkpjAslEzruELHT4jO54vVrdT6WKJ2zkmOFnNtlAApXDn2Ag3W2ui
aJdRvS/vbHkgizGC3DiQw+PdniZjPzqoB4is++yAiwESEybMmkE1CoV0OcFxAq3Se+Z1
MZr4i7UaYSLv6emtKyskwZZtIm1CKNHKi+k9jlEJWe1d6kjihcdRJP78TGuHD4fDgz/l
1VaMYrhA0PxFRpoBeL34e56uhP5PTWc+TM9BzwtvjkS+FlYA5K64Iok3UL27BH3dhky9
kILQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721703864; x=1722308664;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=uVf9z17RaQevAqWlGn6ncehVVjLVa+LdQwaIcZFJNSY=;
b=f6F5KvE6wGugckC5bhgHItFfgqMy9XK+W4tLNGmjnsbfYegZjn4blsm23/dqTDdndP
+kp/DsAAUDUnZoU2ZFmIs1aGZXUfUV360ukmMpTPbO7h5gJGSo2JWpnCpRo0pP/MERoc
ID90eKqVQ9MpkLMUTMF3njBIgxPg5mH/Rc+PsA+Ih6fIQjwYRDBolwMHyR9DdSV9Z4ap
KWbkVb/z4ZrnMwfo96blFW14LUEbB9eoV2cN7/AdcZcoiSNs58+o2syRnPeSogreOHPf
5O0VqeZzt4h+lxCH6VIf5qLiAV7Rw5RPSnnV1QmUBuKCzvSOXnW4BmuVfWr4F76MNVDX
N3RA==
X-Gm-Message-State: AOJu0YxiAXeIO95txFq75AqtMiO0pfyISdijTJ+evK8aOiLsomrmCIQD
o9nvWj4aUnxnl2vMZ4UfAD7dC7pQXmdFUck8qcEDye+443ls8k6/OfsVOEPE/eVuqS1cfvVX3cb
0oCtlD5kcvoc0tIlvFXQTd9NHSvQ=
X-Google-Smtp-Source: AGHT+IFGeH5d4DSDacsqLNFuK5iAFTNKVfdzcQEz0IIv6Aolr9Yebp8tvVsnMS7AYUac50I5iy2aczm3rpyWG45P5h8=
X-Received: by 2002:a05:6402:2809:b0:58c:804a:6ee2 with SMTP id
4fb4d7f45d1cf-5a4786822d1mr7006216a12.20.1721703864201; Mon, 22 Jul 2024
20:04:24 -0700 (PDT)
Received: from 753933720722 named unknown by gmailapi.google.com with
HTTPREST; Mon, 22 Jul 2024 20:04:23 -0700
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <s54o76oooae.fsf@HIDDEN>
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
MIME-Version: 1.0
Date: Mon, 22 Jul 2024 20:04:23 -0700
Message-ID: <CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Po Lu <luangruo@HIDDEN> writes:
> Stefan Kangas <stefankangas@HIDDEN> writes:
>
>> Severity: minor
>>
>> Since XPM files are untrusted input, I think we'd better handle
>> integer
>> overflow when parsing it, in case the file is malformed.
>>
>> Proposed patch attached.
>
> What are the security implications of accepting whatever scanf produces
> in the event of an overflow?
There is a good summary here:
https://cwe.mitre.org/data/definitions/190.html
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Po Lu <luangruo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 03:42:01 +0000
Resent-Message-ID: <handler.72245.B72245.172170608832649 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Stefan Kangas <stefankangas@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172170608832649
(code B ref 72245); Tue, 23 Jul 2024 03:42:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 03:41:28 +0000
Received: from localhost ([127.0.0.1]:58882 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sW6P2-0008UX-7f
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 23:41:28 -0400
Received: from sonic305-22.consmr.mail.ne1.yahoo.com ([66.163.185.148]:37368)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <luangruo@HIDDEN>) id 1sW6Oz-0008UG-Bc
for 72245 <at> debbugs.gnu.org; Mon, 22 Jul 2024 23:41:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721706074; bh=L18uE+GTrZgOvwCBWHx8cPDpwYKWmLZFhwLNANtlusQ=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To;
b=Y8zWzGL96eXuLwjPQzHKMiKMHfpWsy1ykUS+yWdI3bwsg/vLkOkBEJ5dp/GJry5AXv5AkY1Y8OAmZlb6l9fWXL/TOQKNq6Y7obP/YTeD+j8KCByhrS6q6foFaS/7Pel1V89AGKbsOcMEFSaRy2D9z4xg74H4MwIj2PHtk5+6WNSIEjpe5c+zWjzZP9Xf+uVtIglM9r7hO1pZu71IDSoN46y7KHQZ6YYhsrDgXmd1fn1s9Ecg0lxGgmMDQYEJG+yl1JDt8h6E269PB0B30ecPbA9B4CoUNxZGDBfB2tWAp+rJ+6L7i0tL/mAttJVSOUYvxB3BWurJ38U76c/To6/BEg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721706074; bh=Hs437lz2QXXXv+uwNLrKDCU5kDBriYWAby2j10ZkJ5/=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=dO7ojFJzGvXxnWkapOMXjEaPwWzr1+2kEm60G+hy2hIsobN5vDJqzWrYuoshmZJGZ2j2PxE3ZaDYXvGJzgMJ8g9EGu8CAwAnUdPO0q4j7gvo4qKt6jLywGVy1bDA3SC91/9kM5ZlVfSXKgU3xuv69UOGTCFzHcvmFq1W0Vsyz3jezOrUmgc2VORwjREwo5KabMSvlxuaj44fY1+RHxA0ITP2KKbWw+eLIa5rQuqMyhqp+lLmpwucWwKvKFmmojfEzxvudaGQgPharRL4e1l5UArCa0YLBQ/tJm8T4w+OvMEmVw8nD+a2vIoBGnzNPz+TmHhJVq97uY2kUMWRbNGZKw==
X-YMail-OSG: Usk4bnIVM1nCNERSKfuqeUnbCinijL39S6ikNmQZlHea9Vm2W4KVGcoVIkabssr
iBMOTnIOD.RJFs4gdBrDDgixT3O.Sl298zu8QIwzwswezhaHKSoTJ.3Au4x5iTBw3q1u4Bvc9SA1
0YHj84UvCelTxHyeQ7KlkukCuZp08J4Z0IGqx7LK0exDLP15p4oOt9.CQozOOmjmr2KOTr_dk18w
lcGDBEJnDHpR6nmuO_1vgZ0JhKVqhbLzo7kdowhUC4jb.115MYNBkLKii_Tb_xlMrs972a.ggYWa
djzo3VHsbG85H1.RAP1VqG4llmxjCGqXSaDv5f71bQYsJ08SHKqC2jcpY1pKXrIWWgON7AGGUCfz
upoHkAc.vmpWGpa3DQFXDV9Twa9DsoyMmilWQ_VyBkVs1zrGT9XaYHxYciUSxlSyu6YEcBXSHtDe
.6l0kMPzv9q.Rs_CvQ7aUZURDoeJO2Gr6obeH2j0cVntgs22sFsGMtZNw0Hv1wbRSU37mwwv6Kh8
XyFPATt8euzxde2UJce5MXoV2rglTLZA_WhmjwhmmJyW81cxr3i3l_7x0.3JG4TEd_FJ5_kgUjIN
gm_QOYdhNgOl83JxaB6QOPldX45kC9l0JCdIyEv4kaN_ciGLCaEttZUNLBKPrFIUjXdlervOZ_fP
iQF5BoxeDFDh6qssr27cHjTAIY425N0H0n4CQboWK43raqO1NWptjBcxnsmwKOSBDAyeY0ZPAonF
CSoGu_PXneuniyOIDdFZDGsmPblAQcWhs4d2jXG4izHo4WQQQuL6Elgew9aTRROMS3BkiySBjljc
RYa_tExLvBzyRCwGsYLEi_WzXFahIlourSZVNZv2.Ey0rdd46XaHtxtP6go1ekVuqBxL.GXjabiP
SlG4WoG.nIryxbsnhV6nNyhfvvF89i8lkMsiKih60aiwnO46lrBnt.4EerSA1ZSPpw0ukHEUj3Zi
YbL_5WQ.h4vUbFFTtV_VTaEiHGBr.ziXO9fqlRf548134Pe4Ex65TfLRRY8PtHNzTpPj9bjllv39
oy_uFAn_P_KSziW.Io.06Uxxn3UKbs9BuNSuEHnz9.OeRBzbNSrRCZGslkjDIhIQVYel..HlneFS
6Hpb2hFiT1Oj55DgCYpLAHnZaLajTySN1H24g9Eddvt8wjNzBNxuPfIpJHaR9Oyuwn5jRjjCjUl5
i8BTT.aRpbw_CX0u6TjPekqtnk7TtplU7dpBZma9uJl_bGIl735hQBApPx2CLh1JpScePqCxS3L7
qDTqFeCY1z6YenpZ12dZ1Z2khB721nlBys_J1UzsuQH2qeSOdBvXljIfVkHmmjxD19c91u5vBA18
GWQxsQcz2BgKUuXPKi65TavP.HOWSswlt8UBhdRCj4Vkaot7cTyK1z.3_GpBwn_I3ylUsfHywL03
dwiezJwY9mBlW1wpS9WbPtptf9FWSFKZ34tcOh6Rs7ONV3kOkzDKJneBqcFjy0_dX_7.QpjnmmuN
TzE3NK50S4Al50S6W3Jk89yLM.LMhjs4HKJ9GoIZP8.SCmtxSdXQEuVXONO0piPpFBtUruj6z_WZ
otHGcPr35DSILxF0lgqm0iD7TPl4Ys1gfuJnbLS9YCLyMMJbtrNS2tKgDgkO77yt_.uXV4eKFw7W
UgDQQb46Oe0DIJhWK7O8kCbaz6ScMGObg0ucI_OolivBGA.quptJ5FYGexELcZ82oA33xfGJtrzz
MrroakQYrrGEKSciSMkQDpJ_FAV8uenW_vS.TEutVnih4WpXl_hUlmVcm80ynpZEZYHQptNx9SoE
2qpsetEClyDlAjL1UNSWkjRdHvmPPrCvGH_.30QsPTq6hEJmQJ_QndqWcx_j7l7f_5oRIhdGNIeo
QGNtDyH89lqwhoLD3gAkqZWobVklQX0E.QTWFLEb2.ku8if2aJo7fAICVAQSFcyKO.aI8VvamxnH
4rSShtlb9Vp62ZoLNv6AvsvsvjHL8kC1GGJflnit6nVevFHk1P4wKWgbMYIEA49.J93GxlWpJsJ.
q8A_kjLt0Kwl4zGruCuQBl75EUxrLJx.GoeT1sPzY1nxykwTsZyl4j1.blfbeq2vH68G.7U0CLEG
jacb5XvFayAO2hDe97Pq15v.gYQZwmuPjMz7pgMThdC8MW3a73ye97wkOAnfuXHVMBhb7p0x7_lE
nWewW433kuLcxRq2Znp30uLgfx541vfuoK7y6qKBdsHAAOn9bRsS7CkUNVKyQN6d3DDVNcRNZoux
CDB60_A1S.8cfAIJQlPQO3YbzDV4pQN1HRKkyQdNbspA3DX_wdk0-
X-Sonic-MF: <luangruo@HIDDEN>
X-Sonic-ID: 978d049a-c3e1-433c-8398-b372f29beb11
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic305.consmr.mail.ne1.yahoo.com with HTTP; Tue, 23 Jul 2024 03:41:14 +0000
Received: by hermes--production-sg3-85fdb5cfc8-shhxl (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID 3a90141331330bf294596d57e75e9133;
Tue, 23 Jul 2024 03:41:07 +0000 (UTC)
From: Po Lu <luangruo@HIDDEN>
In-Reply-To: <CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
(Stefan Kangas's message of "Mon, 22 Jul 2024 20:04:23 -0700")
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
Date: Tue, 23 Jul 2024 11:41:01 +0800
Message-ID: <87frs0ydv6.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: WebService/1.1.22501
mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
Content-Length: 1033
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Stefan Kangas <stefankangas@HIDDEN> writes:
> Po Lu <luangruo@HIDDEN> writes:
>
>> Stefan Kangas <stefankangas@HIDDEN> writes:
>>
>>> Severity: minor
>>>
>>> Since XPM files are untrusted input, I think we'd better handle
>>> integer
>>> overflow when parsing it, in case the file is malformed.
>>>
>>> Proposed patch attached.
>>
>> What are the security implications of accepting whatever scanf produces
>> in the event of an overflow?
>
> There is a good summary here:
>
> https://cwe.mitre.org/data/definitions/190.html
I'm asking which component of xpm_load_image is not adequately prepared
to reject excessive values of these image dimension fields, for the
immediately adjacent statements verify that width, height, num_colors,
and chars_per_pixel are not invalid. Otherwise I can find no reason to
substantially reinvent the wheel and complicate image.c with a pedantic
10-line function for reading numbers with overflow checking,
implementations of which already abound in that file in one shape or
another.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Stefan Kangas <stefankangas@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 04:14:01 +0000
Resent-Message-ID: <handler.72245.B72245.17217080383365 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Po Lu <luangruo@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.17217080383365
(code B ref 72245); Tue, 23 Jul 2024 04:14:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 04:13:58 +0000
Received: from localhost ([127.0.0.1]:58930 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sW6uU-0000sD-3j
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 00:13:58 -0400
Received: from mail-ed1-f46.google.com ([209.85.208.46]:54287)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <stefankangas@HIDDEN>) id 1sW6uR-0000rz-DK
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 00:13:56 -0400
Received: by mail-ed1-f46.google.com with SMTP id
4fb4d7f45d1cf-5a108354819so4620473a12.0
for <72245 <at> debbugs.gnu.org>; Mon, 22 Jul 2024 21:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721707965; x=1722312765; darn=debbugs.gnu.org;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=aiuCeJ0GeiQ3zbD/zHYbheIQ8c1tRu1rGChO3bgxM10=;
b=OfxrI4Sh9CYBYMOgByginYRQVvBVQ8mpjtlY3+bRSW46U0izkAUtSNqo/a9Uar+V8g
E6jx2pY6JeNFuWs0Fh9ll5Wc4dHl65OtzEs5FUB7KmA1DxB4da3xMB2d4PYetQ0BqGuy
dzDKCl/SNSQmLELDPff2uwq3V2PGgz3TI49uQ8cHsYkC7tm0vbQVbRUJKSi0AzfdA30I
HDAU0Q/d3HkCo/JyL8cukXqgHnETdW0BlMka3dVwXlOSzo50ka18xnmbJBsOuznvpJxV
WfKLc0v0r2wDR6muQnBi70v+ozq4BKMPwbJCjVMjc+0MVx/amn2torVYbr18E0rxYR/K
kmkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721707965; x=1722312765;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=aiuCeJ0GeiQ3zbD/zHYbheIQ8c1tRu1rGChO3bgxM10=;
b=fREYnx0f8oxO2auxoalw2PC6W/8sPM16bgAQ9R0MXxkik2mIuz2rVFQJBz4cg5gpaA
OBRzAjmySd8t7+lzF45Wg9LzDbgqg7RdFNLvAOvJisnZEddUONl4Rc24xR97P1+vvs33
vDfOa6icCCm2Mumea3KDYjYL8shf9hKC2ujqd9FeBsQTp7iVnOKrehHqkfBDnlNiXzAK
pAuSwtc6KPLhmPNIz1cidik/SIH6dYqWLRxSgRMGEFXKx5mdNGbIIxqB6ELDS8o30QNS
UXE2ithsleuhbF9R2dC15sFSHCN825IoMGlLLxVhBNQ9P0kvGqgnReEgsCbKdfJ0Wm8P
dYfQ==
X-Gm-Message-State: AOJu0Yw4aANDgBvYjzkMpQ9XE4CG3hyPElLIhxDZFyMloVpBNoIiDTGQ
g0AtbkP2P/F6IYOVl8Y3Wx/cmLeFg3r/CBFlqQAfODzfOzteZF6noPSyWn6gFgRkz+aePq8dlT7
6kK9yzTtfqIEyKkW0izhbXfJ6vEA=
X-Google-Smtp-Source: AGHT+IGwsZPQAt07hW34mMK5ks64BWCMST9RXji3osGva6uwR0pgSK8ixx2IrpUt3j1HrHjSQCAhdhtBlRPENLOha3o=
X-Received: by 2002:a05:6402:11cf:b0:5a2:eab0:4a with SMTP id
4fb4d7f45d1cf-5a479b70b58mr6642904a12.24.1721707965409; Mon, 22 Jul 2024
21:12:45 -0700 (PDT)
Received: from 753933720722 named unknown by gmailapi.google.com with
HTTPREST; Mon, 22 Jul 2024 21:12:44 -0700
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <87frs0ydv6.fsf@HIDDEN>
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
MIME-Version: 1.0
Date: Mon, 22 Jul 2024 21:12:44 -0700
Message-ID: <CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Po Lu <luangruo@HIDDEN> writes:
> Otherwise I can find no reason to substantially reinvent the wheel and
> complicate image.c with a pedantic 10-line function for reading
> numbers with overflow checking, implementations of which already
> abound in that file in one shape or another.
Thanks, but this diatribe doesn't really help. If you think you can do
a better job, then fine by me. Please show us the patch.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Po Lu <luangruo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 04:47:02 +0000
Resent-Message-ID: <handler.72245.B72245.17217099756369 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Stefan Kangas <stefankangas@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.17217099756369
(code B ref 72245); Tue, 23 Jul 2024 04:47:02 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 04:46:15 +0000
Received: from localhost ([127.0.0.1]:58937 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sW7Pj-0001eY-1a
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 00:46:15 -0400
Received: from sonic312-25.consmr.mail.ne1.yahoo.com ([66.163.191.206]:34948)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <luangruo@HIDDEN>) id 1sW7Pc-0001e4-At
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 00:46:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721709957; bh=xPUH7I52otZPJkuMUr3bNQwih0G2Rbkx1vxCZh9f5/g=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To;
b=XN2H3n2+TCONBAdyIi/9SvYneHQ/mBYd8XDTxmhUlIMVZNVWntQr/2k2q1ty1q/rkC8owyls0KwOuhl4xfexr3rf1vqttuQHg5777n0VRbqQ2QWN/7AzIeq3C4+svcitWjbp6yGsKVWElQUkvsl8bY+5HUzm8jmfIbyHBIvvLbsQ/coKTiSss23clLENhJUHObds1rreRzot/Rp9001Cvu7FNaUn5/3JgX/lxmNtQQ/5+1D4s1L1uq10g4BqkR42qBe/pct6NwMagQa32AKCFYYDU+qDCMYlzgKEwTZp5cTELCsQLdITdNmq6Fg+Z6XpXSWCRT2mgSmvd85JiUfS6A==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721709957; bh=13+dcZ3hF1+ofoLLDw1sv/XDFJuH9gOZ9v50KWsU1kR=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=MZFyEpQyatDrj5YfsPqruHVwaoqkrMY+v8ifCnQhw9RriokH9PQmMm7M53x3+Ae57yblF577k2i/GtHSJRhQeu4GCzTt0OZSHcUHmZ9uifq17SVqxrr5mUItLgHW+g2aG6roHDLo29GJx2+AtF6l5lpZqJQsvqQcpdKTIDH/M8pdbz+3eOffGMBMrAsL8T0QsX50TvcQ4r4HG+BV93D4GD759+CxcVZseKqsfPa6XKv8nJHcmfikbDYFPbzgN1s+utth7EavPAVURQoSFj/W5aW9MzsVbJouCqE5xLdmjQeD9H+euwEwN9RdKHfwUv5IzpIytTcmKXcC6dKNJhkm/A==
X-YMail-OSG: GCYG.2sVM1ltCUzvyATWwl0nVaGeC.jpXNaK92TIa0eCX2GTmN5tfVbv9eM1Ht6
uTztLLL1_7V8BQy.U2MPMTPSE5s6ykn6BhWCIvcI8yDRFUbgdJobUtTvsrPqsWge64EdwGg0Yr3N
7AAAHSMIm6viFqyOK47noq5HjKKBotIfrWy8KwjefPXmkW8rXuR3EjjVx2hgAciWuL0rFE_2XOI_
bLObDGlCZG5JLHPVT2iPf2rq2nvRwpxTp5AN_hnva_S6Dh.v7FrtpyGFjXPRVG8tb.CSzTnifQwo
F6xnv4K8R7ZGit7aFD9Sqw1P61u632sO8P2FSZJrHEfABe3S3LBYlgKTkKQ.7xwZXbr0gNCUgwoe
foCmrsZZVsHgImdNmejehvVEw06X1YHFBu.qN2Yla3XyXh0MpMXpiuUxTIX_73X5YWFG_.B.BPeQ
.Np.rK2u_KjGo09efC4NsdARhE2iT.GaWYbduzdrRkffy8foUic6k1zxMpi8znjUoixY_nty9Crn
.dPHtl9V5bcdwObfxPLB_wrlBXPTAwGVh_ZaakG3lXKMyadaCd6nLu0EEdh9wt86HwbSsJPlKOl9
vhoYir_uMotHUSlkzly_mrb.1Fw4bVhYKuU8f8Nms_wd6uynww6eUXy2xJ6YLwqwOhQ0_uv.C7KN
eXd8Z3pe_k_9Sw9LhUOg5WOdF3ZXG9dxlsLz8PW_x64Tu4Npd2ph7XlgocGJ0Qg9pEJpbIAvetA4
fMMB4XcJbI2yfH6kOXEUsPOe5t4Xc83aHkVOKYgp85Yt2vyvAo2nCKk.Y61__hkg6WMsjrT74H5_
KcqzjUImF88SXigOhibqep7Ezy0mbGM.z3ifyrDBNs.48TUA3KQR5v04eNV5Bg0xnlsMLU7fnXW2
uOnu47pffBrAy9SvSXC4hCOOLEng_M1xSYBS33qqESLQ1OHA18VBWhoJFD3eSNzEbow9of7l1dzh
a6UmPh_HSEBZAy53NxTlMckvrEEcB3d7y48Q9drsCbpKzZ0I3wRfA3_RBdcDW9WyMehYGIecEvwk
I3bSJPTzclK0SqJtqp1KjLMy5EEDNZdeyf2xgMsxhl_LEvgjYT.13q.65vJliZ2krbIWrCH9T5S4
iORfkAU.j8Fd4jHml2xTBoUDE0BRfVW7ywAAMlT54JwKR.HcUgFWAnD6g3BHYFze5R2AqXaztOyL
pualkR0EdR2TtADGisDJwl57HE2KjBmKWRIQpImTMOs9VtbmNo9XSRvOxQsFEpKty9ZQ7CzChtmp
PEvxPr_if25pVJGh0z5MOQ51J.OH5MgHbODiBGke5eBRzRM3wVkEACWJi.BIkJc18b7f.6xYI007
QPkevcOL0NhvC3Dtnbk_KT8n8_2U6Uw4ZR6_IxMeq6tun1pydwhajrhgMCZZRZnPLK4zZEpxRB6C
NFRlCMYuEwTg7nNE2eOsjGtHDFg8PHKt4y3Uy43dxkxyG102eAu.AkhxAY87uZntOOOXqwy58RWE
IGAS_k6xAE6OMLmgqBW_zaQzgjQx_9i2sQd7cc.gQDoa8OnjUIjtEIkWyms5_0T_2Jigr3KENLZ2
MGjVUJuox7J1r3F4LMYzKHLJphMsx8NGYSX0.JVVm5Jm_gvTGx0pRqx73gn4mXwwNI0BsPQvGs1S
53lpFvkEKmlnE7JiB4h13yF0.lreFMHi5xvDLEN8ybRInnyZHp223YFaZ36BN8sAtzwuUBzOdSjI
a42DhWNwF34M2F8705EptezGitn_oWQe0bl0ofCCKYMX7UJPcUmu_sJNP4UINSs81cqzN_bn7Rzk
iRwnaNnVDyIUXpPiQZ2mbMQcygfAf5p1nL6jIsVd1ImscSF3Nt6IUIwCU8RS0bakisV_.uNtGml2
yneem0kqRIw2.1l9gNPGpAmmXw2MFkr6BVX6lSTzKsPsMw0a5RszeVGIsg8nxvfznfb93l7c4wV6
TxwGcWGScKnegYpvlQRvs.5IOFeHqU7o_aLTXMkwACPkyVFoLZAoIkhRJ4ys1Ffv_NH7zoeA8HmM
x5BbDJOa2DP_1bWq7ZIGiKnS.2myxYWVJ6ZBITFp8jmiOJMWo0kWkVNJZauPDjXgjbT8FS.0.QEN
I8XWxCU5NCenntjHIIBQ8lT2qz1p.LWGWRGG3HaosiSCGGBcHqRmvFpYxtmuJjP3.yDc58HL32wP
O5BU2_Y0j.vZxpmb9Rf7r7k4NVY0he1nr_mIO54LKIqCBK0SiXS8qkk1ErocGKwy8M1M5lgwr8yW
jfwDhxgMugC_OEIbFkFChGGQtEYlfSW.z.AqRKbMuEDOf1vBEEIQe
X-Sonic-MF: <luangruo@HIDDEN>
X-Sonic-ID: 3d98326b-ac00-4711-974f-77e2fa5252ec
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic312.consmr.mail.ne1.yahoo.com with HTTP; Tue, 23 Jul 2024 04:45:57 +0000
Received: by hermes--production-sg3-85fdb5cfc8-gthtg (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID b819abdd08ed92135e61e0019dcebbf0;
Tue, 23 Jul 2024 04:45:51 +0000 (UTC)
From: Po Lu <luangruo@HIDDEN>
In-Reply-To: <CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
(Stefan Kangas's message of "Mon, 22 Jul 2024 21:12:44 -0700")
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
Date: Tue, 23 Jul 2024 12:45:44 +0800
Message-ID: <87bk2oyavb.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: WebService/1.1.22501
mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
Content-Length: 650
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Stefan Kangas <stefankangas@HIDDEN> writes:
> Po Lu <luangruo@HIDDEN> writes:
>
>> Otherwise I can find no reason to substantially reinvent the wheel and
>> complicate image.c with a pedantic 10-line function for reading
>> numbers with overflow checking, implementations of which already
>> abound in that file in one shape or another.
>
> Thanks, but this diatribe doesn't really help. If you think you can do
> a better job, then fine by me. Please show us the patch.
I'm saying that there is nothing to be done. This change is needless,
and the report should be closed, whatever opinions the security theater
might hold on the matter.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Stefan Kangas <stefankangas@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 14:53:01 +0000
Resent-Message-ID: <handler.72245.B72245.172174636325513 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Po Lu <luangruo@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172174636325513
(code B ref 72245); Tue, 23 Jul 2024 14:53:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 14:52:43 +0000
Received: from localhost ([127.0.0.1]:60513 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWGsc-0006dP-U7
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 10:52:43 -0400
Received: from mail-lj1-f180.google.com ([209.85.208.180]:44162)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <stefankangas@HIDDEN>) id 1sWGsb-0006dD-2i
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 10:52:42 -0400
Received: by mail-lj1-f180.google.com with SMTP id
38308e7fff4ca-2eeb1051360so56666141fa.0
for <72245 <at> debbugs.gnu.org>; Tue, 23 Jul 2024 07:52:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721746290; x=1722351090; darn=debbugs.gnu.org;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=DWf/RGNi0NHwls8/q3pdpb9LVrF34sCNXTNhCfMgknw=;
b=TTTLS2Cmn1K/0+AQZO87QoH0yCArx1YIGH/N9Ea1uGHk3EHk82x4wMDVDjS+gfd/Cr
J03IAGlfADRPua+cgoo6QtHHZqLw8IZfy6Tvnh52gfPU9xY4yp0PMG0/79yqXnyphF86
+DPN1Sel6eCLoNMr3gHDnCJHuF6pDMY7STDfKFotyyFs44u7mEqk/Cwg+XWLtnuItT0Y
jeoPaHezfK0iwjkKwkqZhXm/PGeaVIMELxXk1BfDssOiW+eFjPkIdiynZgQo1J1i9Bt2
w9AgqNXAgsL7Dfs3Muy0Jihksp+8AEA93bWuMXRqyYFr1fH0haxhG45jeLfNG+sBT6ym
2KfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721746290; x=1722351090;
h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
:from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=DWf/RGNi0NHwls8/q3pdpb9LVrF34sCNXTNhCfMgknw=;
b=LHOikxVZBcFs9T49YNHJSItSzLktErLtsRr80o2RKkcbeSI5ILICkdsR4MfSYKCcGA
7BlUUM25sKK+BWyqogq7kgXXeTAEisfPQyOOuKwr5XaWdDFaK4aTp4BYKKZZ84AEQym0
pgfUk/t8h4c6kfLpM7qp5aPcVvFHdJewOavk6o1+DR0tWgfphKLDN1b/KoGx8b47Y6Mz
6phwJE8+3uL6cESQLTVf1jdMdb3lGMGNXOE0WjUh5TdJyUphiiT+wxg/T9qOmNLC1MHM
MjughhkKC1N/wpwHlTj0rHV20GJLoi2Dsfg1eJFDBfOnqjUgm5k6cMhrzvcGFMv/U2GU
l66A==
X-Gm-Message-State: AOJu0YxpqxJMg1hsfZouW+bUTf8hCXKJPNCcWquBCzmrgeSe4idThTJ4
kx8dn6cYkvErQKy1G0W+VckkA/iPBQf4DhyFkfChNJyX7fVKZCqFWYlB7lccwkZJ1V2UDBlQ4sX
xh5Xy3VBRUHM9ZbYL7tnWeLa0/+o=
X-Google-Smtp-Source: AGHT+IFVbM2LKGKqhvuq9EzTDfcgEbI4fR/y55oimCJP0Kr372+8FgjQl/LyU0nnw+lrAztU29c44OYrXfgfMd0Cka4=
X-Received: by 2002:a2e:9297:0:b0:2f0:1e0a:4696 with SMTP id
38308e7fff4ca-2f01e0a4f0bmr24115111fa.7.1721746290188; Tue, 23 Jul 2024
07:51:30 -0700 (PDT)
Received: from 753933720722 named unknown by gmailapi.google.com with
HTTPREST; Tue, 23 Jul 2024 07:51:29 -0700
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <87bk2oyavb.fsf@HIDDEN>
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
<87bk2oyavb.fsf@HIDDEN>
MIME-Version: 1.0
Date: Tue, 23 Jul 2024 07:51:29 -0700
Message-ID: <CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Po Lu <luangruo@HIDDEN> writes:
> I'm saying that there is nothing to be done. This change is needless,
> and the report should be closed, whatever opinions the security theater
> might hold on the matter.
I wasn't the one that started a subthread about security. You did.
The primary consideration here is correctness. Undefined behaviour is
generally undesirable, and is a source of both bugs and security issues
in the wild. This is not "security theater", but a fact. No amount of
handwaving or throwing expletives around will make it go away.
That said, since you are asking, we are indeed discussing security
sensitive code, that is executed without prompting, for example, when
users receive emails or browse the web. We are also discussing image
processing, an area that is notorious for the bugs and security issues
that tend to lurk in its many complexities. On the CWE-190 page that I
linked, there are several examples of integer overflow in image
processing that has lead to very real exploits. This is not some
academic issue.
Whether or not anyone has demonstrated that Emacs can be exploited using
this vector frankly misses the point. Let's start with making Emacs
behave correctly and predictably in the face of invalid input. This
really is the bare minimum. Then we can discuss whether or not we have
more work to do, security implications, and all the rest of it.
XPM being a relatively simple format, I'm sure that this code can be
fully audited. I invite you to do so, and I'm hoping that this will
reveal that your faith in this code is well-founded. Meanwhile, I
reported an unrelated crash in XPM image processing in Bug#72255.
Since we don't have an alternative patch, I will install the one I
proposed in the next couple of days. Thanks.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Po Lu <luangruo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 15:16:01 +0000
Resent-Message-ID: <handler.72245.B72245.172174773828024 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Stefan Kangas <stefankangas@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172174773828024
(code B ref 72245); Tue, 23 Jul 2024 15:16:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 15:15:38 +0000
Received: from localhost ([127.0.0.1]:60528 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWHEo-0007Hw-E1
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 11:15:38 -0400
Received: from sonic305-21.consmr.mail.ne1.yahoo.com ([66.163.185.147]:35508)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <luangruo@HIDDEN>) id 1sWHEj-0007HZ-Rb
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 11:15:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721747722; bh=hktThQCtT+ArXKNbgy5uiun40SttM2GVK6m8dgSQF1g=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To;
b=uPPcrVRyphn4bz/Pmlcfh/pLhYrlkdSCOR7OHiakJOQJoqx6THm84XBJxUY5T2s2h7IMA2SraMIYEy7aI3aW15xrrM17p02Ie+n5JgncgiCSCAynEvMeB7qEOBmwkid1g+ktQ5w/HUtqTj9/XZvPu0dCuZ2E/cOrxMHf7ZSDoqfc5yg+VWDL/yzjobVoxCzSEsoHNJUYY0tazBIJze5aW5fRPjtZ1mUaAMsEoLe/mWyt+Q7TvY8Wv0HNbH4FfrDL6tVYQhybYydK6lylQkHVAsPR862yS31h+EsOLlRGLN5hHfnV4UVRyktBjKLaDu3MKLnRx0BFXy8Qaf/qvlssUQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1721747722; bh=m4eXZ2TKEgYT/LBM0dJPHfZ0v2rBUn9WCE6SLFPHaFt=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=Ym56KSCB9UG0zMXhvjXg+N5PyvetsBOQHHATJ0f333SfWEeKfgiWdhLpvaEcogVoulvfBgozHJNYw4EbZBy3Y99dYO5fA1kuwzOOoe6zdumreXSyrIj4az71aHDA4Y6zvGF/SFKx46+UjpHyZi3S3oDs+zCgEoNpFtrOK+419PqHpp2rH/ij6+smzKrcgGixr+SEvqqkyEiRFgKbbe9suFGq9Dhh16kC5BgV+2ZMMceFcCooX1ySI6VK+Cl9fFJHEBukFX+Bw8G1VrAMQ6/jGGzFGVMDJZQBgelUjKNLDfoeLPIDEmnj8Fl2EOFJLejFAKbfPzo/tYT//mJuJBfSKw==
X-YMail-OSG: 126BLc4VM1lZImmUg6yj1.vdCI5Qudk1K62fh7E_8Ook6tJleNt5YRM6tm0ivmt
w_dxfTG2XkT1RIueD85bS9zRbLFcBueaO6Lmk0XWMJVRMVxNpubWdHOT0lqh9gSoE56XBkSVGlF0
ZiHx5rzDi599Ng39ykwpXvW7iMU0LQMik9n.nrO7g4U3r_KuivTgSxzSFZQbDnmU2bgEUWTJFE2d
_5MMdIo5iX3c37C.UBGGZxeMgv.G3oH_yvmz4gGTYyI8PCdW.D9hx4kSoxxn3f8VFeulu4RvnNFm
xA35gc84zPSsW6cXMnJyjnCp.j6XCYzYboZUxsc2vvJlYEHZ8jah1LlLVVwMsP2YYMXtlMPS_8GU
466S1rTfwCT_po9ALLXRMxene1C38ON5IbjBxUY8dkYqE0rWUIRJnBj.205AwvCBkG68y_ysnya2
pFjyrMvcJ3eYKBk2KyX90B3.YkxsWPgbbkNLZoxPJuKLLIAXYKBTYMRPoic.U6K9e7R8kj1SdPDH
lkaAzudwQyKSdYnXIbFnS_pHvd9xUv0IhdhYxXmh4wQfvw3WuVn7lVDOgO3Tx79FFFFDMDqWnJl.
iCEdv7NLc1pdPtmqz6IP44Mp7xNwqJrXUPfmOO1R.lI9yI_5Ji.RRvV8v9O1QXvWoqvbMUCzPw1g
AfL_4Og7WwynqQ4.wmyAtxWJ2s64ofblLm3WJnjW.vwSYQumy0OY9jkSHUAG.quLh5DQB6.aONIo
gq_7mmEZk.iVJ6CkXoZg5hUu2.wxFCltulSQyDdskXexo4s.TH3346DvZpqzFuQVIYSCdTZ7_PCN
JwhVZKb7_EIU3etKQAR0QDMVcJ_HQMwk3MpnB7jjozty4N7el.3pKVD8u.QQh2ayOr9EPi1456Bv
d82t0rZxQ6cT.OjfTF8NvrRXK_zM426em_lpgxPOLK6NBstNj2B_TKYuaBq2gS9V9ZYvS.Waf.hh
EUsdkG_6.L5FdzdMvJXFdlV.oaJ_3GuuNKHTmBo2A707V8p5wS9vqZGHrhTR5Xzy0PyAc9.n8Ftz
Eir6VtTO4oOz0qYdc.pwCEIhkrkFPAJNSgzgYdu__nKUXGrt2CmMTDLoOhdLEgBffoCOPAFsTJw0
41Qzixip34tBhkjRGMRHBOkAxCShDY5oqturr3TqFnK.xjR2SSJsffP.PwBR.kPUx48XhJ2Ov2wG
t6JVmMQNavz2RWWQZ8Gj6jgyJN34HKZo7Z5r0K.GzaumMpDYDr986M.Ldex60dpyX8XZUWF0tTRn
yDs8XaFj2EZqqf9Z0D2GZcx3UpSIRK.mSyO0zM04eFcarry.uIUQl4Bh.gOfLwEpdgp7BvCE40MJ
wqcVWU8Kj7X8os.w2gTxF3E3cFSyLie_feVYsSuJS0WB.VsPmc6._DBXWxHvRd0vfDBI9o6A1Cpv
MCs4DLQqkxrn1wmDa9hpZ3Qn6RPHvPLt8BKBPs8TJRWzPRClpaz0cl8TCtqinH6Xg8iBn_aLujw5
I8nt6LukEUDvIZbIkYvgCFH37qgaNG0WQoOAze2BZ5j_u7BktHKyT8MWR0hcT6zuzfByQuJa_aYE
eY1XhKZQlpbArB0.AwpABvbcKbJyd8EYmiyxp7OtzvOFWD6MUy.AMrADqPNq55YExL6LvqYZKN7v
hoNgKfZ9OXnS83gWXIogBePa3ei39oWxHZaTuS1VM.rM6DJp7Seo1HZUnxnZs9yBk6SeD4dXTgLR
yUqANx6oPa88ZsJgIJ8IfvLy7AUDngVpbnXSzKDMFtPrepf76fp6j1djE69VMgPzt9q5dew8O6oh
WbP8huQi6QzN2zOjgsMZepg768vB5vZ51xt_0bdnH.whqkA6QcQQmU3ywSgAONmed.4LwFk9X2R5
aew0wf7vwjJ0uw1DGAxguso1H91C5THndI1O0VYWqLPYhBlcQ.U7pmj43w4muxIGrJxRXiuvD5Y1
72QfrdQZpn9hhYh1i9dqZ53KhFp8.GxlC3P3zXSp6vu9jWE9UPt8hIwc_HW1afg20dJhSAcOTMIo
57G9ifud37QHFXg5E2DyCa47mHyRo8b8U0Pk5JHFQltjb2R4uYKiDN.X5.XT70q7N3t8oFT4rHFF
t1Ti6mfsSAepxt6IV4wkC8dK6N4srXnZsrFw1RCwK7tQ7v5Kh5IPqCl2y.B7Jhev2TIan1Niwt1t
8z5ejiZsQEuws88w4koqRiCe41fRXGY7Dohda6pRwuR4L86uLpCH0SkYVVF86xhqRl9byhIdhf5s
yA1l_pqrwS58Wo0hplzVuynoG9yYLKtFo20jK4PrIZBONdDXH1Xc-
X-Sonic-MF: <luangruo@HIDDEN>
X-Sonic-ID: 341fc01f-b108-41de-af3c-2db2411f8440
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic305.consmr.mail.ne1.yahoo.com with HTTP; Tue, 23 Jul 2024 15:15:22 +0000
Received: by hermes--production-sg3-85fdb5cfc8-46zq5 (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID 1060483d97207808731d269d32aa9883;
Tue, 23 Jul 2024 15:15:19 +0000 (UTC)
From: Po Lu <luangruo@HIDDEN>
In-Reply-To: <CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
(Stefan Kangas's message of "Tue, 23 Jul 2024 07:51:29 -0700")
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
<87bk2oyavb.fsf@HIDDEN>
<CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
Date: Tue, 23 Jul 2024 23:15:09 +0800
Message-ID: <877cdcxhqa.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: WebService/1.1.22501
mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
Content-Length: 2501
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)
Stefan Kangas <stefankangas@HIDDEN> writes:
> Po Lu <luangruo@HIDDEN> writes:
>
>> I'm saying that there is nothing to be done. This change is needless,
>> and the report should be closed, whatever opinions the security theater
>> might hold on the matter.
>
> I wasn't the one that started a subthread about security. You did.
>
> The primary consideration here is correctness. Undefined behaviour is
> generally undesirable, and is a source of both bugs and security issues
> in the wild. This is not "security theater", but a fact. No amount of
> handwaving or throwing expletives around will make it go away.
Why don't you begin by deleteing the undefined behavior in mark_memory?
By definition, after having executed undefined behavior once, all of the
future behavior of a C program becomes undefined. For this reason
alone, it is meaningless to speak of undefined behavior in Emacs, only
whether specific behavior produces _actual_ crashes or corruption.
> That said, since you are asking, we are indeed discussing security
> sensitive code, that is executed without prompting, for example, when
> users receive emails or browse the web. We are also discussing image
> processing, an area that is notorious for the bugs and security issues
> that tend to lurk in its many complexities. On the CWE-190 page that I
> linked, there are several examples of integer overflow in image
> processing that has lead to very real exploits. This is not some
> academic issue.
>
> Whether or not anyone has demonstrated that Emacs can be exploited using
> this vector frankly misses the point. Let's start with making Emacs
> behave correctly and predictably in the face of invalid input. This
> really is the bare minimum. Then we can discuss whether or not we have
> more work to do, security implications, and all the rest of it.
It behaves as correctly and predictably as it should: it does not crash.
> XPM being a relatively simple format, I'm sure that this code can be
> fully audited. I invite you to do so, and I'm hoping that this will
> reveal that your faith in this code is well-founded. Meanwhile, I
> reported an unrelated crash in XPM image processing in Bug#72255.
>
> Since we don't have an alternative patch, I will install the one I
> proposed in the next couple of days. Thanks.
It is correctly implemented as it stands. You are essentially proposing
to have code that has not posed difficulties be needlessly complicated
with ugly pedantic error-checking.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Eli Zaretskii <eliz@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 15:35:02 +0000
Resent-Message-ID: <handler.72245.B72245.17217488468352 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Stefan Kangas <stefankangas@HIDDEN>
Cc: luangruo@HIDDEN, 72245 <at> debbugs.gnu.org
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.17217488468352
(code B ref 72245); Tue, 23 Jul 2024 15:35:02 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 15:34:06 +0000
Received: from localhost ([127.0.0.1]:60568 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWHWg-0002Ae-4E
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 11:34:06 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34090)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <eliz@HIDDEN>) id 1sWHWb-0002A4-FU
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 11:34:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
id 1sWHWR-0005es-HK; Tue, 23 Jul 2024 11:33:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
mime-version; bh=bUfo88ym+pftAFdJomKx2ize84NtwJkxZoIExj+BPic=; b=E714PDQDyJWP
qbzG3wGyyI5NC8ChXMux+/gg9f+I0Cq5TCcOlz8cTc/3mdWHvxlM2VOVguq8pECGHBa0UwPGkuYa3
J/j8ZuhXZ7+eh70RHCrtLYefNZ8UO9B139t9JZl3oSXiNU4xBBh73txvMklh8VVe+ZTKw+Nlpzgge
KFulgZB3RtIgF9skVfK3ddkhAX2OYQPX/zU7mqtIQaRn5e3v96Oc8vWe6c+J1zOuVhTS0KvxWJXov
ljXlP3JXX6wrjF5j2wqA5asSDx9Ct0yYO+BucVAD/6l7Y6eyWA/iL4kyBR68feDugnqVQg9Jg6dTo
T0QAvIz4gh/CPF3j4ZHBEw==;
Date: Tue, 23 Jul 2024 18:33:41 +0300
Message-Id: <86wmlc86ne.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
In-Reply-To: <CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
(message from Stefan Kangas on Tue, 23 Jul 2024 07:51:29 -0700)
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
<87bk2oyavb.fsf@HIDDEN>
<CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
> Cc: 72245 <at> debbugs.gnu.org
> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Tue, 23 Jul 2024 07:51:29 -0700
>
> That said, since you are asking, we are indeed discussing security
> sensitive code, that is executed without prompting, for example, when
> users receive emails or browse the web.
Only in some MUAs, yes? For example, Rmail doesn't by default show
the images (or any other attachments), it requires a user action to do
so.
> XPM being a relatively simple format, I'm sure that this code can be
> fully audited. I invite you to do so, and I'm hoping that this will
> reveal that your faith in this code is well-founded. Meanwhile, I
> reported an unrelated crash in XPM image processing in Bug#72255.
That file doesn't cause a crash on MS-Windows, FWIW, but the code
which processes XPM images in Emacs on Windows is very different.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Eli Zaretskii <eliz@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 15:40:01 +0000
Resent-Message-ID: <handler.72245.B72245.17217491648801 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Po Lu <luangruo@HIDDEN>
Cc: 72245 <at> debbugs.gnu.org, stefankangas@HIDDEN
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.17217491648801
(code B ref 72245); Tue, 23 Jul 2024 15:40:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 15:39:24 +0000
Received: from localhost ([127.0.0.1]:60573 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWHbn-0002Hs-Rn
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 11:39:24 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45698)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <eliz@HIDDEN>) id 1sWHbj-0002Hb-4Z
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 11:39:22 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
id 1sWHbX-00074W-D6; Tue, 23 Jul 2024 11:39:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
mime-version; bh=3gLAwPIRMYzZ/SyBoSTchFIbHYZoi9YW6E8lTMqbZtc=; b=oG4XxGGA5Sit
GTgRme+Snq7VLjnp662lG/dbixD1paPeao1up7WAH7/KzVBdMYVAq9zQYm3InIU9DA0/UvxoLMz/e
c0ghcsYvyGfhF2UguZcMHX3uaukgvSfgl0OknZoNUKYr9vut2fnQLrNbIbKkvtF2vDmihfUx8dXhu
1Uq1cnPuXy5q8pMXWTnmtjh0bEMUk5VRwBC5qxTAb5emBSvJc/fqGgzvvDOUg/4btZ6hmcIBB9l3Z
PEe8HWAGnvCPhcljvLBKRKD/4CnWT10jv7DNHkNb3PYCKKsHPafti/zNtVZ99lsorI2wE8Z2/fckS
HWfF2eA46eEqd/vPrBKqEw==;
Date: Tue, 23 Jul 2024 18:39:04 +0300
Message-Id: <86v80w86ef.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
In-Reply-To: <877cdcxhqa.fsf@HIDDEN> (bug-gnu-emacs@HIDDEN)
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
<87bk2oyavb.fsf@HIDDEN>
<CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
<877cdcxhqa.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
> Cc: 72245 <at> debbugs.gnu.org
> Date: Tue, 23 Jul 2024 23:15:09 +0800
> From: Po Lu via "Bug reports for GNU Emacs,
> the Swiss army knife of text editors" <bug-gnu-emacs@HIDDEN>
>
> > Since we don't have an alternative patch, I will install the one I
> > proposed in the next couple of days. Thanks.
>
> It is correctly implemented as it stands. You are essentially proposing
> to have code that has not posed difficulties be needlessly complicated
> with ugly pedantic error-checking.
This crosses the line. Stefan is one of the Emacs co-maintainers, and
as such, it's his prerogative to decide to install code changes. You
have made your point, and abundantly so. Your opinions have been
heard and overruled. Please accept that. There's no need and no
point to say what you think time and again, let alone in harsh words.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Andreas Schwab <schwab@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 17:40:01 +0000
Resent-Message-ID: <handler.72245.B72245.172175636520037 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Eli Zaretskii <eliz@HIDDEN>
Cc: luangruo@HIDDEN, 72245 <at> debbugs.gnu.org, Stefan Kangas <stefankangas@HIDDEN>
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172175636520037
(code B ref 72245); Tue, 23 Jul 2024 17:40:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 17:39:25 +0000
Received: from localhost ([127.0.0.1]:60663 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWJTx-0005D7-3w
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 13:39:25 -0400
Received: from mail-out.m-online.net ([212.18.0.9]:51040)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <whitebox@HIDDEN>) id 1sWJTv-0005Cx-PH
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 13:39:24 -0400
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
by mail-out.m-online.net (Postfix) with ESMTP id 4WT4C96Lkbz1qsPQ;
Tue, 23 Jul 2024 19:39:17 +0200 (CEST)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.68])
by mail.m-online.net (Postfix) with ESMTP id 4WT4C94Vtfz1qqlW;
Tue, 23 Jul 2024 19:39:17 +0200 (CEST)
X-Virus-Scanned: amavis at mnet-online.de
Received: from mail.mnet-online.de ([192.168.8.182])
by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavis, port 10024)
with ESMTP id V-wjMhTchFTo; Tue, 23 Jul 2024 19:39:17 +0200 (CEST)
X-Auth-Info: q6+98l8uZ/KjthpAbEO5aM6wMRrHgVE9huEVsptosJJoGHbnMUM0hzqXh9LTXvgC
Received: from igel.home (aftr-82-135-83-133.dynamic.mnet-online.de
[82.135.83.133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mail.mnet-online.de (Postfix) with ESMTPSA;
Tue, 23 Jul 2024 19:39:16 +0200 (CEST)
Received: by igel.home (Postfix, from userid 1000)
id B85052C0BFD; Tue, 23 Jul 2024 19:39:16 +0200 (CEST)
From: Andreas Schwab <schwab@HIDDEN>
In-Reply-To: <86wmlc86ne.fsf@HIDDEN> (Eli Zaretskii's message of "Tue, 23 Jul
2024 18:33:41 +0300")
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
<87bk2oyavb.fsf@HIDDEN>
<CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
<86wmlc86ne.fsf@HIDDEN>
X-Yow: This MUST be a good party -- My RIB CAGE is being painfully
pressed up against someone's MARTINI!!
Date: Tue, 23 Jul 2024 19:39:16 +0200
Message-ID: <87msm83t4r.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
On Jul 23 2024, Eli Zaretskii wrote:
> That file doesn't cause a crash on MS-Windows, FWIW, but the code
> which processes XPM images in Emacs on Windows is very different.
The absence of a crash does not prove anything, though.
--
Andreas Schwab, schwab@HIDDEN
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."
X-Loop: help-debbugs@HIDDEN
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Resent-From: Eli Zaretskii <eliz@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN
Resent-Date: Tue, 23 Jul 2024 17:56:01 +0000
Resent-Message-ID: <handler.72245.B72245.172175730621649 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72245
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
To: Andreas Schwab <schwab@HIDDEN>
Cc: luangruo@HIDDEN, 72245 <at> debbugs.gnu.org, stefankangas@HIDDEN
Received: via spool by 72245-submit <at> debbugs.gnu.org id=B72245.172175730621649
(code B ref 72245); Tue, 23 Jul 2024 17:56:01 +0000
Received: (at 72245) by debbugs.gnu.org; 23 Jul 2024 17:55:06 +0000
Received: from localhost ([127.0.0.1]:60700 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sWJj8-0005d7-6c
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 13:55:06 -0400
Received: from eggs.gnu.org ([209.51.188.92]:50886)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <eliz@HIDDEN>) id 1sWJj7-0005bn-4S
for 72245 <at> debbugs.gnu.org; Tue, 23 Jul 2024 13:55:05 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
id 1sWJiw-00073S-HB; Tue, 23 Jul 2024 13:54:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
mime-version; bh=hssJ1uOZ80/KZhy14gmMin5b7DErFcPrwRXK59nHOfA=; b=GnpmFGXNQmCz
SMV4s5bG9iIIh75Tco64N8ZttRNpTraKhnHf2PN7T5JjsdvdRXZS6w0vMBrzR7y7+m7XjaNl+UKGc
zheXCrRN42c3A4SAuXU06Vh5Ws5Nhbbw+iHKtk+MReVioSp9zo4mmwoV+HqtFrTE0vte4aqxqIG7R
1NGHvNOTeNSZiPxMi2XQBiQLEVpeE6ZT1NJKKs0tz1eOTYR/X++zm1gtpMYSxDTwZ/F7dNPJYloa1
X7MRSYNObKzFM/0HmzUi2/za47wGJ90dW/GwuDGMS+F1pHo+/lhl1i/V/RNmpHsb7yEBzI23uppn+
KlTiyCZib8+yQGpPUn8ufA==;
Date: Tue, 23 Jul 2024 20:54:52 +0300
Message-Id: <86jzhc8043.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
In-Reply-To: <87msm83t4r.fsf@HIDDEN> (message from Andreas Schwab on Tue,
23 Jul 2024 19:39:16 +0200)
References: <CADwFkmmJBqJ7JcgcPrRkEaWhGd6GCnF2OdJ5aCVxQe_7zTt6Zw@HIDDEN>
<s54o76oooae.fsf@HIDDEN>
<CADwFkmnbt2xGfZ+J4i4x=hBxNAiCJg80_hSMy8Yafe9EPNoEBA@HIDDEN>
<87frs0ydv6.fsf@HIDDEN>
<CADwFkmkDDtfrc=ciXnbi6qQ0G7R=x7TeoO6mipWrt+e6Dhk43A@HIDDEN>
<87bk2oyavb.fsf@HIDDEN>
<CADwFkmnrkyOXg+jK8hviCJaXH5xP_9Q3Zh7YLzaPPjzZ8R120Q@HIDDEN>
<86wmlc86ne.fsf@HIDDEN> <87msm83t4r.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
> From: Andreas Schwab <schwab@HIDDEN>
> Cc: Stefan Kangas <stefankangas@HIDDEN>, luangruo@HIDDEN,
> 72245 <at> debbugs.gnu.org
> Date: Tue, 23 Jul 2024 19:39:16 +0200
>
> On Jul 23 2024, Eli Zaretskii wrote:
>
> > That file doesn't cause a crash on MS-Windows, FWIW, but the code
> > which processes XPM images in Emacs on Windows is very different.
>
> The absence of a crash does not prove anything, though.
It isn't the absence of a crash alone. I see an error message in
*Messages* saying the XPM image is invalid, and the window shows an
empty rectangle, as always with invalid images. So Emacs actually
detects that the image is invalid, announces that, and doesn't try to
show it on the screen.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.