bug#15648: 24.2.50; gnutls SSL connection to IMAP server causes emacs to crash completely, bug#15648: 24.2.50; gnutls SSL connection to IMAP server causes emacs to crash completely

[Eli Zaretskii]

> From: <emacs@kosowsky.org>
> Date: Thu, 24 Oct 2013 23:17:38 -0400
> Cc: emacs@kosowsky.org, tzz@lifelogs.com, 15648@debbugs.gnu.org
> 
> Thread 1 (Thread 124728.0x31b44):
> #0  0x6d099192 in _gnutls_record_buffer_get_size ()
>    from C:\kosowsky\bin\libgnutls-28.dll
> #1  0x6d0995c8 in gnutls_record_check_pending ()
>    from C:\kosowsky\bin\libgnutls-28.dll
> #2  0x01015e15 in wait_reading_process_output ()
> #3  0x0088e7d8 in ?? ()
> (gdb)

Thanks, this tells everything, I think.

Ted, could you please help me out a bit here?  I think I understand
what is going on: we are passing a NULL session to
gnutls_record_check_pending.  What happens next is predictable:
gnutls_record_check_pending calls _gnutls_record_buffer_get_size,
which does this:

  return session->internals.record_buffer.byte_length;

I.e., it dereferences a NULL pointer.

However, to find the best place where to fix this in Emacs, could you
please help me understand in more detail what happens in this case?  I
imagine that gnutls-boot is called with the parameters that specify a
certificate file that GnuTLS cannot access.  But why isn't this caught
inside gnutls-boot, and how come we allow a NULL gnutls_state be
plugged into the process object?  This fragment from gnutls-boot:

  GNUTLS_LOG (1, max_log_level, "gnutls_init");
  ret = fn_gnutls_init (&state, GNUTLS_CLIENT);
  XPROCESS (proc)->gnutls_state = state;
  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

ought to fail.  The bug report cites this error message:

  GnuTLS error: #<proces IMAP over SSL>, -64

Is that error the result of the above error checking?  If so, perhaps
the problem is that we leave the process object marked as a GnuTLS
process, but with a NULL state?  Should we remove the mark, or maybe
delete the process object in gnutls-negotiate?

Thanks.