[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27585: segfault when evaluating a file containing only backticks
|
From: |
Steve Kemp |
|
Subject: |
bug#27585: segfault when evaluating a file containing only backticks |
|
Date: |
Wed, 05 Jul 2017 06:21:10 +0000 |
I've recently started fuzzing GNU Emacs, using the current git sources.
During the course of that work I stumbled upon this easily reproduced bug:
deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t.el
deagol ~ $ /usr/bin/emacs --batch --script ./t.el
..
Segmentation fault (core dumped)
(So I'm trying to call "emacs --batch --script $file" where the file
contains thousands of repeated backtick-characters.)
Because I've built from source I can see this backtrace:
#5 handle_sigsegv (sig=11, siginfo=<optimized out>, arg=<optimized out>)
at sysdep.c:1811
#6 <signal handler called>
#7 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc661e010, first_in_list=first_in_list@entry=false)
at lread.c:2923
#8 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#9 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc66220c0, first_in_list=first_in_list@entry=false)
at lread.c:3149
#10 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#11 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc6626170, first_in_list=first_in_list@entry=false)
at lread.c:3149
#12 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#13 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc662a220, first_in_list=first_in_list@entry=false)
at lread.c:3149
#14 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#15 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc662e2d0, first_in_list=first_in_list@entry=false)
at lread.c:3149
#16 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#17 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc6632380, first_in_list=first_in_list@entry=false)
at lread.c:3149
#18 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#19 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc6636430, first_in_list=first_in_list@entry=false)
at lread.c:3149
#20 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220
#21 read1 (readcharfun=readcharfun@entry=35581829,
pch=pch@entry=0x7ffcc663a4e0, first_in_list=first_in_list@entry=false)
at lread.c:3149
....
I've replicated this upon the package of GNU Emacs as available to
the old-stable/jessie release of Debian GNU/Linux, which identifies
itself as:
In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.14.5)
of 2016-03-19 on trouble, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11604000
System Description: Debian GNU/Linux 8.8 (jessie)
Configured using:
`configure --build x86_64-linux-gnu --prefix=/usr
--sharedstatedir=/var/lib --libexecdir=/usr/lib
--localstatedir=/var/lib --infodir=/usr/share/info
--mandir=/usr/share/man --with-pop=yes
--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp
--build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib
--libexecdir=/usr/lib --localstatedir=/var/lib
--infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes
--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp
--with-x=yes --with-x-toolkit=gtk3 --with-toolkit-scroll-bars
'CFLAGS=-g -O2 -fstack-protector-strong -Wformat
-Werror=format-security -Wall' CPPFLAGS=-D_FORTIFY_SOURCE=2
LDFLAGS=-Wl,-z,relro'
My current-git build reports as:
In GNU Emacs 26.0.50 (build 1, x86_64-pc-linux-gnu)
of 2017-07-05 built on kernel.default.skx.uk0.bigv.io
Repository revision: 5d62247323f53f3ae9c7d9f51e951635887b2fb6
Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
Making completion list...
Configured using:
'configure --prefix=/tmp/emacs/ --without-makeinfo --with-gnutls=no'
Configured features:
SOUND NOTIFY ZLIB
Important settings:
value of $LC_ALL: en_US.UTF8
value of $LANG: en_GB.UTF-8
locale-coding-system: utf-8-unix
"Obviously" this same bug can be reproduced inside emacs:
1. Open Emacs.
2. Create a new buffer.
3. Fill the buffer with `
4. Ctrl-x h
5. M-x eval-region
Steve
--
https://www.steve.org.uk/
- bug#27585: segfault when evaluating a file containing only backticks,
Steve Kemp <=
- bug#27585: segfault when evaluating a file containing only backticks, Andreas Schwab, 2017/07/05
- bug#27585: segfault when evaluating a file containing only backticks, Eli Zaretskii, 2017/07/05
- bug#27585: segfault when evaluating a file containing only backticks, Steve Kemp, 2017/07/05
- bug#27585: segfault when evaluating a file containing only backticks, Eli Zaretskii, 2017/07/05
- bug#27585: segfault when evaluating a file containing only backticks, Steve Kemp, 2017/07/05
- bug#27585: segfault when evaluating a file containing only backticks, Eli Zaretskii, 2017/07/06
- bug#27585: segfault when evaluating a file containing only backticks, Steve Kemp, 2017/07/06
- bug#27585: segfault when evaluating a file containing only backticks, Eli Zaretskii, 2017/07/06
- bug#27585: segfault when evaluating a file containing only backticks, Andreas Schwab, 2017/07/06