[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11442: dbus uses Emacs integer as pointer, possible core dump
From: |
Michael Albinus |
Subject: |
bug#11442: dbus uses Emacs integer as pointer, possible core dump |
Date: |
Wed, 09 May 2012 17:35:49 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.1.50 (gnu/linux) |
Paul Eggert <eggert@cs.ucla.edu> writes:
Hi Paul,
> The trunk version of Emacs src/dbusbind.c contains a function
> xd_get_connection_address that does this:
>
> connection = (DBusConnection *) (intptr_t) XFASTINT (val);
>
> This converts an Emacs integer to a pointer without checking
> that it is actually of the proper C type. It is possible
> for Lisp code to mistakenly put an integer there that will
> cause Emacs to dump core.
In general, I agree with you. In the given case, it is just a pointer
address which has been written in Fdbus_init_bus. No other place is
expected to write such an address, but since it is a Lisp object,
somebody could do by mistake.
> Shouldn't this be made safe, so that Lisp code can't do that? For
> example, a DbusConnection * could be made a proper Lisp pseudovector
> or misc type or something like that. The idea is to avoid a bad
> pointer leaking into the C code.
DbusConnection * is included by <dbus/dbus.h>; we cannot make it a
private type. But if there is something we could add as "glue type",
please do. I'm not so familar with Emacs' internal type armors.
Best regards, Michael.