emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] emacs-25 9afea93: Attempt to catch reads from a buffer tha

From: Eli Zaretskii
Subject: [Emacs-diffs] emacs-25 9afea93: Attempt to catch reads from a buffer that is relocated
Date: Sun, 23 Oct 2016 13:55:19 +0000 (UTC) 
branch: emacs-25
commit 9afea93ed536fb9110ac62b413604cf4c4302199
Author: Eli Zaretskii <address@hidden>
Commit: Eli Zaretskii <address@hidden>

    Attempt to catch reads from a buffer that is relocated
    
    * src/xml.c (parse_region): Add assertion to ensure buffer text is
    not relocated while libxml2 is reading it.  (Bug#24764)
---
 src/xml.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/xml.c b/src/xml.c
index b1175d1..1ef84bd 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -181,6 +181,7 @@ parse_region (Lisp_Object start, Lisp_Object end, 
Lisp_Object base_url,
   Lisp_Object result = Qnil;
   const char *burl = "";
   ptrdiff_t istart, iend, istart_byte, iend_byte;
+  unsigned char *buftext;
 
   xmlCheckVersion (LIBXML_VERSION);
 
@@ -200,18 +201,24 @@ parse_region (Lisp_Object start, Lisp_Object end, 
Lisp_Object base_url,
       burl = SSDATA (base_url);
     }
 
+  buftext = BYTE_POS_ADDR (istart_byte);
   if (htmlp)
-    doc = htmlReadMemory ((char *) BYTE_POS_ADDR (istart_byte),
+    doc = htmlReadMemory ((char *)buftext,
                          iend_byte - istart_byte, burl, "utf-8",
                          HTML_PARSE_RECOVER|HTML_PARSE_NONET|
                          HTML_PARSE_NOWARNING|HTML_PARSE_NOERROR|
                          HTML_PARSE_NOBLANKS);
   else
-    doc = xmlReadMemory ((char *) BYTE_POS_ADDR (istart_byte),
+    doc = xmlReadMemory ((char *)buftext,
                         iend_byte - istart_byte, burl, "utf-8",
                         XML_PARSE_NONET|XML_PARSE_NOWARNING|
                         XML_PARSE_NOBLANKS |XML_PARSE_NOERROR);
 
+  /* If the assertion below fails, malloc was called inside the above
+     libxml2 functions, and ralloc.c caused relocation of buffer text,
+     so we could have read from unrelated memory.  */
+  eassert (buftext == BYTE_POS_ADDR (istart_byte));
+
   if (doc != NULL)
     {
       Lisp_Object r = Qnil;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]