[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#40913: 24.5; Crash on open of file
From: |
Jason Gibson |
Subject: |
bug#40913: 24.5; Crash on open of file |
Date: |
Tue, 28 Apr 2020 10:40:39 -0700 |
>> Since this would seem to be a good vector for remote buffer overflow, it
>> might make sense to backport this to prior releases.
>
> There's no practical way for us to do so, since we do not intend to
> put out any new releases of Emacs before 27. Emacs 27.1 will be
> released soon, and this problem will be fixed there.
>
> It is also worth noting that the use case where this bug can rear its
> ugly head is quite rare. Most sequences of composed characters are
> very short, and the way we allocate the buffers for them always
> allocates more than strictly needed, which is why this bug, although
> blatant, went unnoticed for a very long time. You just happened to
> hit a file which (being in fact just a stream of binary bytes) looked
> to Emacs as a long sequence of characters all of which should be
> composed, and that sequence overflowed the allocated buffer by many
> hundreds of bytes, thus triggering memory corruption.
Sounds good, thanks for the explanations.
This e-mail may contain information that is privileged or confidential. If you
are not the intended recipient, please delete the e-mail and any attachments
and notify us immediately.