emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-bug-tracker] bug#8435: closed (misuse of error ("...%d...", ...)


From: GNU bug Tracking System
Subject: [Emacs-bug-tracker] bug#8435: closed (misuse of error ("...%d...", ...) on 64-bit hosts)
Date: Sun, 10 Apr 2011 17:04:02 +0000

Your message dated Sun, 10 Apr 2011 10:03:21 -0700
with message-id <address@hidden>
and subject line Re: bug#8435: misuse of error ("...%d...", ...) on 64-bit hosts
has caused the GNU bug report #8435,
regarding misuse of error ("...%d...", ...) on 64-bit hosts
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
8435: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8435
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: misuse of error ("...%d...", ...) on 64-bit hosts Date: Wed, 06 Apr 2011 12:59:09 -0700 User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110307 Fedora/3.1.9-0.39.b3pre.fc14 Thunderbird/3.1.9
In the Emacs trunk, src/dispnew.c contains this:

    error ("Device %d is not a termcap terminal device", t->id);

t->id is of type 'int', but the "error" routine formats %d as if it
were of type EMACS_INT.  This works on a typical 32-bit machine, but
on a 64-bit machine these two types have different representations,
and the above call relies on undefined behavior: it might work and it
might not.

The above bug can easily be fixed by casting t->id to EMACS_INT, but
other instances of the problem are not so easy.  For example,
src/term.c has this:

    maybe_fatal (must_succeed, terminal,
                 "Screen size %dx%d is too small",
                 "Screen size %dx%d is too small",
                 FrameCols (tty), FrameRows (tty));

where FrameCols and FrameRows return 'int'.  Here, if MUST_SUCCEED is
true, maybe_fatal calls 'printf' and works; but if MUST_SUCCEED is
false, maybe_fatal calls 'error' and might not work on a 64-bit machine.

I found these bugs by code inspection, and expect that there are
others like them.  Part of the problem is that it's confusing that
'error' treats format strings differently from 'printf'.  And partly
the problem is that there is currently no reliable way to catch common
programming mistakes like this.

I plan to fix this problem systematically, as follows.

  * Provide a convenient way to format EMACS_INT values using
    printf-like functions.

  * Change 'error' and similar functions so that they use
    printf-compatible format strings, and change their callers to
    format EMACS_INT values accordingly.

  * Mark 'error'-like functions with ATTRIBUTE_FORMAT_PRINTF, so that
    we can easily find other bugs like the above.




--- End Message ---
--- Begin Message --- Subject: Re: bug#8435: misuse of error ("...%d...", ...) on 64-bit hosts Date: Sun, 10 Apr 2011 10:03:21 -0700 User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
On 04/09/2011 01:21 PM, Eli Zaretskii wrote:
>> Date: Sat, 09 Apr 2011 12:39:59 -0700
>> From: Paul Eggert <address@hidden>
>>
>> As Emacs evolves, if we find that more lines of code are affected,
>> then the tradeoffs will change.  If that happens, it shouldn't
>> be hard to come up with a doprnt replacement that uses
>> vsnprintf internally and that also handles multibyte character
>> truncation and non-8-bit codepoints.
> 
> I'd prefer that we do this now.

OK, please feel free to do that.  To help move this along, I
resurrected src/doprnt.c in my patch, and merged it into
the trunk, along with all the other patches I've been testing
that have to do with GCC 4.6.0's static checks.  Currently
Emacs is not using src/doprnt.c but it shouldn't be hard to
refactor the code to use doprnt again if that's what you prefer.
This should result in some simplification of vsnprintf's two
callers verror and vmessage.  I still don't think it's worth
the hassle, given Emacs's current usage (but I guess you've
been warned :-).

If you take this project on, you need to fix the 64-bit related
problems in doprnt.  For example, it's not safe to copy
a string length into an 'int'.  I've mentioned other bugs
in this area, and I'm sure there are others that I haven't
mentioned (I gave up on doprnt before fully analyzing it).

I'm going to mark this bug as "done", since the bug itself
is fixed now, and we're now talking about refactoring the fix.


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]