[Originally sent 19 Mar and then again 27 Mar 2014, but I think I
accidentally sent HTML email, so both copies are probably sitting in
the spam trap.]
I just received a bug report for the Fedora build of XEmacs:
https://bugzilla.redhat.com/show_bug.cgi?id=1078159
What seems to have happened is that determine_real_coding_system
(file-coding.c) was called, and tried to read some data from the
lstream. However, Lstream_read encountered an error of some kind, I
don't know what. This resulted in an empty buffer, and nread == -1.
We then proceeded to pass the empty buffer and the count of -1 to
detect_coding_type, which used the count of -1 to justify walking off
the end of allocated memory, thereby triggering a segfault.
We need to notice the Lstream_read failure and bail out of
determine_real_coding_system. Would something like this be
appropriate?
diff -r 9fae6227ede5 src/ChangeLog
--- a/src/ChangeLog Thu Mar 27 08:59:03 2014 -0600
+++ b/src/ChangeLog Thu Mar 27 09:32:53 2014 -0600
@@ -1,3 +1,10 @@
+2014-03-27 Jerry James <james(a)xemacs.org>
+
+ * file-coding.c (encode_decode_coding_region): Bail out if
+ Lstream_read encounters an error (returns -1).
+ (determine_real_coding_system): Ditto.
+ (Ffind_coding_system_magic_cookie_in_file): Ditto.
+
2014-01-27 Michael Sperber <mike(a)xemacs.org>
* symbols.c (Fdefine_function): Allow optional `docstring'
diff -r 9fae6227ede5 src/file-coding.c
--- a/src/file-coding.c Thu Mar 27 08:59:03 2014 -0600
+++ b/src/file-coding.c Thu Mar 27 09:32:53 2014 -0600
@@ -2294,7 +2294,7 @@
Bytecount size_in_bytes =
Lstream_read (istr, tempbuf, sizeof (tempbuf));
- if (!size_in_bytes)
+ if (size_in_bytes <= 0)
break;
newpos = lisp_buffer_stream_startpos (istr);
Lstream_write (ostr, tempbuf, size_in_bytes);
@@ -3863,24 +3863,32 @@
make_opaque_ptr (st));
UExtbyte buf[4096];
Bytecount nread = Lstream_read (stream, buf, sizeof (buf));
- Lisp_Object coding_system
- = look_for_coding_system_magic_cookie (buf, nread, 1);
-
- if (NILP (coding_system))
+ Lisp_Object coding_system;
+
+ if (nread > 0)
{
- while (1)
+ coding_system = look_for_coding_system_magic_cookie (buf, nread, 1);
+
+ if (NILP (coding_system))
{
- if (detect_coding_type (st, buf, nread))
- break;
- nread = Lstream_read (stream, buf, sizeof (buf));
- if (nread == 0)
- break;
+ while (1)
+ {
+ if (detect_coding_type (st, buf, nread))
+ break;
+ nread = Lstream_read (stream, buf, sizeof (buf));
+ if (nread <= 0)
+ break;
+ }
+
+ coding_system = detected_coding_system (st);
}
- coding_system = detected_coding_system (st);
+ Lstream_rewind (stream);
}
-
- Lstream_rewind (stream);
+ else
+ {
+ coding_system = Qnil;
+ }
unbind_to (depth);
return coding_system;
@@ -4315,7 +4323,9 @@
Lstream_delete (XLSTREAM (lstream));
retry_close (fd);
- return look_for_coding_system_magic_cookie (buf, nread, 0);
+ return (nread > 0)
+ ? look_for_coding_system_magic_cookie (buf, nread, 0)
+: Qnil;
}
--
Jerry James
http://www.jamezone.org/
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://lists.xemacs.org/mailman/listinfo/xemacs-beta