Re: printf %n in editors/emacs

Sun, 29 Aug 2021 01:48:51 -0700 

%n abuse is always so crazy, it is like some developer saw a weird
thing on the shelf and just had to use it.

I am so happy we managed to change the support onto a hard failure.


Jeremie Courreges-Anglas <j...@wxcvbn.org> wrote:

> On Mon, Aug 23 2021, George Koehler <kern...@gmail.com> wrote:
> > Hi,
> >
> > When emacs-27.2p1-gtk3 catches a SIGSEGV and is in the foreground of
> > its terminal, then I get a printf %n in /var/log/messages:
> >
> > Aug 23 17:52:26 wisconsin emacs: *printf used %n: Fatal error %d: %n%s
> >
> > I first found this by accident, on OpenBSD/powerpc64, after I made a
> > wrong diff in my X server.  I caused a SIGSEGV in libX11; emacs caught
> > it and reached the %n in WRKSRC/src/emacs.c:shut_down_emacs()
> >
> > To reproduce the %n, it is enough to run "emacs" in one terminal and
> > "pkill -SEGV emacs" in another terminal.
> 
> Indeed.  Months ago I misread the #ifndef as #ifdef DOS_NT, as pointed
> out earlier by tb@.
> 
> The diff below avoids %n and simplifies the code, I'll suggest something
> similar upstream.  Tests/input/ok welcome.
> 
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/editors/emacs/Makefile,v
> retrieving revision 1.101
> diff -u -p -r1.101 Makefile
> --- Makefile  15 Jul 2021 19:26:25 -0000      1.101
> +++ Makefile  23 Aug 2021 23:08:30 -0000
> @@ -4,7 +4,7 @@ COMMENT=              GNU editor: extensible, custom
>  
>  VERSION=             27.2
>  DISTNAME=            emacs-${VERSION}
> -REVISION=            1
> +REVISION=            2
>  
>  CATEGORIES=          editors
>  
> Index: patches/patch-src_emacs_c
> ===================================================================
> RCS file: patches/patch-src_emacs_c
> diff -N patches/patch-src_emacs_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_emacs_c 23 Aug 2021 23:08:30 -0000
> @@ -0,0 +1,35 @@
> +$OpenBSD$
> +
> +Don't use printf %n.
> +
> +Index: src/emacs.c
> +--- src/emacs.c.orig
> ++++ src/emacs.c
> +@@ -2445,21 +2445,13 @@ shut_down_emacs (int sig, Lisp_Object stuff)
> +       reset_all_sys_modes ();
> +       if (sig && sig != SIGTERM)
> +     {
> +-      static char const fmt[] = "Fatal error %d: %n%s\n";
> +-      char buf[max ((sizeof fmt - sizeof "%d%n%s\n"
> +-                     + INT_STRLEN_BOUND (int) + 1),
> +-                    min (PIPE_BUF, MAX_ALLOCA))];
> ++      static char const fmt[] = "Fatal error %d: ";
> ++      char buf[sizeof fmt - strlen ("%d") + INT_STRLEN_BOUND (int) + 1];
> +       char const *sig_desc = safe_strsignal (sig);
> +-      int nlen;
> +-      int buflen = snprintf (buf, sizeof buf, fmt, sig, &nlen, sig_desc);
> +-      if (0 <= buflen && buflen < sizeof buf)
> +-        emacs_write (STDERR_FILENO, buf, buflen);
> +-      else
> +-        {
> +-          emacs_write (STDERR_FILENO, buf, nlen);
> +-          emacs_write (STDERR_FILENO, sig_desc, strlen (sig_desc));
> +-          emacs_write (STDERR_FILENO, fmt + sizeof fmt - 2, 1);
> +-        }
> ++      snprintf (buf, sizeof buf, fmt, sig);
> ++      emacs_write (STDERR_FILENO, buf, strlen (buf));
> ++      emacs_write (STDERR_FILENO, sig_desc, strlen (sig_desc));
> ++      emacs_write (STDERR_FILENO, "\n", 1);
> +     }
> +     }
> + #else
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
>

Reply via email to