[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#63063: CVE-2021-36699 report
From: |
Eli Zaretskii |
Subject: |
bug#63063: CVE-2021-36699 report |
Date: |
Tue, 25 Apr 2023 10:55:36 +0300 |
> From: Po Lu <luangruo@yahoo.com>
> Cc: fuomag9 <fuo@fuo.fi>, 63063@debbugs.gnu.org
> Date: Tue, 25 Apr 2023 15:24:31 +0800
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> > Please tell more about the buffer overflow: where does it happen in
> > the Emacs sources, which buffer overflows, and why. I cannot find
> > these details in your report.
>
> It happens because the dump file is deliberately edited to be invalid.
I didn't ask about the root cause, I asked about the details of the
problem: where it happens in our sources, and what exactly happens.
> It is not a dump file that Emacs will generate under any circumstance,
> and as such it's not a bug; by the same means, a pointer to an invalid
> Lisp object could be created, causing a similar crash. Emacs is not
> expected to operate from a corrupt dump file any more than it is
> expected to operate from a corrupt executable.
Noted. But please let me make up my own mind about this issue, once I
understand the details. OK?
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report,
Eli Zaretskii <=
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, lux, 2023/04/25