From: Mattias Engdegård <mattiase@acm.org>
Date: Mon, 26 Oct 2020 11:40:51 +0000 (+0100)
Subject: Don't consider play-sound-file to be a 'safe' function (bug#44018)
X-Git-Tag: emacs-28.0.90~5424
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=cdb3c9d662c772ce25ea4d803eccd2c9e6a6ae99;p=emacs.git

Don't consider play-sound-file to be a 'safe' function (bug#44018)

While there are currently no known security holes in play-sound-file,
the attack surface is considerable and historically audio file
processing has had more than its share of security problems; the
benefit to risk ratio is low.

* lisp/emacs-lisp/unsafep.el: Don't mark play-sound-file as safe.
---

diff --git a/lisp/emacs-lisp/unsafep.el b/lisp/emacs-lisp/unsafep.el
index e7077140e54..96db5c71939 100644
--- a/lisp/emacs-lisp/unsafep.el
+++ b/lisp/emacs-lisp/unsafep.el
@@ -101,7 +101,7 @@ in the parse.")
 	     ;;Macros from subr.el
 	     save-match-data unless when
 	     ;;Functions from subr.el that have side effects
-	     split-string replace-regexp-in-string play-sound-file))
+	     split-string replace-regexp-in-string))
   (put x 'safe-function t))
 
 ;;;###autoload