GNU bug report logs - #21802
25.0.50; segfault in regex.c triggered by an isearch

Previous Next

Package: emacs;

Reported by: Dima Kogan <dima <at> secretsauce.net>

Date: Sun, 1 Nov 2015 09:37:02 UTC

Severity: normal

Merged with 21688

Found in version 25.0.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 21802 in the body.
You can then email your comments to 21802 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#21802; Package emacs. (Sun, 01 Nov 2015 09:37:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Dima Kogan <dima <at> secretsauce.net>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Sun, 01 Nov 2015 09:37:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Dima Kogan <dima <at> secretsauce.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 25.0.50; segfault in regex.c triggered by an isearch
Date: Sun, 01 Nov 2015 01:36:45 -0800

[Message part 1 (text/plain, inline)]
Hi. I'm running a recent emacs built from git:

  https://github.com/emacs-mirror/emacs/commit/6e2a402

I'm on a Debian machine, running the GTK build of emacs. Segfault
recipe:

1. emacs -Q /tmp/feedgnuplot (source attached)
2. M-x cperl-mode
3. C-s last if /^exit/ C-s

   Type out the string "last if /^exit/". It may crash while you're
   typing it, or it may reach the end of the string in the match on line
   431. Hit C-s again after you typed it. If it didn't crash already,
   the extra C-s makes it crash.

I haven't done any debugging other than to look at the backtrace.
Relevant chunks:

    #0  0x00007ffff03f8107 in __GI_raise (sig=sig <at> entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
    #1  0x00007ffff03f94e8 in __GI_abort () at abort.c:89
    #2  0x000000000053c3e5 in re_match_2_internal (bufp=bufp <at> entry=0xb93fc0, string1=string1 <at> entry=0x28bbca0 "#!/usr/bi:HiRes qw( usleep gettimeofday tv_interval );\nuse IO::Handle;\nuse List::Util qw( "..., size1=size1 <at> entry=0, strinrnings;\nuse Getopt::Long;\nuse Time::HiRes qw( usleep gettimeofday tv_interval );\nuse IO::Handle;\nuse List::Util
    #3  0x0000000000543b52 in re_search_2 (bufp=bufp <at> entry=0xb93fc0, str1=str1 <at> entry=0x28bbca0 "#!/usr/bin/perl\n\npackeep gettimeofday tv_interval );\nuse IO::Handle;\nuse List::Util qw( "..., size1=size1 <at> entry=0, str2=str2 <at> entry=0x2:Long;\nuse Time::HiRes qw( usleep gettimeofday tv_interval );\nuse IO::Handle;\nuse List::Util qw( "..., size2=siz
    #4  0x0000000000539522 in search_buffer (string=string <at> entry=42306836, pos=<optimized out>, pos_byte=<optimized out
        at search.c:1265
    #5  0x0000000000539e8f in search_command (string=42306836, bound=<optimized out>, noerror=44160, count=<optimized o
    #6  0x000000000053a08b in Fre_search_forward (regexp=<optimized out>, bound=<optimized out>, noerror=<optimized out

The significant-looking pieces are in regex.c and search.c.


[feedgnuplot (application/octet-stream, attachment)]
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#21802; Package emacs. (Sun, 01 Nov 2015 16:36:02 GMT) Full text and rfc822 format available.

Message #8 received at 21802 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Dima Kogan <dima <at> secretsauce.net>
Cc: 21802 <at> debbugs.gnu.org
Subject: Re: bug#21802: 25.0.50; segfault in regex.c triggered by an isearch
Date: Sun, 01 Nov 2015 18:34:52 +0200

> From: Dima Kogan <dima <at> secretsauce.net>
> Date: Sun, 01 Nov 2015 01:36:45 -0800
> 
> Hi. I'm running a recent emacs built from git:
> 
>   https://github.com/emacs-mirror/emacs/commit/6e2a402
> 
> I'm on a Debian machine, running the GTK build of emacs. Segfault
> recipe:
> 
> 1. emacs -Q /tmp/feedgnuplot (source attached)
> 2. M-x cperl-mode
> 3. C-s last if /^exit/ C-s
> 
>    Type out the string "last if /^exit/". It may crash while you're
>    typing it, or it may reach the end of the string in the match on line
>    431. Hit C-s again after you typed it. If it didn't crash already,
>    the extra C-s makes it crash.

Isn't this a duplicate of 21688?
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#21802; Package emacs. (Sun, 01 Nov 2015 18:06:01 GMT) Full text and rfc822 format available.

Message #11 received at 21802 <at> debbugs.gnu.org (full text, mbox):

From: Dima Kogan <dima <at> secretsauce.net>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 21802 <at> debbugs.gnu.org
Subject: Re: bug#21802: 25.0.50; segfault in regex.c triggered by an isearch
Date: Sun, 01 Nov 2015 10:05:12 -0800

Eli Zaretskii <eliz <at> gnu.org> writes:

> Isn't this a duplicate of 21688?

It looks similar, yes. I did look for duplicates before filing, but it
looks like I didn't do a very good job of that. Sorry about that
Merged 21688 21802. Request was from Dima Kogan <dima <at> secretsauce.net> to control <at> debbugs.gnu.org. (Sun, 01 Nov 2015 18:08:02 GMT) Full text and rfc822 format available.
Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 21 Nov 2015 22:25:01 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 23 Dec 2015 12:24:03 GMT) Full text and rfc822 format available.
This bug report was last modified 9 years and 238 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.