GNU bug report logs - #22146
Stack overflow in reftex-parse-all

Previous Next

Package: auctex;

Reported by: Nils Kanning <nils <at> kanning.de>

Date: Fri, 11 Dec 2015 21:19:02 UTC

Severity: normal

Done: Tassilo Horn <tsdh <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Tassilo Horn <tsdh <at> gnu.org>
To: Mosè Giordano <mose <at> gnu.org>
Cc: Nils Kanning <nils <at> kanning.de>, 22146 <at> debbugs.gnu.org, David Kastrup <dak <at> gnu.org>
Subject: bug#22146: Stack overflow in reftex-parse-all
Date: Sun, 13 Dec 2015 18:46:45 +0100

Mosè Giordano <mose <at> gnu.org> writes:

>>>>     (re-search-forward "\\[[^]]*\\<label")
>>>>
>>>> at the beginning of the buffer suggested by Nils.  So, it doesn't
>>>> seem there is an incomplete match, but simply "\\[[^]]*" is too
>>>> greedy.
>>>
>>> This expression contains only a single explicit wildcard.  A stack
>>> overflow for it most certainly is a bug.  Is this really fixed in
>>> 25.1 or is there just a larger stack?
>>
>> I also get a stack overflow with this starting with a buffer size of
>> about 800 lines.  But I can run
>>
>>   (re-search-forward reftex-everything-regexp nil t)
>>
>> without problems even after adding 100.000 more "foo foo foo..."
>> lines to the test file...
>
> Uh, in Emacs 24.5
>
>     (re-search-forward "\\[[^]]*\\<label" nil t)
>
> throws the stack overflow error, indeed I tested also this
> possibility.  So are you saying that in Emacs 25.1 the noerror option
> prevents stack overflow?

No, in Emacs 25 the regexp was broken in a way that its meaning was not
"[ and then many times something different than ]" but "[, then not
another [, and then zero or many times a ]".  Now that I fixed the
regexp again, Emacs 25 breaks in the same way.

> Anyway, how about my suggestion to use
>
>     "\\[[^]]\{0,1000\}\\<label"
>
> ?  1000 characters are 12.5 80-column-wide lines, I think it's large enough.

Isn't the syntax "\\[[^]]\\{0,1000\\}\\<label"?  I tried going up to a
maximum of 30000 and it still didn't overflow, so I think that's an
appropriate fix (say, maybe 2000 instead of 1000 to be extra safe).
Feel free to change `reftex-label-regexps' accordingly.

Interestingly, "x\\{0,40000\\}" gives an error:

  (invalid-regexp "Invalid content of \\{\\}")

So there seems to be a (pretty random) limit...

Bye,
Tassilo
This bug report was last modified 9 years and 163 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.