GNU bug report logs - #22310
Segmentation fault in regular expression matcher

Previous Next

Package: emacs;

Reported by: Ben Gamari <ben <at> smart-cactus.org>

Date: Tue, 5 Jan 2016 12:17:02 UTC

Severity: normal

Tags: moreinfo

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#22310: closed (Segmentation fault in regular expression matcher)
Date: Thu, 07 Jan 2016 16:15:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Thu, 07 Jan 2016 18:14:28 +0200
with message-id <837fjl2wpn.fsf <at> gnu.org>
and subject line Re: bug#22310: Segmentation fault in regular expression matcher
has caused the debbugs.gnu.org bug report #22310,
regarding Segmentation fault in regular expression matcher
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
22310: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22310
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Ben Gamari <ben <at> smart-cactus.org>
To: bug-gnu-emacs <at> gnu.org
Subject: Segmentation fault in regular expression matcher
Date: Tue, 05 Jan 2016 13:15:54 +0100

[Message part 3 (text/plain, inline)]

While editing a Markdown document with markdown-mode and revision
138480a97bfc1104143b5fc10dfc962b95b78ae8 I encountered this segmentation
fault,

Program received signal SIGSEGV, Segmentation fault.
0x0000000000538ae8 in re_match_2_internal (bufp=bufp <at> entry=0xb8f398 <searchbufs+2552>,
    string1=string1 <at> entry=0x53b1200 "---\ntitle: Understanding GHC Core\ndate: 2015-11-29\ntags: ghc,core,work-in-progress\ndescription: Everything you really need to know to understand GHC's Core\n---\n**This document is a work-in-progress.**"..., size1=size1 <at> entry=1782,
    string2=string2 <at> entry=0x53b20d1 "\n\n`cast`\n\n`Sym`\n\n`Sub`\n\n`<ty>_R` is a type parameter with representational role. Roughly speaking this\nmeans that given a type constructor `T` and types `A` and `B`, `T <A>_R` and `T\n<B>_R` are repres"..., size2=size2 <at> entry=9296, pos=pos <at> entry=4281,
    regs=0xb8e970 <search_regs>, stop=11078) at regex.c:5556
5556		  PUSH_FAILURE_REG (*p);
(gdb) bt
#0  0x0000000000538ae8 in re_match_2_internal (bufp=bufp <at> entry=0xb8f398 <searchbufs+2552>,
    string1=string1 <at> entry=0x53b1200 "---\ntitle: Understanding GHC Core\ndate: 2015-11-29\ntags: ghc,core,work-in-progress\ndescription: Everything you really need to know to understand GHC's Core\n---\n**This document is a work-in-progress.**"..., size1=size1 <at> entry=1782,
    string2=string2 <at> entry=0x53b20d1 "\n\n`cast`\n\n`Sym`\n\n`Sub`\n\n`<ty>_R` is a type parameter with representational role. Roughly speaking this\nmeans that given a type constructor `T` and types `A` and `B`, `T <A>_R` and `T\n<B>_R` are repres"..., size2=size2 <at> entry=9296, pos=pos <at> entry=4281,
    regs=0xb8e970 <search_regs>, stop=11078) at regex.c:5556
#1  0x000000000053dd18 in re_search_2 (bufp=bufp <at> entry=0xb8f398 <searchbufs+2552>,
    str1=str1 <at> entry=0x53b1200 "---\ntitle: Understanding GHC Core\ndate: 2015-11-29\ntags: ghc,core,work-in-progress\ndescription: Everything you really need to know to understand GHC's Core\n---\n**This document is a work-in-progress.**"..., size1=size1 <at> entry=1782,
    str2=str2 <at> entry=0x53b20d1 "\n\n`cast`\n\n`Sym`\n\n`Sub`\n\n`<ty>_R` is a type parameter with representational role. Roughly speaking this\nmeans that given a type constructor `T` and types `A` and `B`, `T <A>_R` and `T\n<B>_R` are repres"..., size2=size2 <at> entry=9296, startpos=4281, startpos <at> entry=2198,
    range=6797, regs=0xb8e970 <search_regs>, stop=11078) at regex.c:4446
#2  0x00000000005337c2 in search_buffer (string=string <at> entry=131546964, pos=<optimized out>, pos_byte=<optimized out>, lim=lim <at> entry=11051, lim_byte=lim_byte <at> entry=11079, n=1, RE=1, trt=0, inverse_trt=0, posix=false) at search.c:1265
#3  0x000000000053412c in search_command (string=131546964, bound=<optimized out>, noerror=44256, count=<optimized out>, direction=direction <at> entry=1, RE=RE <at> entry=1, posix=false) at search.c:1058
#4  0x0000000000534317 in Fre_search_forward (regexp=<optimized out>, bound=<optimized out>, noerror=<optimized out>, count=<optimized out>) at search.c:2243
#5  0x00000000005618bb in Ffuncall (nargs=4, args=args <at> entry=0x7fffffffba10) at eval.c:2661
#6  0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=77647541, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=6, args=<optimized out>, args <at> entry=0x3cfea84) at bytecode.c:880
#7  0x0000000000561434 in funcall_lambda (fun=140737488338080, nargs=nargs <at> entry=6, arg_vector=0x3cfea84, arg_vector <at> entry=0x7fffffffbbf8) at eval.c:2810
#8  0x00000000005616eb in Ffuncall (nargs=7, args=args <at> entry=0x7fffffffbbf0) at eval.c:2711
#9  0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=77647797, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=3, args=<optimized out>, args <at> entry=0x4433454) at bytecode.c:880
#10 0x0000000000561434 in funcall_lambda (fun=140737488338528, nargs=nargs <at> entry=3, arg_vector=0x4433454, arg_vector <at> entry=0x7fffffffbdd8) at eval.c:2810
#11 0x00000000005616eb in Ffuncall (nargs=4, args=args <at> entry=0x7fffffffbdd0) at eval.c:2711
#12 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=72559893, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=2, args=<optimized out>, args <at> entry=0x44337f4) at bytecode.c:880
#13 0x0000000000561434 in funcall_lambda (fun=140737488339296, nargs=nargs <at> entry=2, arg_vector=0x44337f4, arg_vector <at> entry=0x7fffffffbf78) at eval.c:2810
#14 0x00000000005616eb in Ffuncall (nargs=nargs <at> entry=3, args=0x7fffffffbf70) at eval.c:2711
#15 0x0000000000562ab0 in Fapply (nargs=<optimized out>, args=0x7fffffffc0d8) at eval.c:2278
#16 0x00000000005617f1 in Ffuncall (nargs=3, args=args <at> entry=0x7fffffffc0d0) at eval.c:2630
#17 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62636509, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=2, args=<optimized out>, args <at> entry=0x3bc24f4) at bytecode.c:880
#18 0x0000000000561434 in funcall_lambda (fun=140737488339840, nargs=nargs <at> entry=2, arg_vector=0x3bc24f4, arg_vector <at> entry=0x7fffffffc288) at eval.c:2810
#19 0x00000000005616eb in Ffuncall (nargs=3, args=args <at> entry=0x7fffffffc280) at eval.c:2711
#20 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62667277, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=1, args=<optimized out>, args <at> entry=0x3bcc884) at bytecode.c:880
#21 0x0000000000561434 in funcall_lambda (fun=140737488340336, nargs=nargs <at> entry=1, arg_vector=0x3bcc884, arg_vector <at> entry=0x7fffffffc4c0) at eval.c:2810
#22 0x00000000005616eb in Ffuncall (nargs=2, args=args <at> entry=0x7fffffffc4b8) at eval.c:2711
#23 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62667053, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=1, args=<optimized out>, args <at> entry=0x3bcc634) at bytecode.c:880
#24 0x0000000000561434 in funcall_lambda (fun=140737488340768, nargs=nargs <at> entry=1, arg_vector=0x3bcc634, arg_vector <at> entry=0x7fffffffc6b0) at eval.c:2810
#25 0x00000000005616eb in Ffuncall (nargs=2, args=args <at> entry=0x7fffffffc6a8) at eval.c:2711
#26 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62721789, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=0, args=<optimized out>, args <at> entry=0x3bd2254) at bytecode.c:880
#27 0x0000000000561434 in funcall_lambda (fun=140737488341168, nargs=nargs <at> entry=0, arg_vector=0x3bd2254, arg_vector <at> entry=0x7fffffffc840) at eval.c:2810
#28 0x00000000005616eb in Ffuncall (nargs=1, args=args <at> entry=0x7fffffffc838) at eval.c:2711
#29 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62722053, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=0, args=<optimized out>, args <at> entry=0x3bd2aa4) at bytecode.c:880
#30 0x0000000000561434 in funcall_lambda (fun=140737488341584, nargs=nargs <at> entry=0, arg_vector=0x3bd2aa4, arg_vector <at> entry=0x7fffffffc9d0) at eval.c:2810
#31 0x00000000005616eb in Ffuncall (nargs=1, args=args <at> entry=0x7fffffffc9c8) at eval.c:2711
#32 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62668853, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=0, args=<optimized out>, args <at> entry=0x3bd0044) at bytecode.c:880
#33 0x0000000000561434 in funcall_lambda (fun=140737488342016, nargs=nargs <at> entry=0, arg_vector=0x3bd0044, arg_vector <at> entry=0x7fffffffcb90) at eval.c:2810
#34 0x00000000005616eb in Ffuncall (nargs=1, args=args <at> entry=0x7fffffffcb88) at eval.c:2711
#35 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=62668741, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs <at> entry=4, args=<optimized out>, args <at> entry=0x3bcfe54) at bytecode.c:880
#36 0x0000000000561434 in funcall_lambda (fun=140737488342800, nargs=nargs <at> entry=4, arg_vector=0x3bcfe54, arg_vector <at> entry=0x7fffffffcd18) at eval.c:2810
#37 0x00000000005616eb in Ffuncall (nargs=nargs <at> entry=5, args=0x7fffffffcd10) at eval.c:2711
#38 0x0000000000562ab0 in Fapply (nargs=<optimized out>, args=0x7fffffffce80) at eval.c:2278
#39 0x00000000005617f1 in Ffuncall (nargs=3, args=args <at> entry=0x7fffffffce78) at eval.c:2630
#40 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>, vector=10135853, maxdepth=<optimized out>, args_template=args_template <at> entry=0, nargs=nargs <at> entry=0, args=<optimized out>, args <at> entry=0x0) at bytecode.c:880
#41 0x000000000056130f in funcall_lambda (fun=10135773, nargs=nargs <at> entry=1, arg_vector=arg_vector <at> entry=0x7fffffffd098) at eval.c:2876
#42 0x00000000005616eb in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0x7fffffffd090) at eval.c:2711
#43 0x00000000005619ea in call1 (fn=fn <at> entry=45072, arg1=arg1 <at> entry=131352045) at eval.c:2509
#44 0x00000000004f3e98 in timer_check_2 (idle_timers=<optimized out>, timers=<optimized out>) at keyboard.c:4400
#45 timer_check () at keyboard.c:4462
#46 0x00000000004f4279 in readable_events (flags=flags <at> entry=1) at keyboard.c:3304
#47 0x00000000004f5a48 in get_input_pending (flags=flags <at> entry=1) at keyboard.c:6690
#48 0x00000000004f8198 in detect_input_pending_run_timers (do_display=do_display <at> entry=true) at keyboard.c:9821
#49 0x00000000005a15c8 in wait_reading_process_output (time_limit=time_limit <at> entry=30, nsecs=nsecs <at> entry=0, read_kbd=read_kbd <at> entry=-1, do_display=do_display <at> entry=true, wait_for_cell=wait_for_cell <at> entry=0, wait_proc=wait_proc <at> entry=0x0, just_wait_proc=0) at process.c:4963
#50 0x0000000000422da2 in sit_for (timeout=<optimized out>, reading=reading <at> entry=true, display_option=display_option <at> entry=1) at dispnew.c:5751
#51 0x00000000004fa96e in read_char (commandflag=commandflag <at> entry=1, map=map <at> entry=131412451, prev_event=0, used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffdd2b, end_time=end_time <at> entry=0x0) at keyboard.c:2694
#52 0x00000000004fb2c4 in read_key_sequence (keybuf=keybuf <at> entry=0x7fffffffde00, prompt=prompt <at> entry=0, dont_downcase_last=dont_downcase_last <at> entry=false, can_return_switch_frame=can_return_switch_frame <at> entry=true, fix_current_buffer=fix_current_buffer <at> entry=true, prevent_redisplay=prevent_redisplay <at> entry=false,
    bufsize=30) at keyboard.c:9022
#53 0x00000000004fce2e in command_loop_1 () at keyboard.c:1343
#54 0x000000000055fe97 in internal_condition_case (bfun=bfun <at> entry=0x4fcc20 <command_loop_1>, handlers=handlers <at> entry=18912, hfun=hfun <at> entry=0x4f3550 <cmd_error>) at eval.c:1309
#55 0x00000000004eea8c in command_loop_2 (ignore=ignore <at> entry=0) at keyboard.c:1086
#56 0x000000000055fd8b in internal_catch (tag=tag <at> entry=45648, func=func <at> entry=0x4eea70 <command_loop_2>, arg=arg <at> entry=0) at eval.c:1073
#57 0x00000000004eea49 in command_loop () at keyboard.c:1065
#58 0x00000000004f313b in recursive_edit_1 () at keyboard.c:671
#59 0x00000000004f3488 in Frecursive_edit () at keyboard.c:742
#60 0x0000000000418dce in main (argc=1, argv=0x7fffffffe198) at emacs.c:1652
(gdb) print regs[0]
$3 = {num_regs = 30, start = 0xfdf650, end = 0xfdf750}

Unfortunately this is about all I was able to scrape out of the
procedure's local state, knowing little about the internals of the
matcher.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Eli Zaretskii <eliz <at> gnu.org>
To: Ben Gamari <ben <at> smart-cactus.org>
Cc: 22310-done <at> debbugs.gnu.org
Subject: Re: bug#22310: Segmentation fault in regular expression matcher
Date: Thu, 07 Jan 2016 18:14:28 +0200

> From: Ben Gamari <ben <at> smart-cactus.org>
> Date: Thu, 07 Jan 2016 15:26:37 +0100
> 
> Ben Gamari <ben <at> smart-cactus.org> writes:
> 
> > While editing a Markdown document with markdown-mode and revision
> > 138480a97bfc1104143b5fc10dfc962b95b78ae8 I encountered this segmentation
> > fault,
> >
> Indeed this appears to be fixed as of 61e83e902b388490b609677a76f3d49740439f24.

Great, thanks for testing.  I'm therefore closing this bug.

This bug report was last modified 9 years and 198 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #22310 Segmentation fault in regular expression matcher

GNU bug report logs - #22310
Segmentation fault in regular expression matcher