#24751 - 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

Package: emacs;

Reported by: npostavs <at> users.sourceforge.net

Date: Fri, 21 Oct 2016 03:54:01 UTC

Severity: normal

Tags: fixed, patch

Found in version 26.0.50

Fixed in version 26.1

Done: npostavs <at> users.sourceforge.net

Bug is archived. No further changes may be made.

Message #26 received at 24751 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org> To: npostavs <at> users.sourceforge.net Cc: 24751 <at> debbugs.gnu.org Subject: Re: bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size") Date: Tue, 15 Nov 2016 18:12:09 +0200

> From: npostavs <at> users.sourceforge.net > Cc: 24751 <at> debbugs.gnu.org > Date: Mon, 14 Nov 2016 22:08:18 -0500 > > Actually, we should avoid increasing this limit if the stack wasn't > increased, right? Here's what I came up with, I think it doesn't cover > Cygwin/Windows though. > > diff --git c/src/emacs.c i/src/emacs.c > index b74df21..d4655c8 100644 > --- c/src/emacs.c > +++ i/src/emacs.c > @@ -831,8 +831,8 @@ main (int argc, char **argv) > re_max_failures, then add 33% to cover the size of the > smaller stacks that regex.c successively allocates and > discards on its way to the maximum. */ > - int ratio = 20 * sizeof (char *); > - ratio += ratio / 3; > + int min_ratio = 20 * sizeof (char *); > + int ratio = min_ratio + min_ratio / 3; > > /* Extra space to cover what we're likely to use for other reasons. */ > int extra = 200000; > @@ -869,6 +869,7 @@ main (int argc, char **argv) > > /* Don't let regex.c overflow the stack. */ > re_max_failures = lim < extra ? 0 : min (lim - extra, SIZE_MAX) / ratio; > + emacs_re_safe_alloca = re_max_failures * min_ratio; > } > #endif /* HAVE_SETRLIMIT and RLIMIT_STACK and not CYGWIN */ Right, but I have 2 comments: . we shouldn't set re_max_failures to zero if the amount of stack is less than 'extra', since in that case we will allocate the failure stack off the heap; . emacs_re_safe_alloca should have its minimum value MAX_ALLOCA, not zero, because SAFE_ALLOCA can still be used in regex.c, even though the failure stack will be malloc'ed. Thanks.

This bug report was last modified 8 years and 214 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24751 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")