GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

Previous Next

Full log

View this message in rfc822 format

From: npostavs <at> users.sourceforge.net
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 24751 <at> debbugs.gnu.org
Subject: bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")
Date: Sun, 01 Jan 2017 13:33:35 -0500

Eli Zaretskii <eliz <at> gnu.org> writes:
>> 
>> /* Define MATCH_MAY_ALLOCATE unless we need to make sure that the
>>    searching and matching functions should not call alloca.  On some
>>    systems, alloca is implemented in terms of malloc, and if we're
>>    using the relocating allocator routines, then malloc could cause a
>>    relocation, which might (if the strings being searched are in the
>>    ralloc heap) shift the data out from underneath the regexp
>>    routines.
>> 
>>    [...]
>
> The first part is not obsolete, but its reasoning is backwards:
> SAFE_ALLOCA indeed can call malloc, but it could only cause relocation
> if REGEX_MALLOC is defined (and ralloc.c is compiled in).  And when
> you define REGEX_MALLOC, MATCH_MAY_ALLOCATE is undefined.  So the text
> there should be revised.

Is there ever any case where REGEX_MALLOC is defined?  I can't see where
it happens.  I don't understand why you say relocation is dependent on
REGEX_MALLOC, I thought only REL_ALLOC affects that.

And since we added r_alloc_inhibit_buffer_relocation around the regex
calls, aren't all these concerns about relocation obsolete?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.