#24751 - 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

Package: emacs;

Reported by: npostavs <at> users.sourceforge.net

Date: Fri, 21 Oct 2016 03:54:01 UTC

Severity: normal

Tags: fixed, patch

Found in version 26.0.50

Fixed in version 26.1

Done: npostavs <at> users.sourceforge.net

Bug is archived. No further changes may be made.

Message #50 received at 24751 <at> debbugs.gnu.org (full text, mbox):

From: npostavs <at> users.sourceforge.net To: Eli Zaretskii <eliz <at> gnu.org> Cc: 24751 <at> debbugs.gnu.org Subject: Re: bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size") Date: Sun, 01 Jan 2017 13:57:05 -0500

Eli Zaretskii <eliz <at> gnu.org> writes: >> From: npostavs <at> users.sourceforge.net >> Cc: 24751 <at> debbugs.gnu.org >> Date: Sun, 01 Jan 2017 13:33:35 -0500 >> >> Eli Zaretskii <eliz <at> gnu.org> writes: >> >> >> >> /* Define MATCH_MAY_ALLOCATE unless we need to make sure that the >> >> searching and matching functions should not call alloca. On some >> >> systems, alloca is implemented in terms of malloc, and if we're >> >> using the relocating allocator routines, then malloc could cause a >> >> relocation, which might (if the strings being searched are in the >> >> ralloc heap) shift the data out from underneath the regexp >> >> routines. >> >> >> >> [...] >> > >> > The first part is not obsolete, but its reasoning is backwards: >> > SAFE_ALLOCA indeed can call malloc, but it could only cause relocation >> > if REGEX_MALLOC is defined (and ralloc.c is compiled in). And when >> > you define REGEX_MALLOC, MATCH_MAY_ALLOCATE is undefined. So the text >> > there should be revised. >> >> Is there ever any case where REGEX_MALLOC is defined? I can't see where >> it happens. > > I don't understand the question. You can compile regex.c with the > "-DREGEX_MALLOC" option whenever you like. We don't do that, ^^^^^^^^^^^^^^^^ Thanks, that's what I was wondering about in my question. > >> I don't understand why you say relocation is dependent on >> REGEX_MALLOC, I thought only REL_ALLOC affects that. > > REL_ALLOC determines whether ralloc.c is compiled in, which I > mentioned above. But if REL_ALLOC is defined, then SAFE_ALLOCA could cause relocation (via malloc) regardless of whether REGEX_MALLOC is defined or not, no?

This bug report was last modified 8 years and 198 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24751 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")