#24751 - 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

Package: emacs;

Reported by: npostavs <at> users.sourceforge.net

Date: Fri, 21 Oct 2016 03:54:01 UTC

Severity: normal

Tags: fixed, patch

Found in version 26.0.50

Fixed in version 26.1

Done: npostavs <at> users.sourceforge.net

Bug is archived. No further changes may be made.

Message #53 received at 24751 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org> To: npostavs <at> users.sourceforge.net Cc: 24751 <at> debbugs.gnu.org Subject: Re: bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size") Date: Sun, 01 Jan 2017 22:06:54 +0200

> From: npostavs <at> users.sourceforge.net > Cc: 24751 <at> debbugs.gnu.org > Date: Sun, 01 Jan 2017 13:57:05 -0500 > > >> I don't understand why you say relocation is dependent on > >> REGEX_MALLOC, I thought only REL_ALLOC affects that. > > > > REL_ALLOC determines whether ralloc.c is compiled in, which I > > mentioned above. > > But if REL_ALLOC is defined, then SAFE_ALLOCA could cause relocation > (via malloc) regardless of whether REGEX_MALLOC is defined or not, no? Relocation as side effect of calling malloc only happens with buffer text. This is not what the comment in question alludes to. It alludes to this: /* Define how to allocate the failure stack. */ #if defined REL_ALLOC && defined REGEX_MALLOC # define REGEX_ALLOCATE_STACK(size) \ r_alloc (&failure_stack_ptr, (size)) # define REGEX_REALLOCATE_STACK(source, osize, nsize) \ r_re_alloc (&failure_stack_ptr, (nsize)) # define REGEX_FREE_STACK(ptr) \ r_alloc_free (&failure_stack_ptr) #else /* not using relocating allocator */ # define REGEX_ALLOCATE_STACK(size) REGEX_ALLOCATE (size) # define REGEX_REALLOCATE_STACK(source, o, n) REGEX_REALLOCATE (source, o, n) # define REGEX_FREE_STACK(ptr) REGEX_FREE (ptr) #endif /* not using relocating allocator */ This calls ralloc.c functions directly for allocating/reallocating the failure stack, when both REL_ALLOC and REGEX_MALLOC are defined. So the relocation in question is that of the failure stack, which won't happen if we call malloc, even if REL_ALLOC is defined, because only buffer text can be relocated when ralloc.c is called from malloc.

This bug report was last modified 8 years and 196 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24751 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")

GNU bug report logs - #24751
26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")