GNU bug report logs - #58042
29.0.50; ASAN use-after-free in re_match_2_internal

Previous Next

Package: emacs;

Reported by: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Date: Sat, 24 Sep 2022 13:46:01 UTC

Severity: normal

Found in version 29.0.50

Fixed in version 29.1

Done: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Po Lu <luangruo <at> yahoo.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Gerd Möllmann <gerd.moellmann <at> gmail.com>, Eli Zaretskii <eliz <at> gnu.org>, 58042 <at> debbugs.gnu.org, Alan Third <alan <at> idiocy.org>
Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Tue, 09 May 2023 09:04:03 +0800

Stefan Monnier <monnier <at> iro.umontreal.ca> writes:

> Really?

Yes.

> The problem was not if it's run from within the GC, the problem was what
> this code does when *it* runs the GC (or other state-changing functions).
> [ And indeed, the fix Gerd installed was to prevent GC while running
>   pending_signals.  But I suspect this is not sufficient because there
>   are other forms of global state that can get messed up.  ]
>
> In bug#62732 we have a related problem when code run from `maybe_quit`
> (an atimer in that case) from the regexp engine, and that atimer
> itself performs a regexp-operation, which messes up the outer regexp
> engine invocation because the regexp engine is still not re-entrant (in
> that bug, the problem is the `gl_state` global variable).

bug#62732?  That's:

  29.0.60; uniquify-trailing-separator-p affects any buffer whose name
  matches a dir in CWD

I don't see how it's related to reentrant use of the regexp engine.
BTW, which atimer is it?
This bug report was last modified 2 years and 72 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.