GNU bug report logs - #58042
29.0.50; ASAN use-after-free in re_match_2_internal

Previous Next

Full log

Message #203 received at 58042 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Po Lu <luangruo <at> yahoo.com>
Cc: gerd.moellmann <at> gmail.com, alan <at> idiocy.org, 58042 <at> debbugs.gnu.org,
 monnier <at> iro.umontreal.ca
Subject: Re: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Tue, 09 May 2023 08:30:45 +0300

> From: Po Lu <luangruo <at> yahoo.com>
> Cc: Gerd Möllmann <gerd.moellmann <at> gmail.com>,  Eli
>  Zaretskii <eliz <at> gnu.org>,
>   58042 <at> debbugs.gnu.org,  Alan Third <alan <at> idiocy.org>
> Date: Tue, 09 May 2023 09:04:03 +0800
> 
> Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
> 
> > Really?
> 
> Yes.
> 
> > The problem was not if it's run from within the GC, the problem was what
> > this code does when *it* runs the GC (or other state-changing functions).
> > [ And indeed, the fix Gerd installed was to prevent GC while running
> >   pending_signals.  But I suspect this is not sufficient because there
> >   are other forms of global state that can get messed up.  ]
> >
> > In bug#62732 we have a related problem when code run from `maybe_quit`
> > (an atimer in that case) from the regexp engine, and that atimer
> > itself performs a regexp-operation, which messes up the outer regexp
> > engine invocation because the regexp engine is still not re-entrant (in
> > that bug, the problem is the `gl_state` global variable).
> 
> bug#62732?

He meant bug#63253, I think.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.