GNU bug report logs -
#61514
30.0.50; sadistically long xml line hangs emacs
Previous Next
Reported by: "Mark A. Hershberger" <mah <at> everybody.org>
Date: Tue, 14 Feb 2023 21:05:02 UTC
Severity: normal
Found in version 30.0.50
Done: Gregory Heytings <gregory <at> heytings.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
>
> I don't think it's this regexp which causes the overflow.
>
... but with a larger buffer it does, so apparently the regexp is
problematic after all:
(with-current-buffer (get-buffer-create "*bug*")
(let ((regexp "\\(\\(?:\\(xmlns\\)\\|[_[:alpha:]][-._[:alnum:]]*\\)\\(:[_[:alpha:]][-._[:alnum:]]*\\)?\\)[ \r\t\n]*=\\(?:[ \r\t\n]*\\('[^<'&\r\n\t]*\\([&\r\n\t][^<']*\\)?'\\|\"[^<\"&\r\n\t]*\\([&\r\n\t][^<\"]*\\)?\"\\)\\(?:\\([ \r\t\n]*>\\)\\|\\(?:\\([ \r\t\n]*/\\)\\(>\\)?\\)\\|\\([ \r\t\n]+\\)\\)\\)?"))
(erase-buffer)
(insert "<id name=\"")
(insert (make-string 266659 ?n))
(goto-char 5)
(looking-at regexp)))
Here 266658 does not overflow, and 266659 does. If '=' is removed from
the regexp it doesn't overflow anymore, even with a much larger string.
Trying to simplify the regexp gradually, I finally obtained the following
minimal test case:
(with-current-buffer (get-buffer-create "*bug*")
(let ((regexp "[[:alpha:]]*=\".*&.*\""))
(erase-buffer)
(insert "<id name=\"")
(insert (make-string 266666 ?n))
(goto-char 5)
(looking-at regexp)))
Here it fails with 266666, and doesn't with 266665.
This bug report was last modified 2 years and 147 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.