Received: (at 56108) by debbugs.gnu.org; 24 Jun 2022 15:40:58 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 24 11:40:58 2022 Received: from localhost ([127.0.0.1]:43276 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4lQX-0007uN-NE for submit <at> debbugs.gnu.org; Fri, 24 Jun 2022 11:40:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o4lQL-0007tK-Bk for 56108 <at> debbugs.gnu.org; Fri, 24 Jun 2022 11:40:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34570) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4lQG-0000kL-0o; Fri, 24 Jun 2022 11:40:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=osAXK+R94LvcViYZeKmHpfw/OH6zvSKLeQr7n6siDCs=; b=pcF62fI32Jh9dDSL8/CC Atq+K+TueHlKA8RKcQg+oyfrv8SMJHFKWSfERif3W4VnnuYVf36FaP/TnM1Zheke9RNu5cVR6olGT IMSMJyBT0X6P9EvC72iJi1hSYOf/ygkoOEtBcxeVTNmiI5m8jrKuqBAEQUGQRFsfu6FLYe/iAO9fo VxDJ90e+Mt3guDZL/smmiSv4XToY/P7/6bovECm1k+WmVLlMLyjiIQwjqHVCLy9v09TMA05NaE29g nfL2cKTak8o9dgFcHvC1gr1gdj02jr1ssfA5aWDLp49e5s5se7yGj+m/Ia1tLxjnpp4oHTuI4U3e0 4N2wBCkxjugtIg==; Received: from [87.69.77.57] (port=3451 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4lQF-000691-H5; Fri, 24 Jun 2022 11:40:39 -0400 Date: Fri, 24 Jun 2022 18:40:33 +0300 Message-Id: <8335fucbny.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <d832b6b9-06fa-4276-bcf1-1acebf6524d9@Spark> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Fri, 24 Jun 2022 11:35:18 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> <831qvfg876.fsf@HIDDEN> <jwvedzfoz1i.fsf-monnier+emacs@HIDDEN> <83tu8ad2qd.fsf@HIDDEN> <f7bcb962-0afd-495f-b935-b5dc67c2aa48@Spark> <d832b6b9-06fa-4276-bcf1-1acebf6524d9@Spark> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: monnier@HIDDEN, 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Fri, 24 Jun 2022 11:35:18 +0200 > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Cc: 56108 <at> debbugs.gnu.org > > Another note: Should some document mention that trailing whitespace are not allowed in the git repo? I > couldn't find that anywhere. I think it should be in CONTRIBUTE. But it should describe all the checks done by our Git hooks in .git/hooks/, not just the trailing-whitespace check. I will write that if no one beats me to it.
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 24 Jun 2022 09:35:34 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 24 05:35:34 2022 Received: from localhost ([127.0.0.1]:40889 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4fiv-0007I8-RS for submit <at> debbugs.gnu.org; Fri, 24 Jun 2022 05:35:34 -0400 Received: from mail-ej1-f54.google.com ([209.85.218.54]:38907) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o4fit-0007Hv-TE for 56108 <at> debbugs.gnu.org; Fri, 24 Jun 2022 05:35:32 -0400 Received: by mail-ej1-f54.google.com with SMTP id g26so3523657ejb.5 for <56108 <at> debbugs.gnu.org>; Fri, 24 Jun 2022 02:35:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=GpO0Dw9bQo8316P/PdEMEwlsLQdoJloRIkOMF7zUEPg=; b=A+cGMEodMe455zAWKSWoXr0Oc1oX7SIBMHl3lz75SzvsMqdhmrYatjY6UxQ4lnx3OQ mu51M6ZoKvC6jEH9kWz9FqqtswgQgh62zC3I6fAOz4DXq3umBJSRTjK5S0nab4vdKtFo 7Mm2UAxabr7L64wOBJTejkQRFotgrTAqAcKrRT9d0dziUQ2EB+BODJ4MW4hp5Ax/xesr 67y24tvhxSnCmxxSvnfzy2mA4nqBXvF8hRkDfPti8+Ak0ydSs/VaraYn0RlUKhVzQp4a RivnxhaOIen5IBYTq5dFfS2ydNIAskV59WhlS0zaPwu2IN3pAzSysM4O9BavS3HOKDtO LJpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=GpO0Dw9bQo8316P/PdEMEwlsLQdoJloRIkOMF7zUEPg=; b=uQHuBsl/QX2YE2Xt3kUGBMORXdhZXeYDkJvnl+lydIaxgeQuCkqhNXUPFruq4NFLrr NwjLcJcyGR0cTyXigPEDv1iBYQqSmn4lpTGp4gx6cKdSR4hAENff4bSooJ1bj6NxnIrO zAsnfFCqxdACUi0vzHxATdOegp4PCGwmIZyr9EUI9WKkKkPURNCJuOwrVSWGJgEA1wtk ZTrgoiywt3MQ6PPCO5S3GT0QRd6iFL1UICzyuvUESUgPz0mfgdTI2tlnqEyoLkIBPQhg +Duujl5+RON6NPDGFBPZKEbrAWrVOkSj44sm9PFIie5ow1+vRKjmIWPy1qiJKZln6hp/ 5JUA== X-Gm-Message-State: AJIora+uW8h/Z8GbPvjEFDoBnsugs7MDg4i+zp9Whl10UMC9bmF5RDJv 1WVrBYdyggAGzdr2QW8PxAs= X-Google-Smtp-Source: AGRyM1uq7IK/JpZEiLloUZ3eqJsrVXqauWZVHHyxSDtsWEhaKJYvB1zc5PFJektP6i16GdJHBKlFnA== X-Received: by 2002:a17:907:6d14:b0:726:34db:89fc with SMTP id sa20-20020a1709076d1400b0072634db89fcmr1122700ejc.406.1656063325890; Fri, 24 Jun 2022 02:35:25 -0700 (PDT) Received: from [192.168.178.21] (pd9e36742.dip0.t-ipconnect.de. [217.227.103.66]) by smtp.gmail.com with ESMTPSA id u3-20020aa7db83000000b0043580ac5888sm1535360edt.82.2022.06.24.02.35.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Jun 2022 02:35:24 -0700 (PDT) Date: Fri, 24 Jun 2022 11:35:18 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Stefan Monnier <monnier@HIDDEN>, Eli Zaretskii <eliz@HIDDEN> Message-ID: <d832b6b9-06fa-4276-bcf1-1acebf6524d9@Spark> In-Reply-To: <f7bcb962-0afd-495f-b935-b5dc67c2aa48@Spark> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> <831qvfg876.fsf@HIDDEN> <jwvedzfoz1i.fsf-monnier+emacs@HIDDEN> <83tu8ad2qd.fsf@HIDDEN> <f7bcb962-0afd-495f-b935-b5dc67c2aa48@Spark> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: d832b6b9-06fa-4276-bcf1-1acebf6524d9@Spark MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="62b5855b_1a54d7bc_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b5855b_1a54d7bc_588f Content-Type: multipart/alternative; boundary="62b5855b_2c7c62c2_588f" --62b5855b_2c7c62c2_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Please find patch attached. Some notes about the patch: =E2=80=A2 TRT, I think, would be to change the whole cacheing to use Lisp= objects etc.=C2=A0=C2=A0I couldn't persuade myself to do that. =E2=80=A2 A less right thing, but better than the patch, would be to prot= ect the cache entry in re=5Fmatch=5F2=5Finternal.=C2=A0=C2=A0But that req= uires interface changes because re=5Fmatch=5F2=5Finternal currently doesn= 't know about cash entries.=C2=A0=C2=A0I couldn't bring myself to do that= either. Another note:=C2=A0=C2=A0Should some document mention that trailing white= space are not allowed in the git repo=3F=C2=A0=C2=A0I couldn't find that = anywhere. --62b5855b_2c7c62c2_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageBodySection=22> <div dir=3D=22auto=22>Please find patch attached.<br /> <br /> Some notes about the patch:<br /></div> <ul> <li>TRT, I think, would be to change the whole cacheing to use Lisp objec= ts etc.&=23160;&=23160;I couldn't persuade myself to do that.</li> <li>A less right thing, but better than the patch, would be to protect th= e cache entry in re=5Fmatch=5F2=5Finternal.&=23160;&=23160;But that requi= res interface changes because re=5Fmatch=5F2=5Finternal currently doesn't= know about cash entries.&=23160;&=23160;I couldn't bring myself to do th= at either.</li> </ul> <div dir=3D=22auto=22>Another note:&=23160;&=23160;<span style=3D=22color= :var(--textColor);background-color:var(--backgroundColor)=22>Should some = document mention that trailing whitespace are not allowed in the git repo= =3F&=23160;&=23160;I couldn't find that anywhere.</span></div> </div> <div name=3D=22messageSignatureSection=22><br /> <div dir=3D=22auto=22><br /></div> <div dir=3D=22auto=22><br /></div> <div dir=3D=22auto=22><br /></div> <div dir=3D=22auto=22><br /></div> </div> </body> </html> --62b5855b_2c7c62c2_588f-- --62b5855b_1a54d7bc_588f Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="0001-Prevent-reexp-cache-entry-GC-in-more-cases.patch" RnJvbSA2OWEzMWM5OTc2MzE2YjNhMDU0MjUwM2Y4YzM0YWRiMTc4MmE5NTRmIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/R2VyZD0yME09QzM9QjZsbG1hbm4/PSA8Z2Vy ZEBnbnUub3JnPgpEYXRlOiBGcmksIDI0IEp1biAyMDIyIDEwOjQ0OjE3ICswMjAwClN1YmplY3Q6 IFtQQVRDSF0gUHJldmVudCByZWV4cCBjYWNoZSBlbnRyeSBHQyBpbiBtb3JlIGNhc2VzCgoqIHNy Yy9zZWFyY2guYyAoc3RyaW5nX21hdGNoXzEsIGZhc3Rfc3RyaW5nX21hdGNoX2ludGVybmFsKQoo ZmFzdF9jX3N0cmluZ19tYXRjaF9pZ25vcmVfY2FzZSk6IFVzZSBmcmVlemVfcGF0dGVybi4KLS0t CiBzcmMvc2VhcmNoLmMgfCA0OSArKysrKysrKysrKysrKysrKysrKysrKysrKy0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMjYgaW5zZXJ0aW9ucygrKSwgMjMgZGVsZXRp b25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL3NlYXJjaC5jIGIvc3JjL3NlYXJjaC5jCmluZGV4IDgx NmE3NTdjMTguLjlkNmJkMDc0ZTEgMTAwNjQ0Ci0tLSBhL3NyYy9zZWFyY2guYworKysgYi9zcmMv c2VhcmNoLmMKQEAgLTM3MCw3ICszNzAsNiBAQCBzdHJpbmdfbWF0Y2hfMSAoTGlzcF9PYmplY3Qg cmVnZXhwLCBMaXNwX09iamVjdCBzdHJpbmcsIExpc3BfT2JqZWN0IHN0YXJ0LAogCQlib29sIHBv c2l4LCBib29sIG1vZGlmeV9kYXRhKQogewogICBwdHJkaWZmX3QgdmFsOwotICBzdHJ1Y3QgcmVf cGF0dGVybl9idWZmZXIgKmJ1ZnA7CiAgIEVNQUNTX0lOVCBwb3M7CiAgIHB0cmRpZmZfdCBwb3Nf Ynl0ZSwgaTsKICAgYm9vbCBtb2RpZnlfbWF0Y2hfZGF0YSA9IE5JTFAgKFZpbmhpYml0X2NoYW5n aW5nX21hdGNoX2RhdGEpICYmIG1vZGlmeV9kYXRhOwpAQCAtNDAxLDE3ICs0MDAsMjIgQEAgc3Ry aW5nX21hdGNoXzEgKExpc3BfT2JqZWN0IHJlZ2V4cCwgTGlzcF9PYmplY3Qgc3RyaW5nLCBMaXNw X09iamVjdCBzdGFydCwKICAgc2V0X2NoYXJfdGFibGVfZXh0cmFzIChCVkFSIChjdXJyZW50X2J1 ZmZlciwgY2FzZV9jYW5vbl90YWJsZSksIDIsCiAJCQkgQlZBUiAoY3VycmVudF9idWZmZXIsIGNh c2VfZXF2X3RhYmxlKSk7CiAKLSAgYnVmcCA9ICZjb21waWxlX3BhdHRlcm4gKHJlZ2V4cCwKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgIChtb2RpZnlfbWF0Y2hfZGF0YSA/ICZzZWFyY2hfcmVn cyA6IE5VTEwpLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgKCFOSUxQIChCVkFSIChjdXJy ZW50X2J1ZmZlciwgY2FzZV9mb2xkX3NlYXJjaCkpCi0gICAgICAgICAgICAgICAgICAgICAgICAg ICAgPyBCVkFSIChjdXJyZW50X2J1ZmZlciwgY2FzZV9jYW5vbl90YWJsZSkgOiBRbmlsKSwKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgIHBvc2l4LAotICAgICAgICAgICAgICAgICAgICAgICAg ICAgU1RSSU5HX01VTFRJQllURSAoc3RyaW5nKSktPmJ1ZjsKKyAgc3BlY3BkbF9yZWYgY291bnQg PSBTUEVDUERMX0lOREVYICgpOworICBzdHJ1Y3QgcmVnZXhwX2NhY2hlICpjYWNoZV9lbnRyeQor ICAgID0gY29tcGlsZV9wYXR0ZXJuIChyZWdleHAsCisJCSAgICAgICBtb2RpZnlfbWF0Y2hfZGF0 YSA/ICZzZWFyY2hfcmVncyA6IE5VTEwsCisJCSAgICAgICAoIU5JTFAgKEJWQVIgKGN1cnJlbnRf YnVmZmVyLCBjYXNlX2ZvbGRfc2VhcmNoKSkKKwkJCT8gQlZBUiAoY3VycmVudF9idWZmZXIsIGNh c2VfY2Fub25fdGFibGUpCisJCQk6IFFuaWwpLAorCQkgICAgICAgcG9zaXgsCisJCSAgICAgICBT VFJJTkdfTVVMVElCWVRFIChzdHJpbmcpKTsKKyAgZnJlZXplX3BhdHRlcm4gKGNhY2hlX2VudHJ5 KTsKICAgcmVfbWF0Y2hfb2JqZWN0ID0gc3RyaW5nOwotICB2YWwgPSByZV9zZWFyY2ggKGJ1ZnAs IFNTREFUQSAoc3RyaW5nKSwKKyAgdmFsID0gcmVfc2VhcmNoICgmY2FjaGVfZW50cnktPmJ1Ziwg U1NEQVRBIChzdHJpbmcpLAogCQkgICBTQllURVMgKHN0cmluZyksIHBvc19ieXRlLAogCQkgICBT QllURVMgKHN0cmluZykgLSBwb3NfYnl0ZSwKIAkJICAgKG1vZGlmeV9tYXRjaF9kYXRhID8gJnNl YXJjaF9yZWdzIDogTlVMTCkpOworICB1bmJpbmRfdG8gKGNvdW50LCBRbmlsKTsKIAogICAvKiBT ZXQgbGFzdF90aGluZ19zZWFyY2hlZCBvbmx5IHdoZW4gbWF0Y2ggZGF0YSBpcyBjaGFuZ2VkLiAg Ki8KICAgaWYgKG1vZGlmeV9tYXRjaF9kYXRhKQpAQCAtNDgwLDE1ICs0ODQsMTUgQEAgREVGVU4g KCJwb3NpeC1zdHJpbmctbWF0Y2giLCBGcG9zaXhfc3RyaW5nX21hdGNoLCBTcG9zaXhfc3RyaW5n X21hdGNoLCAyLCA0LCAwLAogZmFzdF9zdHJpbmdfbWF0Y2hfaW50ZXJuYWwgKExpc3BfT2JqZWN0 IHJlZ2V4cCwgTGlzcF9PYmplY3Qgc3RyaW5nLAogCQkJICAgIExpc3BfT2JqZWN0IHRhYmxlKQog ewotICBwdHJkaWZmX3QgdmFsOwotICBzdHJ1Y3QgcmVfcGF0dGVybl9idWZmZXIgKmJ1ZnA7Ci0K LSAgYnVmcCA9ICZjb21waWxlX3BhdHRlcm4gKHJlZ2V4cCwgMCwgdGFibGUsCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAwLCBTVFJJTkdfTVVMVElCWVRFIChzdHJpbmcpKS0+YnVmOwogICBy ZV9tYXRjaF9vYmplY3QgPSBzdHJpbmc7Ci0gIHZhbCA9IHJlX3NlYXJjaCAoYnVmcCwgU1NEQVRB IChzdHJpbmcpLAotCQkgICBTQllURVMgKHN0cmluZyksIDAsCi0JCSAgIFNCWVRFUyAoc3RyaW5n KSwgMCk7CisgIHNwZWNwZGxfcmVmIGNvdW50ID0gU1BFQ1BETF9JTkRFWCAoKTsKKyAgc3RydWN0 IHJlZ2V4cF9jYWNoZSAqY2FjaGVfZW50cnkKKyAgICA9IGNvbXBpbGVfcGF0dGVybiAocmVnZXhw LCAwLCB0YWJsZSwgMCwgU1RSSU5HX01VTFRJQllURSAoc3RyaW5nKSk7CisgIGZyZWV6ZV9wYXR0 ZXJuIChjYWNoZV9lbnRyeSk7CisgIHB0cmRpZmZfdCB2YWwgPSByZV9zZWFyY2ggKCZjYWNoZV9l bnRyeS0+YnVmLCBTU0RBVEEgKHN0cmluZyksCisJCQkgICAgIFNCWVRFUyAoc3RyaW5nKSwgMCwK KwkJCSAgICAgU0JZVEVTIChzdHJpbmcpLCAwKTsKKyAgdW5iaW5kX3RvIChjb3VudCwgUW5pbCk7 CiAgIHJldHVybiB2YWw7CiB9CiAKQEAgLTUwMSwxNSArNTA1LDE0IEBAIGZhc3Rfc3RyaW5nX21h dGNoX2ludGVybmFsIChMaXNwX09iamVjdCByZWdleHAsIExpc3BfT2JqZWN0IHN0cmluZywKIGZh c3RfY19zdHJpbmdfbWF0Y2hfaWdub3JlX2Nhc2UgKExpc3BfT2JqZWN0IHJlZ2V4cCwKIAkJCQkg Y29uc3QgY2hhciAqc3RyaW5nLCBwdHJkaWZmX3QgbGVuKQogewotICBwdHJkaWZmX3QgdmFsOwot ICBzdHJ1Y3QgcmVfcGF0dGVybl9idWZmZXIgKmJ1ZnA7Ci0KICAgcmVnZXhwID0gc3RyaW5nX21h a2VfdW5pYnl0ZSAocmVnZXhwKTsKLSAgYnVmcCA9ICZjb21waWxlX3BhdHRlcm4gKHJlZ2V4cCwg MCwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgIFZhc2NpaV9jYW5vbl90YWJsZSwgMCwKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgIDApLT5idWY7CisgIHNwZWNwZGxfcmVmIGNvdW50ID0g U1BFQ1BETF9JTkRFWCAoKTsKKyAgc3RydWN0IHJlZ2V4cF9jYWNoZSAqY2FjaGVfZW50cnkKKyAg ICA9IGNvbXBpbGVfcGF0dGVybiAocmVnZXhwLCAwLCBWYXNjaWlfY2Fub25fdGFibGUsIDAsIDAp OworICBmcmVlemVfcGF0dGVybiAoY2FjaGVfZW50cnkpOwogICByZV9tYXRjaF9vYmplY3QgPSBR dDsKLSAgdmFsID0gcmVfc2VhcmNoIChidWZwLCBzdHJpbmcsIGxlbiwgMCwgbGVuLCAwKTsKKyAg cHRyZGlmZl90IHZhbCA9IHJlX3NlYXJjaCAoJmNhY2hlX2VudHJ5LT5idWYsIHN0cmluZywgbGVu LCAwLCBsZW4sIDApOworICB1bmJpbmRfdG8gKGNvdW50LCBRbmlsKTsKICAgcmV0dXJuIHZhbDsK IH0KIAotLSAKMi4zNi4xCgo= --62b5855b_1a54d7bc_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 24 Jun 2022 06:02:05 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 24 02:02:05 2022 Received: from localhost ([127.0.0.1]:40576 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4cOI-00060W-Ur for submit <at> debbugs.gnu.org; Fri, 24 Jun 2022 02:02:05 -0400 Received: from mail-ej1-f50.google.com ([209.85.218.50]:42789) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o4cOG-0005zn-DB for 56108 <at> debbugs.gnu.org; Fri, 24 Jun 2022 02:02:01 -0400 Received: by mail-ej1-f50.google.com with SMTP id fi2so2534266ejb.9 for <56108 <at> debbugs.gnu.org>; Thu, 23 Jun 2022 23:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=5zpT0b7wpOX9ifttHj8I8JUP8obbmSbCpsxJBSGQOTg=; b=Ysn62/dA1hrGWXpm8PRGXd5hcaWU1A9Zil4QwFCjkjxfjBlhX9NtI4Z1UOCzkyhyCf ybbS45wLBqTPmEmKDZrXSqt8Am22aLTvEPuezBJ8bfEIW+/iKeu8DixvbES6Ksd4tys7 9uJvI9L2D5/A2tWZfyGBZwGCj9Bp6wz/h/qw/N5O4S7lZZOKM5mWpyyKjd7IuW0tr53Q OFjRUW4/bNAl11COoI6Cks0nmxDlerfzFnwD/wyvAMzfxA+h/gib371Xhh5oMfN4pXIr q4Od78IW03k5n2TvuZwsBRgIOkXDf8M8YVQTtMaktqxOBtIwe8BVJS5JlCBCDGwvOq/N w2lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=5zpT0b7wpOX9ifttHj8I8JUP8obbmSbCpsxJBSGQOTg=; b=OpctK51MwvtUC2xI/MSBlypzgRdW3/gLaEdxqLLAT6Zi1aogrHWfAlixeDocNX959v XVaVI1OjgpsIPFZFigakw+JWQ8r0jUFyVGkQUIR2Ygz6M8aDCHKZWyO7fTK/yDsliqRn hAotOF/2lTLtqnBwoYe50L7EviJaS4uAf6DYUnf7BjHLNvIJ2pKzuv8BQ6ABKVH4d0p8 RvDxAbPCeEyto0EU5lNl4gjL8W8GIkCGvq7ToFCR4HWlLuWt66nXhDCzOqdARs1c7vph f+lpaPTesJYc5DThNnoOVOM1Og4aDb5DEuFGzWfdG0BZUwBAWPOo+3VXrhINGcCY3e4F 91ZA== X-Gm-Message-State: AJIora9K2ILVPbHRYlssvYoa4Skoo2cVVnkZoq/VmsMufMNUG7jVTpIW b9rX1rTmVWSzsZ2Fq+DHTNY= X-Google-Smtp-Source: AGRyM1svkXLcBzzaW5E2HN3I/6ejCjeW5I4BjTFonnVboN1PkQCvgWif943MyDJtkygLwvCjagYt2Q== X-Received: by 2002:a17:907:8a17:b0:726:35ac:b3ad with SMTP id sc23-20020a1709078a1700b0072635acb3admr128292ejc.447.1656050514149; Thu, 23 Jun 2022 23:01:54 -0700 (PDT) Received: from [192.168.178.21] (pd9e36742.dip0.t-ipconnect.de. [217.227.103.66]) by smtp.gmail.com with ESMTPSA id a7-20020a056402236700b0043570d96d25sm1130978eda.95.2022.06.23.23.01.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Jun 2022 23:01:53 -0700 (PDT) Date: Fri, 24 Jun 2022 08:01:47 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Stefan Monnier <monnier@HIDDEN>, Eli Zaretskii <eliz@HIDDEN> Message-ID: <f7bcb962-0afd-495f-b935-b5dc67c2aa48@Spark> In-Reply-To: <83tu8ad2qd.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> <831qvfg876.fsf@HIDDEN> <jwvedzfoz1i.fsf-monnier+emacs@HIDDEN> <83tu8ad2qd.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: f7bcb962-0afd-495f-b935-b5dc67c2aa48@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b55350_622d8102_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b55350_622d8102_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 24. Jun 2022, 07:56 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote: > > Gerd, would you please show the patch for that=3F It's not ready yet.=C2=A0=C2=A0I'll send something later. --62b55350_622d8102_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On 24. Jun 2022, 07:56 +0200, Eli Zaretskii <eli= z=40gnu.org>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >Gerd, would you please show the patch for that=3F</blockquote> </blockquote> <div dir=3D=22auto=22><br /> It's not ready yet.&=23160;&=23160;I'll send something later.</div> </div> </body> </html> --62b55350_622d8102_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 24 Jun 2022 05:56:17 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 24 01:56:17 2022 Received: from localhost ([127.0.0.1]:40562 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4cIi-0005q8-P6 for submit <at> debbugs.gnu.org; Fri, 24 Jun 2022 01:56:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42288) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o4cIg-0005pu-LP for 56108 <at> debbugs.gnu.org; Fri, 24 Jun 2022 01:56:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55980) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4cIa-0004D0-N9; Fri, 24 Jun 2022 01:56:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=4ExJM4FKR5la+asSBzhGuZ7X0wH0dPvLFvP7R66XEao=; b=HsqZxcMxQzRF IPNQt9VOgKGz9DLLEknoWHus5OJ1LC5kQJZNkJxbOdKGjcqLghBbCiV3+gXWsxar5ktm45w2go5Lo TS+VnQVfzqiUGeIFu4aJxQHZsAkr0CCURwHjR6YPVsUSXYqgqWzghjFG/9lQmfSYGqZRxz/XlKlXv PkqM1QX+mtY5taYvAQ/0CJ6Gv4Ocj4ZWXXm0aM/jbWKTlIAWIorO06hG/Q+ypNslgYFmAy6qiqxLc eKhJB4LX+FtzemECFRLzsVMV+89h48psIMug2enxerDopiGOxwANvHJQlunUVFYQH49y8tuGJTbzD agBsDFQpZgapjlIadCEghg==; Received: from [87.69.77.57] (port=3001 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4cIT-0001ZM-6w; Fri, 24 Jun 2022 01:56:06 -0400 Date: Fri, 24 Jun 2022 08:55:54 +0300 Message-Id: <83tu8ad2qd.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Stefan Monnier <monnier@HIDDEN> In-Reply-To: <jwvedzfoz1i.fsf-monnier+emacs@HIDDEN> (message from Stefan Monnier on Thu, 23 Jun 2022 17:29:13 -0400) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> <831qvfg876.fsf@HIDDEN> <jwvedzfoz1i.fsf-monnier+emacs@HIDDEN> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: gerd.moellmann@HIDDEN, 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > From: Stefan Monnier <monnier@HIDDEN> > Cc: gerd.moellmann@HIDDEN, 56108 <at> debbugs.gnu.org > Date: Thu, 23 Jun 2022 17:29:13 -0400 > > Before `freeze_pattern`, the design was that nothing could happen while > running the regexp matcher (no GC, no execution of Lisp code). > > Commit 938d252d1c6c5e2027aa250c649deb024154f936 changed that so that > searching inside a *buffer* could end up running ELisp code (and hence > also GC). AFAIK this still can't happen when searching in strings. > [ IIRC The need to run ELisp is so as to apply `syntax-table` text > properties on demand via `syntax-propertize`. ] > > So I think freeze_pattern should be used in all cases where > `compile_pattern` is used to search inside a buffer, but it shouldn't be > necessary when searching within a string. I think at least the scenario uncovered by Gerd, shown in this backtrace-like form: > maybe_gc > Ffuncall > call2 > signal_or_quit (eval.c:1741) > quit (eval.c:1697) > process_quit_flag (eval.c:1657) > probably_quit (eval.c:1864) > maybe_quit (lisp.h:3681) > re_match_2_internal (regexp-emacs.c:4691) could happen even when searching within strings. And in general, as I tried to explain up-thread, relying on what cannot happen _today_ wrt GC is not future-proof, the way Emacs development advances. So I think we should install a change that calls freeze_pattern for every pattern-cache entry as long as it is in use. Gerd, would you please show the patch for that?
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.
Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 21:29:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 17:29:24 2022
Received: from localhost ([127.0.0.1]:40160 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1o4UOC-0007iF-No
for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 17:29:24 -0400
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:63617)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <monnier@HIDDEN>) id 1o4UOB-0007i3-Dk
for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 17:29:23 -0400
Received: from pmg3.iro.umontreal.ca (localhost [127.0.0.1])
by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id BB7AA441D22;
Thu, 23 Jun 2022 17:29:17 -0400 (EDT)
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id 73FA3441D21;
Thu, 23 Jun 2022 17:29:16 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
s=mail; t=1656019756;
bh=wU3tbo8sbW3uxGetBJxBzM9Mg9IH8skeAmXwIJPsLd8=;
h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
b=JtiW/6+n8LJ8V/XN8r4i7khB2DlAPyjFTNdNK3twdfN/a2RW/18dxJhR4vW+5soaX
p9mn1Ki0ich8YZvEezLcxxepzUrizEZRzHgsdfId7HGqRcN2RoQSuHOyHSwf9T+5+0
aIYSFr8W60AduEFeEvKeUVXIiXUEoApjFqMWvwZzEdOVr0mkDqeiWARtq70NaZ4Qdj
tdZtQt4TJPLD/U35BpcrXOjCY66Wt/sTycK/cR4sC4CtJlXjbCQp78BwO74Gj+NhJK
UdoTxQNHcSH/Bo4dI98aBfotOKG9RX0u5xKTNzJkBb6i4MQkzkxttQUbhxT4/ysuMd
X+K3MwQsli3PQ==
Received: from alfajor (196.214.25.93.rev.sfr.net [93.25.214.196])
by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 73CE01204DE;
Thu, 23 Jun 2022 17:29:15 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal
Message-ID: <jwvedzfoz1i.fsf-monnier+emacs@HIDDEN>
References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN>
<32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN>
<6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN>
<e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN>
<3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN>
<831qvfg876.fsf@HIDDEN>
Date: Thu, 23 Jun 2022 17:29:13 -0400
In-Reply-To: <831qvfg876.fsf@HIDDEN> (Eli Zaretskii's message of "Thu, 23 Jun
2022 10:17:17 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results: 0
ALL_TRUSTED -1 Passed through trusted hosts only via SMTP
AWL -0.179 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature,
not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
domain T_SCC_BODY_TEXT_LINE -0.01 -
X-SPAM-LEVEL:
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56108
Cc: gerd.moellmann@HIDDEN, 56108 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
> Stefan, do you happen to know why some of the callers of
> compile_pattern don't call freeze_pattern to protect the new cache
> entry? Is it just an omission or do we miss something here?
Before `freeze_pattern`, the design was that nothing could happen while
running the regexp matcher (no GC, no execution of Lisp code).
Commit 938d252d1c6c5e2027aa250c649deb024154f936 changed that so that
searching inside a *buffer* could end up running ELisp code (and hence
also GC). AFAIK this still can't happen when searching in strings.
[ IIRC The need to run ELisp is so as to apply `syntax-table` text
properties on demand via `syntax-propertize`. ]
So I think freeze_pattern should be used in all cases where
`compile_pattern` is used to search inside a buffer, but it shouldn't be
necessary when searching within a string.
At least, that's my recollection.
Stefan
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 08:50:00 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 04:50:00 2022 Received: from localhost ([127.0.0.1]:37305 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4IXH-0003YO-Is for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 04:49:59 -0400 Received: from mail-ej1-f49.google.com ([209.85.218.49]:44636) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o4IXA-0003Y4-U8 for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 04:49:57 -0400 Received: by mail-ej1-f49.google.com with SMTP id sb34so10499899ejc.11 for <56108 <at> debbugs.gnu.org>; Thu, 23 Jun 2022 01:49:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=A5K9WLBsJJ1Uvux591pMrvD2NEZrjq7Bk4tgRpMLhFY=; b=DT9AfkiGKEK4Gqx1khIBphXUc2bj0KTmC+7fwjfMCcbrl9aH+n48Xk2QYszpXIbsly +cuH4itK8aNZbIxHLcXQU2ZYYsu4w+dGe6bh9jUe5lyqHhhDLFDO2H4nk1sgUBlu75yv 4wu0pyzBIlOyBPsDZFIS6ZgKTNxTU/lSXm2S2SXYt0dT/Pn7V5c/zIUEACIAxd9t4gAh WSBvHEi6ZOvOhTK/h8uczlmNiPg4uqOfdFiTuKoUwEeqhLopBtQ+4bmoujANhftvE15e mEtnIT1pu+rabgJIzkkW1Eh58FdbSotfILaEt8ADBHdjXMeIr87YWEavFvjZH+N7IPVD R1UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=A5K9WLBsJJ1Uvux591pMrvD2NEZrjq7Bk4tgRpMLhFY=; b=xPeNFeaQWVX0HQR888D9ZRLGpdW1/Gzuim9bd9SD/kJTUBpT7+TpcMRebTiQr/JDah Jvhe/82Q430jnHJByZQSrU73Kj+hJzKGZ9KLpgdN3oedd67owLCOs82BeBJusi2Flv2C V+346UhAsxVQ57waiPqSMY5C3PAxf9UinqAzzGUlb3grpVfOD+ozGybXFkUI7HVpY91l RBdgUkUeU9FLZ4BWwrkqjcykPe9aJiaN+M2pULlLjV5pJztF0DYuC/wMk9GaJ9ka3NDZ 00fDjsM/6jfSOS44obc82/QiQZu8uMq/46DQXzobadD1OrsiHUOMtKBoc98U+R0qhTsR mxxw== X-Gm-Message-State: AJIora/nsJck7f0Nt+4AZQhsOaII4KE2lRMsmQwe0nwb2epLFigBro/0 PShvnKBkzYGilfg9r01Lxe3Iw4hkSyczpnE9 X-Google-Smtp-Source: AGRyM1uUJPthEK6O6V0S3XV0CnwpPLdkj306aenOaOvux9K3OxNV1GvKBZNjEcyjT5RkkddvbtSoIg== X-Received: by 2002:a17:907:c20e:b0:710:7a7a:fd85 with SMTP id ti14-20020a170907c20e00b007107a7afd85mr6948527ejc.346.1655974186683; Thu, 23 Jun 2022 01:49:46 -0700 (PDT) Received: from [192.168.178.21] (pd9e367fb.dip0.t-ipconnect.de. [217.227.103.251]) by smtp.gmail.com with ESMTPSA id g13-20020a170906538d00b00722e1635531sm4245133ejo.193.2022.06.23.01.49.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Jun 2022 01:49:46 -0700 (PDT) Date: Thu, 23 Jun 2022 10:49:39 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Eli Zaretskii <eliz@HIDDEN> Message-ID: <215a524f-0580-413b-9b91-68e35708e97d@Spark> In-Reply-To: <83v8srepwc.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> <84b39f74-b1dd-4485-b501-fc4a7e634455@Spark> <83v8srepwc.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: 215a524f-0580-413b-9b91-68e35708e97d@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b42929_4a9554fe_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b42929_4a9554fe_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 23. Jun 2022, 10:38 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote: > > =46air enough. But for that purpose, we need to consider each call in= to > > Lisp, either directly or via a hook, as potentially triggering GC. > > True. > > > > Moreover, if some code can signal an error or throw to a higher level= , > > that could cause GC via the handlers installed by the various > > unwind-protect forms. So signaling/throwing are also GC triggers, at > > least in some situations, and I'm not sure how relevant that is to > > what you had in mind. > > Also true. I don't have something specific in mind, but I might give it a spin, part= ly because I tend to forget which things can call Lisp (like maybe=5Fquit= ), partly because it was so boring to follow the calls in this bug, and p= artly because I can, or could=C2=A0=C2=A0;-). > > > > (People also tend to forget that GC doesn't only deletes =22garbage=22= > > objects, it also has other potentially =22surprising=22 effects: it c= an > > compact strings, relocate string data and buffer text, shrink regexp > > pattern cache and font caches, etc.) Yeah.=C2=A0 =C2=A0ISTR some fun after I changed the Lisp string implement= ation for conservative GC. --62b42929_4a9554fe_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On 23. Jun 2022, 10:38 +0200, Eli Zaretskii <eli= z=40gnu.org>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >=46air enough. But for that purpose, we need to consider each call into<= br /> Lisp, either directly or via a hook, as potentially triggering GC.<br /> <br /></blockquote> </blockquote> <div dir=3D=22auto=22>True.<br /></div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> Moreover, if some code can signal an error or throw to a higher level,<br= /> that could cause GC via the handlers installed by the various<br /> unwind-protect forms. So signaling/throwing are also GC triggers, at<br /= > least in some situations, and I'm not sure how relevant that is to<br /> what you had in mind.<br /> <br /></blockquote> </blockquote> <div dir=3D=22auto=22>Also true.&=23160;<br /> <br /> I don't have something specific in mind, but I might give it a spin, part= ly because I tend to forget which things can call Lisp (like maybe=5Fquit= ), partly because it was so boring to follow the calls in this bug, and p= artly because I can, or could&=23160;&=23160;;-).<br /></div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> (People also tend to forget that GC doesn't only deletes =22garbage=22<br= /> objects, it also has other potentially =22surprising=22 effects: it can<b= r /> compact strings, relocate string data and buffer text, shrink regexp<br /= > pattern cache and font caches, etc.)</blockquote> </blockquote> <div dir=3D=22auto=22>Yeah.&=23160; &=23160;ISTR some fun after I changed= the Lisp string implementation for conservative GC.</div> </div> </body> </html> --62b42929_4a9554fe_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 08:38:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 04:38:11 2022 Received: from localhost ([127.0.0.1]:37282 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4ILq-0003Dg-Qc for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 04:38:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50532) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o4ILp-0003DR-Ui for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 04:38:10 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:38872) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4ILk-0005s4-LU; Thu, 23 Jun 2022 04:38:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=30E3Ee8h/Qlfr4En3aYGZ7EP9EpyZ2asThiempoFDdA=; b=Agk2rEMujFstw4STKQUA xllodeCXQf2LSVzVyonx6BuYYktp3dfJ9HGUotdGWpNFf31jvn/i5Wqh8HSmJeLcKnXFtGa4Qzon5 ItamGHc8w1Cs5hw9fkabHK5QnDseDdm+gz3S7iozR4bIrK3EIMG9XzvXocdYH90dSNCp7Q0EShmVk Y/ZzJjM76elj/2OIaXFmU4mi43qHKyTMDbqqswv7IaUC8OQ4GnajUeWixy8PwHutVzONhtiyhz+qY 4UgKapo3bg5NbNh6R8mjuprzkleGUDco3/cLdWWHbwu6+i8WGL5/qvnb/7gRYgxrb4v02DL7yVFFw hBI+HQSHjrWU8g==; Received: from [87.69.77.57] (port=3500 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4ILj-0001Oi-04; Thu, 23 Jun 2022 04:38:03 -0400 Date: Thu, 23 Jun 2022 11:37:55 +0300 Message-Id: <83v8srepwc.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <84b39f74-b1dd-4485-b501-fc4a7e634455@Spark> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Thu, 23 Jun 2022 10:24:31 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> <84b39f74-b1dd-4485-b501-fc4a7e634455@Spark> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Thu, 23 Jun 2022 10:24:31 +0200 > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Cc: 56108 <at> debbugs.gnu.org > > Another side question, if I may: Have you perhaps heard of someone producing a static call graph for > Emacs, or better yet, specific functions in Emacs? Maybe using objdump -D or something > similar? > > Does this make sense in a dynamic program such as Emacs? We call into > Lisp quite a lot from C, and from there you can arrive anywhere, no? > And objdump cannot capture Lisp levels. > > True, but for GC at least, I think it would make it easier to tell if it can potentially happen. One would see a > call to GC in the static call graph. Not for arbitrary lines, of course, you know what I mean... Fair enough. But for that purpose, we need to consider each call into Lisp, either directly or via a hook, as potentially triggering GC. Moreover, if some code can signal an error or throw to a higher level, that could cause GC via the handlers installed by the various unwind-protect forms. So signaling/throwing are also GC triggers, at least in some situations, and I'm not sure how relevant that is to what you had in mind. (People also tend to forget that GC doesn't only deletes "garbage" objects, it also has other potentially "surprising" effects: it can compact strings, relocate string data and buffer text, shrink regexp pattern cache and font caches, etc.)
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 08:24:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 04:24:47 2022 Received: from localhost ([127.0.0.1]:37248 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4I8s-0000hG-Mh for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 04:24:47 -0400 Received: from mail-ed1-f46.google.com ([209.85.208.46]:43806) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o4I8q-0000h2-CW for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 04:24:45 -0400 Received: by mail-ed1-f46.google.com with SMTP id c13so22952160eds.10 for <56108 <at> debbugs.gnu.org>; Thu, 23 Jun 2022 01:24:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=ahUrhk8pzLiEDk6HuYa9G29FtREXHpQFo0ItUlXCfBk=; b=a+KgWtXxyiXPdow4kOQey8v+nuR2CNJ9Yl0i25Gc2CZKU51hV2dZbYUg24AhP5ZKoD Jtz63kilXk75gu0btH5uSNbsGTAJ54Q4XL9fDVnLVwfFVSOAoSSSzcQLWnScRNSlbjY4 1cEKr8Gs9p0gC0VgywyfyLfDtPT0/YlHqak7+BC1myT1dyQwa2foXGW3s8phfmwOnm2h IiXdWEAKqoYUW9D1dTAwA8C/CTNL57fK5LComcB80sylDyMnztMpUhbbZOzaok3oVFCr usRxExgXaN/kFznzUOQ5EgVnDRbo5I//XaDWt63A8uya2yQtX5KSFRGA+j/7KMHs4ydc 4BXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=ahUrhk8pzLiEDk6HuYa9G29FtREXHpQFo0ItUlXCfBk=; b=Lz/ujQrTPL3QWkDwRvyX5BrF9WBOrjZgoH2MYGFUdhOLndB6cT/Wposaxj9ZmZWiN1 65pbiYORlVSropw0hOqZ9hBOztUOme4C4ZV8vmuTZsXeJ3jrfFy/98Aqx+UJyPglT8Aq MgpIz4t1iLqyXoyFZhyLrOgbmAiE2Z4Or+OmLAw3GBvXyHq6FnmEtWmiPKosNAs6kD3/ yjFdxDPbwlBlFQG7Eu8sIHfE+6ihCkuBQGcfgO3+a7zFONHi0ARkovnOeaOddg2EEdDA gul6Q5WhQP9ZRuzCP0Ctr4zziysGdnC9FwcfC0fs1OQdvwq2HFs+s8GV1PgsQXVu+1KS OESQ== X-Gm-Message-State: AJIora8mltS1W2RtF203NsKem/MZE8LfGrhTRBsakd7FbXoUwkE4kkKk pc9yVfk3B/lxFMhxnn5RgQ/kGFzzWFad17JA X-Google-Smtp-Source: AGRyM1ttIJLfhrs+nhnyAuKLlOwVCZE2PfoflOwmrx6KnBPGWqKBW/p/8ybaLEb9qT59xUALxRzw8Q== X-Received: by 2002:a05:6402:1d48:b0:42d:d1a2:7c6d with SMTP id dz8-20020a0564021d4800b0042dd1a27c6dmr9136966edb.43.1655972678664; Thu, 23 Jun 2022 01:24:38 -0700 (PDT) Received: from [192.168.178.21] (pd9e367fb.dip0.t-ipconnect.de. [217.227.103.251]) by smtp.gmail.com with ESMTPSA id o2-20020a170906768200b0070b8a467c82sm10361440ejm.22.2022.06.23.01.24.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Jun 2022 01:24:37 -0700 (PDT) Date: Thu, 23 Jun 2022 10:24:31 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Eli Zaretskii <eliz@HIDDEN> Message-ID: <84b39f74-b1dd-4485-b501-fc4a7e634455@Spark> In-Reply-To: <835ykrg93i.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: 84b39f74-b1dd-4485-b501-fc4a7e634455@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b42344_613183f2_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b42344_613183f2_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 23. Jun 2022, 08:58 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote: > > Do you want to do that or should I=3F > > > > =46eel free to do it, I generally prefer that people who see the prob= lem > > and could at least potentially test the solution also make the change= > > to fix it. > > Ok > > > > Another side question, if I may: Have you perhaps heard of someone pr= oducing a static call graph for > > Emacs, or better yet, specific functions in Emacs=3F Maybe using objd= ump -D or something similar=3F > > > > Does this make sense in a dynamic program such as Emacs=3F We call in= to > > Lisp quite a lot from C, and from there you can arrive anywhere, no=3F= > > And objdump cannot capture Lisp levels. True, but for GC at least, I think it would make it easier to tell if it = can potentially happen. One would see a call to GC in the static call gra= ph. Not for arbitrary lines, of course, you know what I mean... > > > > That is, btw, the main problem with maintaining Emacs internals > > nowadays: it is hard, almost impossible, to know, just by looking at = C > > code, whether GC or any other Lisp-related activity could happen > > between two arbitrary lines of C. We have more and more hooks called > > from C that could potentially call any Lisp, and we have more and mor= e > > direct calls into Lisp from the most intimate parts of Emacs, like th= e > > display engine and the main loop in keyboard.c. This basically makes > > any analysis of whether or not some code fragment could cause GC > > futile: even if today it's impossible, it can easily become possible > > tomorrow, with some innocent-looking change. This is exacerbated by > > the fact that GCPROs are long gone, so the caution we used to > > exercised 20 years ago to make sure GC doesn't surprise us is no > > longer needed nor practiced. > > All true, I just want to remark that I have no fond memories of GCPRO, an= d of debugging stuff caused by missing ones.=C2=A0 =C2=A0Glad to hear the= y're finally completely dead now. > > > > But no, I don't think anyone tried to see what kind of graph could be= > > obtained. Maybe it's worthwhile, who knows=3F we might learn somethin= g > > useful regardless. Thanks --62b42344_613183f2_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On 23. Jun 2022, 08:58 +0200, Eli Zaretskii <eli= z=40gnu.org>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >Do you want to do that or should I=3F<br /> <br /> =46eel free to do it, I generally prefer that people who see the problem<= br /> and could at least potentially test the solution also make the change<br = /> to fix it.<br /> <br /></blockquote> </blockquote> <div dir=3D=22auto=22>Ok<br /></div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> Another side question, if I may: Have you perhaps heard of someone produc= ing a static call graph for<br /> Emacs, or better yet, specific functions in Emacs=3F Maybe using objdump = -D or something similar=3F<br /> <br /> Does this make sense in a dynamic program such as Emacs=3F We call into<b= r /> Lisp quite a lot from C, and from there you can arrive anywhere, no=3F<br= /> And objdump cannot capture Lisp levels.</blockquote> </blockquote> <div dir=3D=22auto=22>True, but for GC at least, I think it would make it= easier to tell if it can potentially happen. One would see a call to GC = in the static call graph. Not for arbitrary lines, of course, you know wh= at I mean...<br /></div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> That is, btw, the main problem with maintaining Emacs internals<br /> nowadays: it is hard, almost impossible, to know, just by looking at C<br= /> code, whether GC or any other Lisp-related activity could happen<br /> between two arbitrary lines of C. We have more and more hooks called<br /= > from C that could potentially call any Lisp, and we have more and more<br= /> direct calls into Lisp from the most intimate parts of Emacs, like the<br= /> display engine and the main loop in keyboard.c. This basically makes<br /= > any analysis of whether or not some code fragment could cause GC<br /> futile: even if today it's impossible, it can easily become possible<br /= > tomorrow, with some innocent-looking change. This is exacerbated by<br />= the fact that GCPROs are long gone, so the caution we used to<br /> exercised 20 years ago to make sure GC doesn't surprise us is no<br /> longer needed nor practiced.<br /> <br /></blockquote> </blockquote> <div dir=3D=22auto=22>All true, I just want to remark that I have no fond= memories of GCPRO, and of debugging stuff caused by missing ones.&=23160= ; &=23160;Glad to hear they're finally completely dead now.<br /></div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> But no, I don't think anyone tried to see what kind of graph could be<br = /> obtained. Maybe it's worthwhile, who knows=3F we might learn something<br= /> useful regardless.</blockquote> </blockquote> <div dir=3D=22auto=22>Thanks</div> </div> </body> </html> --62b42344_613183f2_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 07:17:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 03:17:36 2022 Received: from localhost ([127.0.0.1]:37111 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4H5s-0005Bu-HW for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 03:17:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35340) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o4H5q-0005Bh-1g for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 03:17:35 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36362) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4H5j-0001V2-P1; Thu, 23 Jun 2022 03:17:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=G7BacGWLnG05Sq8+toSPrfGZiKClTkfcgpsdui1Wg58=; b=Bv0S2wM06wD+ IMO9Sdkw/JwW5xlIzbLzFuXaKufQDXCvyej72BMZThM+fV53b3BFepJI1lf41SwFWkOVQEYXqfP6v w6Ai+dsFJdHX3jhCyjsxXX1/zelvcZE4OwbfQZDC7Tn5HXfgzOcsBy9jA5/GC+YdxxVxNDNnvGkfU iJGdjyMxQ0Zq7xd1burVQ9fpMVu0kNLUSC1JCOOP8TEvpfceWUe1kHZSUtfNznYLgYufcyXhsAUUV fTRYQaaSUeukuFrE5CPw0WWuVJGdc0siOBX4vhzSkGyIj19KeMydLvJQYrNF+TOsY530ui2Lh6OjN dp6oVBdjjZqIxGTvezgWKw==; Received: from [87.69.77.57] (port=2288 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4H5j-0008RD-1y; Thu, 23 Jun 2022 03:17:27 -0400 Date: Thu, 23 Jun 2022 10:17:17 +0300 Message-Id: <831qvfg876.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Stefan Monnier <monnier@HIDDEN> In-Reply-To: <835ykrg93i.fsf@HIDDEN> (message from Eli Zaretskii on Thu, 23 Jun 2022 09:57:53 +0300) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> <835ykrg93i.fsf@HIDDEN> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: gerd.moellmann@HIDDEN, 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Cc: 56108 <at> debbugs.gnu.org > Date: Thu, 23 Jun 2022 09:57:53 +0300 > From: Eli Zaretskii <eliz@HIDDEN> > > > Do you want to do that or should I? > > Feel free to do it, I generally prefer that people who see the problem > and could at least potentially test the solution also make the change > to fix it. Actually, let's first bring Stefan on board of this discussion. Stefan, do you happen to know why some of the callers of compile_pattern don't call freeze_pattern to protect the new cache entry? Is it just an omission or do we miss something here?
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 06:58:10 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 02:58:10 2022 Received: from localhost ([127.0.0.1]:37089 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4Gn4-0004iC-Ia for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 02:58:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60752) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o4Gn2-0004hz-9h for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 02:58:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36012) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4Gmw-0006l7-MB; Thu, 23 Jun 2022 02:58:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=AgoEY9MieVXZY2Hoq2mtY+lm8fGu3XkvAFXPaMNPZtI=; b=VDsUZftExSKpEfKZzath pRHK68fQSJuTMQaFTKso16I0h5Gi3Lyn44l50lCo3AX40NG+x5MO+1GhMf56ZBVMi+1PKZ4JvU9bp oSYFyaaw3WN2vOWkj0QAsn5rgCA/1S+Zx8qjhg9gel3HQgdwVuSw2yD1YMugDyeUAAsnNDZIQjdRt ZzwougzY3kYGs+s9xgAYHV5hxtTk7zGB/zjbIYZBaifKIvlh+nq7mYrGC6xlTisWgiWbaAnGlyO9b ac1mkAq94XfEishxhsKbFyWzCcgqXNPGliqe7ZE/mTaCNcujDhswqcnVxlSHvP7jhdAFQTQ/BhduV ywzZiNL86R+0rg==; Received: from [87.69.77.57] (port=1103 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o4Gmw-0006dj-5R; Thu, 23 Jun 2022 02:58:02 -0400 Date: Thu, 23 Jun 2022 09:57:53 +0300 Message-Id: <835ykrg93i.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Thu, 23 Jun 2022 07:53:29 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Thu, 23 Jun 2022 07:53:29 +0200 > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Cc: 56108 <at> debbugs.gnu.org > > On 22. Jun 2022, 18:20 +0200, Eli Zaretskii <eliz@HIDDEN>, wrote: > > I think the next step is to add the missing freeze_pattern calls and > see if that fixes the problem? > > I think the missing freezes are 100% a bug, and they should be fixed. I agree. > Do you want to do that or should I? Feel free to do it, I generally prefer that people who see the problem and could at least potentially test the solution also make the change to fix it. > Another side question, if I may: Have you perhaps heard of someone producing a static call graph for > Emacs, or better yet, specific functions in Emacs? Maybe using objdump -D or something similar? Does this make sense in a dynamic program such as Emacs? We call into Lisp quite a lot from C, and from there you can arrive anywhere, no? And objdump cannot capture Lisp levels. That is, btw, the main problem with maintaining Emacs internals nowadays: it is hard, almost impossible, to know, just by looking at C code, whether GC or any other Lisp-related activity could happen between two arbitrary lines of C. We have more and more hooks called from C that could potentially call any Lisp, and we have more and more direct calls into Lisp from the most intimate parts of Emacs, like the display engine and the main loop in keyboard.c. This basically makes any analysis of whether or not some code fragment could cause GC futile: even if today it's impossible, it can easily become possible tomorrow, with some innocent-looking change. This is exacerbated by the fact that GCPROs are long gone, so the caution we used to exercised 20 years ago to make sure GC doesn't surprise us is no longer needed nor practiced. But no, I don't think anyone tried to see what kind of graph could be obtained. Maybe it's worthwhile, who knows? we might learn something useful regardless.
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 05:53:48 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jun 23 01:53:48 2022 Received: from localhost ([127.0.0.1]:37029 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4Fmm-00035o-4C for submit <at> debbugs.gnu.org; Thu, 23 Jun 2022 01:53:48 -0400 Received: from mail-ed1-f47.google.com ([209.85.208.47]:38740) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o4Fmh-00035V-78 for 56108 <at> debbugs.gnu.org; Thu, 23 Jun 2022 01:53:46 -0400 Received: by mail-ed1-f47.google.com with SMTP id fd6so24166584edb.5 for <56108 <at> debbugs.gnu.org>; Wed, 22 Jun 2022 22:53:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=uYdnwWP1NIK/aJShRIG1ABqpRfvt8jSARbwBN1c3U/A=; b=l/LTgxC0+3HBXy3CnVKrdWyF5gglnXJYuqFNpb0asEAmcGH1GuD+WTumVKROL65u8e et60Itxa8Yar84Q3ERL62PT+TJy8thFParkEHR+3v2FKXCcGYaJW2nmtm8D636qi4VQX VGPaBVRphLXz1UcNCkayVlfmmw02DDAIJQR2w9GoPAkppJNAe65qOldIKarmzNGSISmv HvSL7MChmTngYMFKm3NNWMdSHdZnhrxAxxZXHdgYBv9p8LUr83x5QmLAps0jG+Urf3Iy wpO9Nsw23QypdeY2kVe5ZAota5SnUHRIn264RpZ4RAENcHw0fE+EBkb61gd5DrMtQY57 n6cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=uYdnwWP1NIK/aJShRIG1ABqpRfvt8jSARbwBN1c3U/A=; b=jsxW6PKqplT1F9u9Pem8y0eiSce4vaM5Ah3ZVbu+K/hXiFZr50HQ/aStOn38lmJx+b NYy9bO2k/ieQpOBvy5B9fY7lc5mGdjqW4y4fMgDR7BCYNUnGXjiflbsHf6dRDMSjZsbe VDEFrRW3kGbi2QAwqsvLNHa4HbdfeTeituwiP16KgSv1W7spNKS06aFTIFnarKTuFHZ9 ABsgkvWSuFM0SCa55VxTNaBSD3iHE4D6aUBV83HP+q4Qp4AvhMeGl8P/LKjbaEduyY0J 5fI9vMm8qn6Pq042HVNUusBWqZMBPxJROVwTCZP3l2HLeNdkx5hwfLnfzcAii7GC3Lhz +6ZA== X-Gm-Message-State: AJIora/guJ+F1Z/7SnaD9A5l46VoaR96egho07ls9vueWMsSyM5C/8xc aOtQqVH1gEGyHPDbJ1qi+AXrB1rv7LKNjZWq X-Google-Smtp-Source: AGRyM1v1/W6fw4BfvisxwoYEhteyYy9iIOaNRYH0VxVWajJj1aqx2zJRa9P3ujvX6Zhz8HN77cm1Gw== X-Received: by 2002:a05:6402:2710:b0:435:bf54:8569 with SMTP id y16-20020a056402271000b00435bf548569mr4719846edd.165.1655963617043; Wed, 22 Jun 2022 22:53:37 -0700 (PDT) Received: from [192.168.178.21] (pd9e367fb.dip0.t-ipconnect.de. [217.227.103.251]) by smtp.gmail.com with ESMTPSA id u9-20020a1709061da900b006fe8c831632sm10232450ejh.73.2022.06.22.22.53.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Jun 2022 22:53:36 -0700 (PDT) Date: Thu, 23 Jun 2022 07:53:29 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Eli Zaretskii <eliz@HIDDEN> Message-ID: <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> In-Reply-To: <83sfnwisbb.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> <83sfnwisbb.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: 3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b3ffdf_334a6f1f_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b3ffdf_334a6f1f_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 22. Jun 2022, 18:20 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote: > > > > I think the next step is to add the missing freeze=5Fpattern calls an= d > > see if that fixes the problem=3F I think the missing freezes are 100% a bug, and they should be fixed. Do you want to do that or should I=3F (BTW, I just now noticed the =22->buf=22 at the end of the =22bufp =3D &c= ompile=5Fpattern (regexp,...)=22 that I complained about.=C2=A0 =C2=A0Tha= t explains it.=C2=A0=C2=A0Nice :-/.) Another side question, if I may: Have you perhaps heard of someone produc= ing a static call graph for Emacs, or better yet, specific functions in E= macs=3F=C2=A0=C2=A0Maybe using objdump -D or something similar=3F --62b3ffdf_334a6f1f_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On 22. Jun 2022, 18:20 +0200, Eli Zaretskii <eli= z=40gnu.org>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> I think the next step is to add the missing freeze=5Fpattern calls and<br= /> see if that fixes the problem=3F</blockquote> </blockquote> <div dir=3D=22auto=22>I think the missing freezes are 100% a bug, and the= y should be fixed.<br /> <br /> Do you want to do that or should I=3F&=23160;<br /> <br /> (BTW, I just now noticed the =22->buf=22 at the end of the =22bufp =3D= &compile=5Fpattern (regexp,...)=22 that I complained about.&=23160; = &=23160;That explains it.&=23160;&=23160;Nice :-/.)<br /> <br /> Another side question, if I may: Have you perhaps heard of someone produc= ing a static call graph for Emacs, or better yet, specific functions in E= macs=3F&=23160;&=23160;Maybe using objdump -D or something similar=3F&=23= 160;</div> </div> </body> </html> --62b3ffdf_334a6f1f_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 22 Jun 2022 16:20:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 22 12:20:09 2022 Received: from localhost ([127.0.0.1]:36446 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o435M-0005fy-Pu for submit <at> debbugs.gnu.org; Wed, 22 Jun 2022 12:20:09 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45932) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o435L-0005fY-Ct for 56108 <at> debbugs.gnu.org; Wed, 22 Jun 2022 12:20:07 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45982) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o435G-00073q-4O; Wed, 22 Jun 2022 12:20:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=g7QIxwlyyI/etQF5HRU0FsDHKHw2umpXlWXuioADZ/s=; b=abF/ZqH0ayhqXOgVvnWL 0G46sSafLnQQu01ZkGhfFcS2V9PKH5tUOHGnAIWL8BsUHf/OcnZLdPeZCHPxCcx400XcKPSzMdqZW HPILqOBpCVf/kA4YEKr2hc1HOHokG28y8pZeivM0ElfH/frMtubuY2MViviG4HF5ZyXwmb3yjHNuw bOLCVbeNj1Yinbt6Ns/N3xjyQd/9Kv2yseLRZUBlzGjrbZ3HvCRCnSgKdx/voWfB7OaL8sjGpbbgP ClIqz7gJ+X/agwNLMAaVUUBXZsao8/9p/F5a6WWtlz13gEawY3EfkhjhOFfAo8IDHVZ+CI6mvTcIR rrBp20BtiMXOCA==; Received: from [87.69.77.57] (port=4688 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o435F-0000vW-JY; Wed, 22 Jun 2022 12:20:01 -0400 Date: Wed, 22 Jun 2022 19:19:52 +0300 Message-Id: <83sfnwisbb.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Wed, 22 Jun 2022 17:11:55 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Wed, 22 Jun 2022 17:11:55 +0200 > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Cc: 56108 <at> debbugs.gnu.org > > Maybe I have something. Could you please check? > > Please read the following list from the bottom up, i.e. re_match... calls maybe_quit etc. > > maybe_gc > Ffuncall > call2 > signal_or_quit (eval.c:1741) > quit (eval.c:1697) > process_quit_flag (eval.c:1657) > probably_quit (eval.c:1864) > maybe_quit (lisp.h:3681) > re_match_2_internal (regexp-emacs.c:4691) > > If this is true a GC can be triggered under very specific circumstances involving edebug, if the comment in > signal_or_quit is right. > > And I might have used edebug, I'm not 100% sure anymore. Sounds plausible. signal-hook-function should be non-nil to trigger the call2 call inside signal_or_quit. In addition to Edebug, Tramp also sets that. So yes, it could happen, with some "luck". I think the next step is to add the missing freeze_pattern calls and see if that fixes the problem?
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 22 Jun 2022 15:12:10 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 22 11:12:10 2022 Received: from localhost ([127.0.0.1]:36320 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o421Z-0003rD-Up for submit <at> debbugs.gnu.org; Wed, 22 Jun 2022 11:12:10 -0400 Received: from mail-ed1-f44.google.com ([209.85.208.44]:41727) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o421X-0003qz-ME for 56108 <at> debbugs.gnu.org; Wed, 22 Jun 2022 11:12:08 -0400 Received: by mail-ed1-f44.google.com with SMTP id cf14so14588949edb.8 for <56108 <at> debbugs.gnu.org>; Wed, 22 Jun 2022 08:12:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=ytnnx/m8F6TKGTDG0FGGVIYkrONYevIuF1L/H6Axg/M=; b=oI8f7LjqjcslsVxvhwiWs9DdGsqapLtsgqzg1ePUJEyTcVNj12IXX4JIZ7Vv2kqc8h RgANXHosaTZXqmkhTvy4uRbFV2vUeZjhdReTA1gUy4kIF+cWVdGdUWpuqoYf1LX8qJDv FjDvec4QQLoLuXncsIyPPB+ybXL9g3A0V73E4NYx248cwMHBQdVXrRHgCeeSNGEw1GaG XOenibbFvE/MdieWT6bAm6PSpPtgRdSdkjcWUn20cRJTQd9IlSiTmx8BEZlqLXntAE5o nOhnDRfIXEhDcawVAvL5eH/9kdfPr2eSvLIU4v5gb+JdbUDAD8b8xcggRtyqS8cx30Nr 7HxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=ytnnx/m8F6TKGTDG0FGGVIYkrONYevIuF1L/H6Axg/M=; b=pwk33viylgYeKqjyGZZUVv8ja/bZxOIYnde4/XvHJmY8qKSnHMTpFuzvt+bP/mojFy 3egs8xgh55NnbUFYHzNO700jZ8K8Y3sGx40NfeZP7AA97s9XNURizn6KzeWvpKYI8XLS Z8UC0qLFjvlZ7CpUSFxy+IOaBLwRZDJRvpQ5aRaCNE6LCjZ39K+ARe9vY4G+60Or84uu HuPJDi1qR9fspJUnCmeAGWubLimSyntvr000g2hZo+pM/CaK8pH0jSRwnaN+evydazYG XIzn2/8AhRsGzf1p7fCBd2Qpco4IY2U6inKmHriNeiQk+3Q0Y9nqui9Oz7eR7YmPH1xD MAJw== X-Gm-Message-State: AJIora9SaBnOhiInQyHRWk5orPi1JPPRGH3H/LkQTEYjtiGwk6usbkGT eAvOBTssfoW6neBiE/mKrMtpX8U3/NIO5YgG X-Google-Smtp-Source: AGRyM1u2fHZGfXQoVhZpJRIATvOAHOIMvp+O/9cQIokKD2P0kh9lp30ktbja3B6zgX/AkpmxhSaD3A== X-Received: by 2002:aa7:c6d9:0:b0:435:706a:4578 with SMTP id b25-20020aa7c6d9000000b00435706a4578mr4708175eds.24.1655910721621; Wed, 22 Jun 2022 08:12:01 -0700 (PDT) Received: from [192.168.178.21] (pd9e3676b.dip0.t-ipconnect.de. [217.227.103.107]) by smtp.gmail.com with ESMTPSA id g8-20020a056402090800b0042dd022787esm15983543edz.6.2022.06.22.08.12.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Jun 2022 08:12:01 -0700 (PDT) Date: Wed, 22 Jun 2022 17:11:55 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Eli Zaretskii <eliz@HIDDEN> Message-ID: <e2818b28-245a-448f-827a-60cc7ceb738f@Spark> In-Reply-To: <831qvgkc8d.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: e2818b28-245a-448f-827a-60cc7ceb738f@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b33140_21faa2fa_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b33140_21faa2fa_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Maybe I have something.=C2=A0=C2=A0Could you please check=3F Please read the following list from the bottom up, i.e. re=5Fmatch... cal= ls maybe=5Fquit etc. maybe=5Fgc =46funcall call2 signal=5For=5Fquit (eval.c:1741) quit (eval.c:1697) process=5Fquit=5Fflag (eval.c:1657) probably=5Fquit (eval.c:1864) maybe=5Fquit (lisp.h:3681) re=5Fmatch=5F2=5Finternal (regexp-emacs.c:4691) If this is true a GC can be triggered under very specific circumstances i= nvolving edebug, if the comment in signal=5For=5Fquit is right. And I might have used edebug, I'm not 100% sure anymore. --62b33140_21faa2fa_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22><br /> <br /> Maybe I have something.&=23160;&=23160;Could you please check=3F<br /> <br /> Please read the following list from the bottom up, i.e. re=5Fmatch... cal= ls maybe=5Fquit etc.<br /> <br /> maybe=5Fgc<br /> =46funcall<br /> call2&=23160;<br /> signal=5For=5Fquit (eval.c:1741)<br /> quit (eval.c:1697)<br /> process=5Fquit=5Fflag (eval.c:1657)<br /> probably=5Fquit (eval.c:1864)<br /> maybe=5Fquit (lisp.h:3681)<br /> re=5Fmatch=5F2=5Finternal (regexp-emacs.c:4691)<br /> <br /> If this is true a GC can be triggered under very specific circumstances i= nvolving edebug, if the comment in signal=5For=5Fquit is right.&=23160;&=23= 160;<br /> <br /> And I might have used edebug, I'm not 100% sure anymore.</div> </div> </body> </html> --62b33140_21faa2fa_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 22 Jun 2022 14:24:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 22 10:24:36 2022 Received: from localhost ([127.0.0.1]:36230 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o41HY-0002cr-5U for submit <at> debbugs.gnu.org; Wed, 22 Jun 2022 10:24:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44766) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o41HV-0002cd-Br for 56108 <at> debbugs.gnu.org; Wed, 22 Jun 2022 10:24:34 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42914) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o41HQ-0004wj-4z; Wed, 22 Jun 2022 10:24:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=vuCsTQKsQ4s74JO79lw9kIrd0Vu+15I/XVXhufiGgFM=; b=grCbKDfq/IU71cIe53ox e1dRMP0wi1gZT2lawSPZZuMpHRXHYq23SDxOMdimpxKrbBa88+OGQoP8sSPaRyANWNm1ubj4EhSrG rlxZ/36w8t0YExI/8UPYU2nKEW83ZUFWMR+umaamTaQCu/zf0gIQSQE5l2C0Kc024V7dOhg6jGcd1 WFSZCaBWgGhzjFSlXTnZwlj+fJlkV/Hnjpdue82hSmQX1xhiGiP7IuGovMCFhoBTTLwepTa7ffKQB bvSuWel8o0p2xIAEa5jpGYWWjt0PNFPCBB/sShEdaPJ9xU+tB1vjvckQNgUC2Dptw0xXS8BMCHMT2 HjwhX9fxyz67fg==; Received: from [87.69.77.57] (port=1490 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o41HP-0004jH-Km; Wed, 22 Jun 2022 10:24:27 -0400 Date: Wed, 22 Jun 2022 17:24:18 +0300 Message-Id: <831qvgkc8d.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Wed, 22 Jun 2022 16:10:23 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Wed, 22 Jun 2022 16:10:23 +0200 > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Cc: 56108 <at> debbugs.gnu.org > > Functions fast_string_match_internal* don't freeze in the sense you explained. What I don't see so far is > what could lead to a GC in these cases, between the compile_pattern and the use of its result... I don't know if something inside re_match_2_internal can call something that would trigger GC. There's too much stuff going on there, what with syntax tables and whatnot. > Did you find other places where there's no freeze? string_match_1, I think.
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 22 Jun 2022 14:10:44 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 22 10:10:44 2022 Received: from localhost ([127.0.0.1]:36194 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o4147-0002HL-UV for submit <at> debbugs.gnu.org; Wed, 22 Jun 2022 10:10:44 -0400 Received: from mail-ed1-f44.google.com ([209.85.208.44]:47078) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o4142-0002H6-OE for 56108 <at> debbugs.gnu.org; Wed, 22 Jun 2022 10:10:42 -0400 Received: by mail-ed1-f44.google.com with SMTP id z7so24066182edm.13 for <56108 <at> debbugs.gnu.org>; Wed, 22 Jun 2022 07:10:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=jZeLY5Zc4fkBqZr8ECOHyxDBwl4Y8PV4kw4i/cDn7kw=; b=XW+QS5SeLrjl6tKfNJhIc++965g5xKG59h/T6LgY+F89BVHyr54LiPlZP21xmkG+y/ L++HWWKJxAs9Qk58CkGdz6aL7gU478BXsyTfa9kV8APRdb/XifINhNla7pICD3CfagVp X/EEJrjhiI8KI3n9mKqmzyOZhIpgHRrt2+gK/8ulBSG9VrlEuejPEBMICEwPJOwqwVXt yhBW+ozsy8QqZBzbmG9o54MGyButGIw4dqt916HoxM3BiaC1XWkPmyFR1K9C4IALmp1i hEF2fw+uGPngv2UKnz27IZYkIhboi6UDBpdeuTmvN/jbzmX/SmAbhQfsnFDVfM4HitUr G9Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=jZeLY5Zc4fkBqZr8ECOHyxDBwl4Y8PV4kw4i/cDn7kw=; b=h7TjPNvQcqv3GMcT00gHV8DkKk7ZP7ILpBsuhK4nGCJjt9hLzK5mK9j5stZyBwNAgy 4vGj+rdbl88CIwCXTUZPgnWCdcfPto7/+J00iyH/9/8Y/vUXyQVrE3l7Jgb508Q0sqlY +ntt5rKckVlkdJqW7+VswYEwWYNE/LKyNjo6INKOsffWe5bSyXo8ZSYZrKFBCzsqTQIN vzoNxKKr6p0gEfzF6tSpQff6X0gP+rdzkccBr9065nmpaywn+eRqjh8Sql19U6U9SpEk g4hGLmA6NBYD4wilnYaIv4tedpKUfIPWbAAC0G/gbzYvreOGu8OHsDAij+O2ALMt8Ya3 jqTA== X-Gm-Message-State: AJIora+QS4MWzj4Uz9uKv4kAFmQ9FbxXULhbOHpId9HKM/mKrypMl+0m nko1jeYmC4fkNBr6zKhthA0= X-Google-Smtp-Source: AGRyM1uJXXs0x4jRSLRiJ0hnsAskY12NSL/bBpxMUFNowN0Lb2kr2n76dOvyxNtTNRmv8vkJRxdiKw== X-Received: by 2002:a05:6402:14c4:b0:435:717a:fd63 with SMTP id f4-20020a05640214c400b00435717afd63mr4460293edx.395.1655907032735; Wed, 22 Jun 2022 07:10:32 -0700 (PDT) Received: from [192.168.178.21] (pd9e3676b.dip0.t-ipconnect.de. [217.227.103.107]) by smtp.gmail.com with ESMTPSA id se14-20020a170906ce4e00b00722e3760558sm2805911ejb.100.2022.06.22.07.10.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Jun 2022 07:10:32 -0700 (PDT) Date: Wed, 22 Jun 2022 16:10:23 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Eli Zaretskii <eliz@HIDDEN> Message-ID: <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> In-Reply-To: <83a6a4kec0.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: 6e56407a-b564-4aa9-b74c-78883727ef09@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b322d8_3f06ecb2_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b322d8_3f06ecb2_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 22. Jun 2022, 15:39 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote: > > Date: Wed, 22 Jun 2022 10:13:08 +0200 > > =46rom: Gerd M=C3=B6llmann <gerd.moellmann=40gmail.com> > > Cc: 56108=40debbugs.gnu.org > > > > On 20. Jun 2022, 21:10 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote: > > > > I don't understand why some callers of compile=5Fpattern mark the cac= he > > entry as busy, but some others don't. If a cache entry that is in use= > > is not marked as busy, then any GC can decide to shrink the cache by > > freeing that entry. > > > > struct re=5Fpattern=5Fbuffer *bufp; > > ... > > bufp =3D &compile=5Fpattern (regexp, > > ... > > > > The address operator is there to confuse the Russians. > > > > Hmm... did you mean by that to explain why some callers of > > compile=5Fpattern don't mark the new cache entry as =22busy=22=3F Bec= ause if > > so, I guess I'm one of the =22confused Russians=22, as I don't unders= tand > > the explanation. Please elaborate. > > Sorry, looking at this again, I'm now also completely confused. I see, all in search.c: static struct regexp=5Fcache * compile=5Fpattern (Lisp=5FObject pattern, struct re=5Fregisters *regp, and then, later struct re=5Fpattern=5Fbuffer *bufp; bufp =3D &compile=5Fpattern How the heck does this compile=3F > > > > Or maybe =5FI=5F should elaborate. By =22marking an entry busy=22 I m= eant the > > call to freeze=5Fpattern, Yes, I've seen that. > > not a call to freeze=5Fbuffer=5Frelocation (the > > latter is mostly a no-op nowadays, as almost all the supported > > platforms don't use ralloc.c). So it isn't the C pointer we keep > > around to compile=5Fpattern's result that bothered me, it's the fact > > that the pattern cache entry created by compile=5Fpattern is not > > protected from being freed by shrink=5Fregexp=5Fcache that is called = by > > GC. A=46AIU, that entry must be protected for the whole time the > > compiled pattern is in use by re=5Fmatch=5F2 or any of its callers. > > > > Does the above make sense=3F Yes, it's the same I see. =46unctions fast=5Fstring=5Fmatch=5Finternal* don't freeze in the sense y= ou explained.=C2=A0=C2=A0What I don't see so far is what could lead to a = GC in these cases, between the compile=5Fpattern and the use of its resul= t... Did you find other places where there's no freeze=3F Can Emacs GC while handling a signal=3F Does Emacs use threads nowadays=3F --62b322d8_3f06ecb2_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On 22. Jun 2022, 15:39 +0200, Eli Zaretskii <eli= z=40gnu.org>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >Date: Wed, 22 Jun 2022 10:13:08 +0200<br /> =46rom: Gerd M=C3=B6llmann <gerd.moellmann=40gmail.com><br /> Cc: 56108=40debbugs.gnu.org<br /> <br /> On 20. Jun 2022, 21:10 +0200, Eli Zaretskii <eliz=40gnu.org>, wrote= :<br /> <br /> I don't understand why some callers of compile=5Fpattern mark the cache<b= r /> entry as busy, but some others don't. If a cache entry that is in use<br = /> is not marked as busy, then any GC can decide to shrink the cache by<br /= > freeing that entry.<br /> <br /> struct re=5Fpattern=5Fbuffer *bufp;<br /> ...<br /> bufp =3D &compile=5Fpattern (regexp,<br /> ...<br /> <br /> The address operator is there to confuse the Russians.<br /> <br /> Hmm... did you mean by that to explain why some callers of<br /> compile=5Fpattern don't mark the new cache entry as =22busy=22=3F Because= if<br /> so, I guess I'm one of the =22confused Russians=22, as I don't understand= <br /> the explanation. Please elaborate.<br /> <br /></blockquote> </blockquote> <div dir=3D=22auto=22>Sorry, looking at this again, I'm now also complete= ly confused.&=23160;&=23160;<br /> <br /> I see, all in search.c:<br /> <br /> <span style=3D=22white-space:pre=22> static struct regexp=5Fcache *</span= ><br /> <span style=3D=22white-space:pre=22> compile=5Fpattern (Lisp=5FObject pat= tern, struct re=5Fregisters *regp,</span><br /> <br /> and then, later<br /> <br /> <span style=3D=22white-space:pre=22> struct re=5Fpattern=5Fbuffer *bufp;<= /span><br /> <span style=3D=22white-space:pre=22> bufp =3D &compile=5Fpattern</spa= n><br /> <br /> How the heck does this compile=3F&=23160;<br /></div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= ><br /> Or maybe =5FI=5F should elaborate. By =22marking an entry busy=22 I meant= the<br /> call to freeze=5Fpattern,&=23160;</blockquote> </blockquote> <div dir=3D=22auto=22>Yes, I've seen that.</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >not a call to freeze=5Fbuffer=5Frelocation (the<br /> latter is mostly a no-op nowadays, as almost all the supported<br /> platforms don't use ralloc.c). So it isn't the C pointer we keep<br /> around to compile=5Fpattern's result that bothered me, it's the fact<br /= > that the pattern cache entry created by compile=5Fpattern is not<br /> protected from being freed by shrink=5Fregexp=5Fcache that is called by<b= r /> GC. A=46AIU, that entry must be protected for the whole time the<br /> compiled pattern is in use by re=5Fmatch=5F2 or any of its callers.<br />= <br /> Does the above make sense=3F</blockquote> </blockquote> <div dir=3D=22auto=22><br /> Yes, it's the same I see.&=23160;&=23160;<br /> <br /> =46unctions fast=5Fstring=5Fmatch=5Finternal* don't freeze in the sense y= ou explained.&=23160;&=23160;What I don't see so far is what could lead t= o a GC in these cases, between the compile=5Fpattern and the use of its r= esult...<br /> <br /> Did you find other places where there's no freeze=3F<br /> Can Emacs GC while handling a signal=3F<br /> Does Emacs use threads nowadays=3F</div> </div> </body> </html> --62b322d8_3f06ecb2_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 22 Jun 2022 13:39:14 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 22 09:39:14 2022 Received: from localhost ([127.0.0.1]:34426 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o40Zd-00010G-PN for submit <at> debbugs.gnu.org; Wed, 22 Jun 2022 09:39:14 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34140) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o40Zc-0000zy-4r for 56108 <at> debbugs.gnu.org; Wed, 22 Jun 2022 09:39:12 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41922) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o40ZW-0005n4-Pa; Wed, 22 Jun 2022 09:39:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=96Z1vFDEqW5oQvAm4tUdYfL483SNmY0dDceZSSL7oeU=; b=ZOVICD3pccZ0JpMQgOcC 0fBZRsnbJb/ujU9Xh3dQvJbzVor6346VgVQm01m3jCYfXHTz7sGda2+kHOfR9GTcM97FgdvSUhcfB rQrNsRPGmrCPUvYiDAx6zogulCoOsh1MYN8+jEl/aJp04/+zrhdK6oTsRuKnn1JmuBMbcTfVQgmkj 3XpidvkwsKpDCeOLrDpuTR1Urj2uyy5OH6iz6jdnh9aHyrzqmrBfM3ADTh047ULZKND0XOiCQOI4Q XFFuASR0S3ye4onXAPgJ0DUR32AlM9ClP03AOkM7IZhknIfK3GQzKlorcS/ZcF84rNZYZcoae+LBe WDugvMW+jaLeAw==; Received: from [87.69.77.57] (port=2606 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o40ZU-0003Uj-Pw; Wed, 22 Jun 2022 09:39:06 -0400 Date: Wed, 22 Jun 2022 16:38:55 +0300 Message-Id: <83a6a4kec0.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Wed, 22 Jun 2022 10:13:08 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Wed, 22 Jun 2022 10:13:08 +0200 > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Cc: 56108 <at> debbugs.gnu.org > > On 20. Jun 2022, 21:10 +0200, Eli Zaretskii <eliz@HIDDEN>, wrote: > > I don't understand why some callers of compile_pattern mark the cache > entry as busy, but some others don't. If a cache entry that is in use > is not marked as busy, then any GC can decide to shrink the cache by > freeing that entry. > > struct re_pattern_buffer *bufp; > ... > bufp = &compile_pattern (regexp, > ... > > The address operator is there to confuse the Russians. Hmm... did you mean by that to explain why some callers of compile_pattern don't mark the new cache entry as "busy"? Because if so, I guess I'm one of the "confused Russians", as I don't understand the explanation. Please elaborate. Or maybe _I_ should elaborate. By "marking an entry busy" I meant the call to freeze_pattern, not a call to freeze_buffer_relocation (the latter is mostly a no-op nowadays, as almost all the supported platforms don't use ralloc.c). So it isn't the C pointer we keep around to compile_pattern's result that bothered me, it's the fact that the pattern cache entry created by compile_pattern is not protected from being freed by shrink_regexp_cache that is called by GC. AFAIU, that entry must be protected for the whole time the compiled pattern is in use by re_match_2 or any of its callers. Does the above make sense?
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 22 Jun 2022 08:13:25 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 22 04:13:25 2022 Received: from localhost ([127.0.0.1]:33915 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o3vUL-0000WI-Eq for submit <at> debbugs.gnu.org; Wed, 22 Jun 2022 04:13:25 -0400 Received: from mail-ej1-f45.google.com ([209.85.218.45]:33713) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <gerd.moellmann@HIDDEN>) id 1o3vUH-0000W3-7u for 56108 <at> debbugs.gnu.org; Wed, 22 Jun 2022 04:13:24 -0400 Received: by mail-ej1-f45.google.com with SMTP id mf9so12176943ejb.0 for <56108 <at> debbugs.gnu.org>; Wed, 22 Jun 2022 01:13:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=NbDfP7+0ZkMmD4Bj400MLCbyIO9yL2gFdt3r/kwt2CQ=; b=FGcndnDFXGgQMc2yZBvnqYV6TORaxUXpq1ZLn8xkGv5En503mhnbJNNyoWwLjlOrl4 H9V0Rpc6QN9a8L08WiavLVOlteqTJ0G1R+UdcVpf4d7k+ZBmQmrOUuRVUT864bnPkx8W qKcaWYdgsxOuVCub9HniIfwbE6hNqkXIEuSQKk97pmhGMOdyV6DoA+ft5X5zwyDqJZhH GM66jgCo0iSdWgXOz9wCuTFDtVt7//8u9/nDzCPVHPdH5ZHIFxuoGsGDsKDU4y4pxmAX fhpUd4v451FppCIQWCB7Iu38Cx5gg6W7aNTZJzNChgjwdASfjTqnqR/h5bkGErbxbMaG qWeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=NbDfP7+0ZkMmD4Bj400MLCbyIO9yL2gFdt3r/kwt2CQ=; b=gFNkQWMCcLcDLdYgPib0KJOxaSbiktzbIxT78ilGTgXsv+/zCDLmK6bvbzDiIuZRQ+ 2wGbUKeV21EuGHE++66Hxh54L0z+YC0w8Fj9Y2jo0reG7VZrkTUdqYFET7ybJPuysjzG DhufLTfg15kKhjBgwj8ZP5iHSVn2BpIAcPyQnWs73iIRZbX4pyM3AjlzgcP6v5Aj5cs0 95Z0lFVL91T0ym11Kjutki2gAWrGzyPyck8OK7nxmMTM+JcTkOOHi6TiukS3yo2wfwIa O/HrvQDB3MSjrejPnMthU3KAFhS0FMMPS6OQEzRGQbDGPMWHaCwdCBKIPjkjqcf/ieYZ bFGg== X-Gm-Message-State: AJIora9EO0/EjdFT9stajY8s/dAIOiKZG347kWG5AKbPUjLp1gO/QEU9 Ms9M/ati4c0ZvmM37gHqXb3rZ/h30lHiVg== X-Google-Smtp-Source: AGRyM1vNgOssff2KHkA1+Yne+O++oprSVIin0uzCEvaXCjDdy1KRTjlMipkx7vTYgKn/6PRGuQTNOg== X-Received: by 2002:a17:907:629a:b0:6ff:8cd8:2192 with SMTP id nd26-20020a170907629a00b006ff8cd82192mr1945452ejc.30.1655885595149; Wed, 22 Jun 2022 01:13:15 -0700 (PDT) Received: from [192.168.178.21] (pd9e3676b.dip0.t-ipconnect.de. [217.227.103.107]) by smtp.gmail.com with ESMTPSA id ky22-20020a170907779600b00705cd37fd5asm8808650ejc.72.2022.06.22.01.13.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Jun 2022 01:13:14 -0700 (PDT) Date: Wed, 22 Jun 2022 10:13:08 +0200 From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN> To: Eli Zaretskii <eliz@HIDDEN> Message-ID: <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> In-Reply-To: <83mte7kv7c.fsf@HIDDEN> References: <m235fz5sxw.fsf@HIDDEN> <83mte7kv7c.fsf@HIDDEN> Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal X-Readdle-Message-ID: 32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="62b2cf1a_98a3148_588f" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --62b2cf1a_98a3148_588f Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline On 20. Jun 2022, 21:10 +0200, Eli Zaretskii <eliz@HIDDEN>, wrote: > > I don't understand why some callers of compile_pattern mark the cache > > entry as busy, but some others don't. If a cache entry that is in use > > is not marked as busy, then any GC can decide to shrink the cache by > > freeing that entry. struct re_pattern_buffer *bufp; ... bufp = &compile_pattern (regexp, ... The address operator is there to confuse the Russians. --62b2cf1a_98a3148_588f Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On 20. Jun 2022, 21:10 +0200, Eli Zaretskii <eli= z=40gnu.org>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= > <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >I don't understand why some callers of compile=5Fpattern mark the cache<= br /> entry as busy, but some others don't. If a cache entry that is in use<br = /> is not marked as busy, then any GC can decide to shrink the cache by<br /= > freeing that entry.</blockquote> </blockquote> <div dir=3D=22auto=22><span style=3D=22white-space:pre=22> struct re=5Fpa= ttern=5Fbuffer *bufp;</span><br /> <span style=3D=22white-space:pre=22> ...</span><br /> <span style=3D=22white-space:pre=22> bufp =3D &compile=5Fpattern (reg= exp,</span><br /> <span style=3D=22white-space:pre=22> ...</span><br /> <br /> The address operator is there to confuse the Russians.</div> </div> </body> </html> --62b2cf1a_98a3148_588f--
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.Received: (at 56108) by debbugs.gnu.org; 20 Jun 2022 19:10:26 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 20 15:10:26 2022 Received: from localhost ([127.0.0.1]:58447 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1o3Mn3-0003th-Rt for submit <at> debbugs.gnu.org; Mon, 20 Jun 2022 15:10:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44980) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1o3Mn0-0003tT-PV for 56108 <at> debbugs.gnu.org; Mon, 20 Jun 2022 15:10:24 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57580) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o3Mmv-0005Of-Cq; Mon, 20 Jun 2022 15:10:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=brSJ2qjjJHi9lvKuaRlySZPhF7NuPCCPnYUkhm++3Yc=; b=FbPoVR5fsS8mjbVjHAJO Sa5GZZlcGHnDu4hUCrNf+URqQRfTvOs8ACPrm5tGjRmzQTGST/x0USQBd8roPZ5OC1jXAl8On329t +DouhLXaudHCVtwv6llgPahqOdywV1d5JVFe+VMAbYYa9JaCGn7UBqGVsDOVj/ipWmH3QI8WnYPCq 1+ZBnCOV79YmVivuuyN0NAJcFDWcRwgcfYJBf9hPKX6Rd12XQuaI/zO4OampriCs0OJg3zqn2z7bd FbTlrn1izlYh2qT58KVxFa4KUuF1R6Z7Ub9bgzmWABWcRHgIgIQH4X/5v+WWwkcijSF6K4e9NeNKz +5gaM8BiXaN96A==; Received: from [87.69.77.57] (port=1665 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1o3Mmq-0006x0-RI; Mon, 20 Jun 2022 15:10:16 -0400 Date: Mon, 20 Jun 2022 22:09:59 +0300 Message-Id: <83mte7kv7c.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Gerd =?utf-8?Q?M=C3=B6llmann?= <gerd.moellmann@HIDDEN> In-Reply-To: <m235fz5sxw.fsf@HIDDEN> (message from Gerd =?utf-8?Q?M=C3=B6llmann?= on Mon, 20 Jun 2022 16:07:55 +0200) Subject: Re: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal References: <m235fz5sxw.fsf@HIDDEN> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56108 Cc: 56108 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > From: Gerd Möllmann <gerd.moellmann@HIDDEN> > Date: Mon, 20 Jun 2022 16:07:55 +0200 > > FWIW, here is another non-reproducible crash with ASAN. > > In short, shrink_regexp_cache realloc'd something leading to a malloc + > free, and something is still holding a pointer the old memory. Or so it > looks to me. I don't understand why some callers of compile_pattern mark the cache entry as busy, but some others don't. If a cache entry that is in use is not marked as busy, then any GC can decide to shrink the cache by freeing that entry.
bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.
Received: (at submit) by debbugs.gnu.org; 20 Jun 2022 14:09:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 20 10:09:03 2022
Received: from localhost ([127.0.0.1]:58089 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1o3I5P-0004Wo-Br
for submit <at> debbugs.gnu.org; Mon, 20 Jun 2022 10:09:03 -0400
Received: from lists.gnu.org ([209.51.188.17]:33048)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <gerd.moellmann@HIDDEN>) id 1o3I5L-0004WO-V3
for submit <at> debbugs.gnu.org; Mon, 20 Jun 2022 10:09:02 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43218)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <gerd.moellmann@HIDDEN>)
id 1o3I5L-00050u-PM
for bug-gnu-emacs@HIDDEN; Mon, 20 Jun 2022 10:08:59 -0400
Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]:42975)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <gerd.moellmann@HIDDEN>)
id 1o3I5K-0007Fp-0k
for bug-gnu-emacs@HIDDEN; Mon, 20 Jun 2022 10:08:59 -0400
Received: by mail-ej1-x629.google.com with SMTP id g25so21339080ejh.9
for <bug-gnu-emacs@HIDDEN>; Mon, 20 Jun 2022 07:08:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=from:to:subject:date:message-id:mime-version;
bh=3jr9eQgGBlsgrSd+eUqa43yXP8ZBlnwbDwBnCJZBFo8=;
b=i8Blp/NK0AzqxNcbEE9VOF7UoSDLw89IX5OIkCCaPOM7SpzmLiPkTgEZLYHL6b0RV9
w66uOt/XHOzm8ZuH6rtw7Jc+2c77nIz2EVVE5l6g1NgKFV9NT49ZHKLS9+jr/852ne+i
vwl5yIotmrDvtkYJN0cZL3FzjJODOtj1x63skbHYTnjzTqdy3j3KFRzC7lEfF2Z13G9R
G8eciw0X4YU8sewzX9znKxdCzyvGh+/GTMYoPbKedHLCN7FTrGOWzXK3g/zmrXc9Y9/P
MhJN/F2fzQgFeebaS1U1wAacKKblmjF1CW1XpncDY/nhZuPkzwMwvSdZVOniVlzE04NG
X+2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
bh=3jr9eQgGBlsgrSd+eUqa43yXP8ZBlnwbDwBnCJZBFo8=;
b=qwWeMswjAElQVogHVII7R2m3W68xOg4LtJ6Mwr0CZAA1OyEZOsI90E15GK3D1mK6QE
mtvEPP10mk+JZApwSmtEKty5CYftiz9C2Kv85bImDWsjwCbCuMqaasS/7hAnBapVBDIG
y3YwayvTRT8ljCGvjoI1shlkZyfetgibklz4fP3puBOdUH3Inlf0YlK56qwkrUcMzgd4
IhgAwUezbgYwbUn/jwLmjH7N+j4BhhED36VdsqJNWYKaJfBXZVoUK1PXo1L+4y8azSSE
pujs/yIgG4zMa2SPNjiVr44x3YQB1IAS2kOUlPvWOiAsnh1iPL/vWDUa6Nrn0SQPMmRM
/A+g==
X-Gm-Message-State: AJIora/n03iDLjbAeKyBfkBH+oQmlejtJy4h1CNN7CdwcmNmDEkAPmCE
VqxDiZ6G+7cJ/P0pl5dVUDk4kuveI5yYBw==
X-Google-Smtp-Source: AGRyM1vcXUkJmzzZYC+EK0W5nVIXXEJNuf+QpUZfx2QFutqiDMY/UC1UFVAwCF8pWiqkBVZ3YiyJaA==
X-Received: by 2002:a17:907:1c0b:b0:711:cc52:2920 with SMTP id
nc11-20020a1709071c0b00b00711cc522920mr21903387ejc.301.1655734135871;
Mon, 20 Jun 2022 07:08:55 -0700 (PDT)
Received: from Mini.fritz.box (pd9e3670e.dip0.t-ipconnect.de. [217.227.103.14])
by smtp.gmail.com with ESMTPSA id
o15-20020a170906768f00b00722dc6c2e2dsm255943ejm.67.2022.06.20.07.08.53
for <bug-gnu-emacs@HIDDEN>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 20 Jun 2022 07:08:55 -0700 (PDT)
From: =?utf-8?Q?Gerd_M=C3=B6llmann?= <gerd.moellmann@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Mon, 20 Jun 2022 16:07:55 +0200
Message-ID: <m235fz5sxw.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=2a00:1450:4864:20::629;
envelope-from=gerd.moellmann@HIDDEN; helo=mail-ej1-x629.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
FWIW, here is another non-reproducible crash with ASAN.
In short, shrink_regexp_cache realloc'd something leading to a malloc +
free, and something is still holding a pointer the old memory. Or so it
looks to me.
=22069==ERROR: AddressSanitizer: heap-use-after-free on address 0x000105b493a5 at pc 0x00010057549c bp 0x00016fde0b90 sp 0x00016fde0b88
READ of size 1 at 0x000105b493a5 thread T0
#0 0x100575498 in re_match_2_internal regex-emacs.c:5021
#1 0x100568c38 in rpl_re_search_2 regex-emacs.c:3382
#2 0x1005678c4 in rpl_re_search regex-emacs.c:3176
#3 0x10054cc68 in fast_string_match_internal search.c:489
#4 0x1004f20b0 in fast_string_match lisp.h:4747
#5 0x1004f1b28 in Ffind_file_name_handler fileio.c:324
#6 0x1004f82d4 in Fexpand_file_name fileio.c:1018
#7 0x1006ddc50 in openp lread.c:1849
#8 0x1006dae98 in Fload lread.c:1312
#9 0x1006e3c64 in save_match_data_load lread.c:1641
#10 0x1006408d0 in load_with_autoload_queue eval.c:2245
#11 0x100677534 in Frequire fns.c:3146
0x000105b493a5 is located 293 bytes inside of 558-byte region [0x000105b49280,0x000105b494ae)
freed by thread T0 here:
#0 0x1031c7ddc in wrap_realloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fddc)
#1 0x100598388 in lrealloc alloc.c:1376
#2 0x1005982c4 in xrealloc alloc.c:790
#3 0x10054a490 in shrink_regexp_cache search.c:150
#4 0x1005aaeb0 in garbage_collect alloc.c:6172
#5 0x1005aa6cc in maybe_garbage_collect alloc.c:6088
#6 0x1006416c0 in maybe_gc lisp.h:5548
#7 0x10063a99c in Ffuncall eval.c:2948
#8 0x10064a144 in funcall_nil eval.c:2635
#9 0x10064a0b4 in run_hook_with_args eval.c:2812
#10 0x100649b84 in Frun_hook_with_args eval.c:2677
#11 0x100649ad0 in run_hook eval.c:2825
#12 0x1004da650 in signal_before_change insdel.c:2155
#13 0x1004d9c40 in prepare_to_modify_buffer_1 insdel.c:2009
#14 0x1004c810c in prepare_to_modify_buffer insdel.c:2020
#15 0x1005081ec in Finsert_file_contents fileio.c:4601
#16 0x10064b758 in funcall_subr eval.c:2999
#17 0x10072fa40 in exec_byte_code bytecode.c:809
#18 0x10065361c in fetch_and_exec_byte_code eval.c:3040
#19 0x10064c344 in funcall_lambda eval.c:3112
#20 0x10064ac18 in funcall_general eval.c:2903
#21 0x10063aa70 in Ffuncall eval.c:2953
#22 0x100643c0c in Fapply eval.c:2577
#23 0x10064bde0 in funcall_subr eval.c:3018
#24 0x10072fa40 in exec_byte_code bytecode.c:809
#25 0x10065361c in fetch_and_exec_byte_code eval.c:3040
#26 0x10064c344 in funcall_lambda eval.c:3112
#27 0x1006437c0 in apply_lambda eval.c:3062
#28 0x100633734 in eval_sub eval.c:2503
#29 0x100640ef8 in Feval eval.c:2314
previously allocated by thread T0 here:
#0 0x1031c7ddc in wrap_realloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fddc)
#1 0x100598388 in lrealloc alloc.c:1376
#2 0x1005982c4 in xrealloc alloc.c:790
#3 0x10054a490 in shrink_regexp_cache search.c:150
Gerd Möllmann <gerd.moellmann@HIDDEN>:bug-gnu-emacs@HIDDEN.
Full text available.bug-gnu-emacs@HIDDEN:bug#56108; Package emacs.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.