[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22310: Segmentation fault in regular expression matcher
From: |
Ben Gamari |
Subject: |
bug#22310: Segmentation fault in regular expression matcher |
Date: |
Tue, 05 Jan 2016 13:15:54 +0100 |
User-agent: |
Notmuch/0.21+24~gbceb651 (http://notmuchmail.org) Emacs/25.1.50.1 (x86_64-pc-linux-gnu) |
While editing a Markdown document with markdown-mode and revision
138480a97bfc1104143b5fc10dfc962b95b78ae8 I encountered this segmentation
fault,
Program received signal SIGSEGV, Segmentation fault.
0x0000000000538ae8 in re_match_2_internal (bufp=bufp@entry=0xb8f398
<searchbufs+2552>,
string1=string1@entry=0x53b1200 "---\ntitle: Understanding GHC Core\ndate:
2015-11-29\ntags: ghc,core,work-in-progress\ndescription: Everything you really
need to know to understand GHC's Core\n---\n**This document is a
work-in-progress.**"..., size1=size1@entry=1782,
string2=string2@entry=0x53b20d1 "\n\n`cast`\n\n`Sym`\n\n`Sub`\n\n`<ty>_R`
is a type parameter with representational role. Roughly speaking this\nmeans
that given a type constructor `T` and types `A` and `B`, `T <A>_R` and
`T\n<B>_R` are repres"..., size2=size2@entry=9296, pos=pos@entry=4281,
regs=0xb8e970 <search_regs>, stop=11078) at regex.c:5556
5556 PUSH_FAILURE_REG (*p);
(gdb) bt
#0 0x0000000000538ae8 in re_match_2_internal (bufp=bufp@entry=0xb8f398
<searchbufs+2552>,
string1=string1@entry=0x53b1200 "---\ntitle: Understanding GHC Core\ndate:
2015-11-29\ntags: ghc,core,work-in-progress\ndescription: Everything you really
need to know to understand GHC's Core\n---\n**This document is a
work-in-progress.**"..., size1=size1@entry=1782,
string2=string2@entry=0x53b20d1 "\n\n`cast`\n\n`Sym`\n\n`Sub`\n\n`<ty>_R`
is a type parameter with representational role. Roughly speaking this\nmeans
that given a type constructor `T` and types `A` and `B`, `T <A>_R` and
`T\n<B>_R` are repres"..., size2=size2@entry=9296, pos=pos@entry=4281,
regs=0xb8e970 <search_regs>, stop=11078) at regex.c:5556
#1 0x000000000053dd18 in re_search_2 (bufp=bufp@entry=0xb8f398
<searchbufs+2552>,
str1=str1@entry=0x53b1200 "---\ntitle: Understanding GHC Core\ndate:
2015-11-29\ntags: ghc,core,work-in-progress\ndescription: Everything you really
need to know to understand GHC's Core\n---\n**This document is a
work-in-progress.**"..., size1=size1@entry=1782,
str2=str2@entry=0x53b20d1 "\n\n`cast`\n\n`Sym`\n\n`Sub`\n\n`<ty>_R` is a
type parameter with representational role. Roughly speaking this\nmeans that
given a type constructor `T` and types `A` and `B`, `T <A>_R` and `T\n<B>_R`
are repres"..., size2=size2@entry=9296, startpos=4281, startpos@entry=2198,
range=6797, regs=0xb8e970 <search_regs>, stop=11078) at regex.c:4446
#2 0x00000000005337c2 in search_buffer (string=string@entry=131546964,
pos=<optimized out>, pos_byte=<optimized out>, lim=lim@entry=11051,
lim_byte=lim_byte@entry=11079, n=1, RE=1, trt=0, inverse_trt=0, posix=false) at
search.c:1265
#3 0x000000000053412c in search_command (string=131546964, bound=<optimized
out>, noerror=44256, count=<optimized out>, direction=direction@entry=1,
RE=RE@entry=1, posix=false) at search.c:1058
#4 0x0000000000534317 in Fre_search_forward (regexp=<optimized out>,
bound=<optimized out>, noerror=<optimized out>, count=<optimized out>) at
search.c:2243
#5 0x00000000005618bb in Ffuncall (nargs=4, args=args@entry=0x7fffffffba10) at
eval.c:2661
#6 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=77647541, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=6, args=<optimized out>, args@entry=0x3cfea84) at
bytecode.c:880
#7 0x0000000000561434 in funcall_lambda (fun=140737488338080,
nargs=nargs@entry=6, arg_vector=0x3cfea84, arg_vector@entry=0x7fffffffbbf8) at
eval.c:2810
#8 0x00000000005616eb in Ffuncall (nargs=7, args=args@entry=0x7fffffffbbf0) at
eval.c:2711
#9 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=77647797, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=3, args=<optimized out>, args@entry=0x4433454) at
bytecode.c:880
#10 0x0000000000561434 in funcall_lambda (fun=140737488338528,
nargs=nargs@entry=3, arg_vector=0x4433454, arg_vector@entry=0x7fffffffbdd8) at
eval.c:2810
#11 0x00000000005616eb in Ffuncall (nargs=4, args=args@entry=0x7fffffffbdd0) at
eval.c:2711
#12 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=72559893, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=2, args=<optimized out>, args@entry=0x44337f4) at
bytecode.c:880
#13 0x0000000000561434 in funcall_lambda (fun=140737488339296,
nargs=nargs@entry=2, arg_vector=0x44337f4, arg_vector@entry=0x7fffffffbf78) at
eval.c:2810
#14 0x00000000005616eb in Ffuncall (nargs=nargs@entry=3, args=0x7fffffffbf70)
at eval.c:2711
#15 0x0000000000562ab0 in Fapply (nargs=<optimized out>, args=0x7fffffffc0d8)
at eval.c:2278
#16 0x00000000005617f1 in Ffuncall (nargs=3, args=args@entry=0x7fffffffc0d0) at
eval.c:2630
#17 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62636509, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=2, args=<optimized out>, args@entry=0x3bc24f4) at
bytecode.c:880
#18 0x0000000000561434 in funcall_lambda (fun=140737488339840,
nargs=nargs@entry=2, arg_vector=0x3bc24f4, arg_vector@entry=0x7fffffffc288) at
eval.c:2810
#19 0x00000000005616eb in Ffuncall (nargs=3, args=args@entry=0x7fffffffc280) at
eval.c:2711
#20 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62667277, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=1, args=<optimized out>, args@entry=0x3bcc884) at
bytecode.c:880
#21 0x0000000000561434 in funcall_lambda (fun=140737488340336,
nargs=nargs@entry=1, arg_vector=0x3bcc884, arg_vector@entry=0x7fffffffc4c0) at
eval.c:2810
#22 0x00000000005616eb in Ffuncall (nargs=2, args=args@entry=0x7fffffffc4b8) at
eval.c:2711
#23 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62667053, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=1, args=<optimized out>, args@entry=0x3bcc634) at
bytecode.c:880
#24 0x0000000000561434 in funcall_lambda (fun=140737488340768,
nargs=nargs@entry=1, arg_vector=0x3bcc634, arg_vector@entry=0x7fffffffc6b0) at
eval.c:2810
#25 0x00000000005616eb in Ffuncall (nargs=2, args=args@entry=0x7fffffffc6a8) at
eval.c:2711
#26 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62721789, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=0, args=<optimized out>, args@entry=0x3bd2254) at
bytecode.c:880
#27 0x0000000000561434 in funcall_lambda (fun=140737488341168,
nargs=nargs@entry=0, arg_vector=0x3bd2254, arg_vector@entry=0x7fffffffc840) at
eval.c:2810
#28 0x00000000005616eb in Ffuncall (nargs=1, args=args@entry=0x7fffffffc838) at
eval.c:2711
#29 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62722053, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=0, args=<optimized out>, args@entry=0x3bd2aa4) at
bytecode.c:880
#30 0x0000000000561434 in funcall_lambda (fun=140737488341584,
nargs=nargs@entry=0, arg_vector=0x3bd2aa4, arg_vector@entry=0x7fffffffc9d0) at
eval.c:2810
#31 0x00000000005616eb in Ffuncall (nargs=1, args=args@entry=0x7fffffffc9c8) at
eval.c:2711
#32 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62668853, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=0, args=<optimized out>, args@entry=0x3bd0044) at
bytecode.c:880
#33 0x0000000000561434 in funcall_lambda (fun=140737488342016,
nargs=nargs@entry=0, arg_vector=0x3bd0044, arg_vector@entry=0x7fffffffcb90) at
eval.c:2810
#34 0x00000000005616eb in Ffuncall (nargs=1, args=args@entry=0x7fffffffcb88) at
eval.c:2711
#35 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=62668741, maxdepth=<optimized out>, args_template=<optimized out>,
nargs=nargs@entry=4, args=<optimized out>, args@entry=0x3bcfe54) at
bytecode.c:880
#36 0x0000000000561434 in funcall_lambda (fun=140737488342800,
nargs=nargs@entry=4, arg_vector=0x3bcfe54, arg_vector@entry=0x7fffffffcd18) at
eval.c:2810
#37 0x00000000005616eb in Ffuncall (nargs=nargs@entry=5, args=0x7fffffffcd10)
at eval.c:2711
#38 0x0000000000562ab0 in Fapply (nargs=<optimized out>, args=0x7fffffffce80)
at eval.c:2278
#39 0x00000000005617f1 in Ffuncall (nargs=3, args=args@entry=0x7fffffffce78) at
eval.c:2630
#40 0x00000000005960f3 in exec_byte_code (bytestr=<optimized out>,
vector=10135853, maxdepth=<optimized out>, args_template=args_template@entry=0,
nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:880
#41 0x000000000056130f in funcall_lambda (fun=10135773, nargs=nargs@entry=1,
arg_vector=arg_vector@entry=0x7fffffffd098) at eval.c:2876
#42 0x00000000005616eb in Ffuncall (nargs=nargs@entry=2,
args=args@entry=0x7fffffffd090) at eval.c:2711
#43 0x00000000005619ea in call1 (fn=fn@entry=45072, arg1=arg1@entry=131352045)
at eval.c:2509
#44 0x00000000004f3e98 in timer_check_2 (idle_timers=<optimized out>,
timers=<optimized out>) at keyboard.c:4400
#45 timer_check () at keyboard.c:4462
#46 0x00000000004f4279 in readable_events (flags=flags@entry=1) at
keyboard.c:3304
#47 0x00000000004f5a48 in get_input_pending (flags=flags@entry=1) at
keyboard.c:6690
#48 0x00000000004f8198 in detect_input_pending_run_timers
(do_display=do_display@entry=true) at keyboard.c:9821
#49 0x00000000005a15c8 in wait_reading_process_output
(time_limit=time_limit@entry=30, nsecs=nsecs@entry=0,
read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true,
wait_for_cell=wait_for_cell@entry=0, wait_proc=wait_proc@entry=0x0,
just_wait_proc=0) at process.c:4963
#50 0x0000000000422da2 in sit_for (timeout=<optimized out>,
reading=reading@entry=true, display_option=display_option@entry=1) at
dispnew.c:5751
#51 0x00000000004fa96e in read_char (commandflag=commandflag@entry=1,
map=map@entry=131412451, prev_event=0,
used_mouse_menu=used_mouse_menu@entry=0x7fffffffdd2b,
end_time=end_time@entry=0x0) at keyboard.c:2694
#52 0x00000000004fb2c4 in read_key_sequence
(keybuf=keybuf@entry=0x7fffffffde00, prompt=prompt@entry=0,
dont_downcase_last=dont_downcase_last@entry=false,
can_return_switch_frame=can_return_switch_frame@entry=true,
fix_current_buffer=fix_current_buffer@entry=true,
prevent_redisplay=prevent_redisplay@entry=false,
bufsize=30) at keyboard.c:9022
#53 0x00000000004fce2e in command_loop_1 () at keyboard.c:1343
#54 0x000000000055fe97 in internal_condition_case (bfun=bfun@entry=0x4fcc20
<command_loop_1>, handlers=handlers@entry=18912, hfun=hfun@entry=0x4f3550
<cmd_error>) at eval.c:1309
#55 0x00000000004eea8c in command_loop_2 (ignore=ignore@entry=0) at
keyboard.c:1086
#56 0x000000000055fd8b in internal_catch (tag=tag@entry=45648,
func=func@entry=0x4eea70 <command_loop_2>, arg=arg@entry=0) at eval.c:1073
#57 0x00000000004eea49 in command_loop () at keyboard.c:1065
#58 0x00000000004f313b in recursive_edit_1 () at keyboard.c:671
#59 0x00000000004f3488 in Frecursive_edit () at keyboard.c:742
#60 0x0000000000418dce in main (argc=1, argv=0x7fffffffe198) at emacs.c:1652
(gdb) print regs[0]
$3 = {num_regs = 30, start = 0xfdf650, end = 0xfdf750}
Unfortunately this is about all I was able to scrape out of the
procedure's local state, knowing little about the internals of the
matcher.
signature.asc
Description: PGP signature
- bug#22310: Segmentation fault in regular expression matcher,
Ben Gamari <=