bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal

From: Eli Zaretskii
Subject: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Wed, 22 Jun 2022 19:19:52 +0300 
> Date: Wed, 22 Jun 2022 17:11:55 +0200
> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Cc: 56108@debbugs.gnu.org
> 
> Maybe I have something.  Could you please check?
> 
> Please read the following list from the bottom up, i.e. re_match... calls 
> maybe_quit etc.
> 
> maybe_gc
> Ffuncall
> call2 
> signal_or_quit (eval.c:1741)
> quit (eval.c:1697)
> process_quit_flag (eval.c:1657)
> probably_quit (eval.c:1864)
> maybe_quit (lisp.h:3681)
> re_match_2_internal (regexp-emacs.c:4691)
> 
> If this is true a GC can be triggered under very specific circumstances 
> involving edebug, if the comment in
> signal_or_quit is right.  
> 
> And I might have used edebug, I'm not 100% sure anymore.

Sounds plausible.  signal-hook-function should be non-nil to trigger
the call2 call inside signal_or_quit.  In addition to Edebug, Tramp
also sets that.

So yes, it could happen, with some "luck".

I think the next step is to add the missing freeze_pattern calls and
see if that fixes the problem?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]