From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Sat, 24 Sep 2022 18:24:07 +0300
Message-ID: <831qs0okx4.fsf@gnu.org>
References: <m2zgeoc2d8.fsf@Mini.fritz.box> <m2czbkq2kv.fsf@Mini.fritz.box>
 <835yhcom6g.fsf@gnu.org> <m25yhcq083.fsf@Mini.fritz.box>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="9576"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 58042@debbugs.gnu.org
To: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Sep 24 17:25:12 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1oc71j-0002MB-2A
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 24 Sep 2022 17:25:11 +0200
Original-Received: from localhost ([::1]:59588 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1oc71i-0007cn-4I
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 24 Sep 2022 11:25:10 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42766)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oc71a-0007cf-QE
 for bug-gnu-emacs@gnu.org; Sat, 24 Sep 2022 11:25:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:45904)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oc71a-0001Yl-Hc
 for bug-gnu-emacs@gnu.org; Sat, 24 Sep 2022 11:25:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oc71a-00081Z-6g
 for bug-gnu-emacs@gnu.org; Sat, 24 Sep 2022 11:25:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 24 Sep 2022 15:25:02 +0000
Resent-Message-ID: <handler.58042.B58042.166403307230803@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 58042
X-GNU-PR-Package: emacs
Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.166403307230803
 (code B ref 58042); Sat, 24 Sep 2022 15:25:02 +0000
Original-Received: (at 58042) by debbugs.gnu.org; 24 Sep 2022 15:24:32 +0000
Original-Received: from localhost ([127.0.0.1]:44982 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1oc716-00080l-6U
 for submit@debbugs.gnu.org; Sat, 24 Sep 2022 11:24:32 -0400
Original-Received: from eggs.gnu.org ([209.51.188.92]:47796)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1oc710-00080V-Q8
 for 58042@debbugs.gnu.org; Sat, 24 Sep 2022 11:24:30 -0400
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:42864)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1oc70v-0001U6-Je; Sat, 24 Sep 2022 11:24:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=Pr+rJBye9anl0OGCfY4CIV0qdLI//gFpgsWxmIakZAE=; b=jo/C+IEp13oK8Mau9cub
 JNutXtTUJASFXuA9Pn6ydZQq+vBwcEbiBhtiAvKl88Dijyju87nPgmUTVQY4qz6rxdiGPOaKkJN5m
 0tone5qlFbzQyP2lDXliEpWrdKUwQJWEktgwqGJBYHEEPcZXd23Pbh6l2JXUX1+rATg5setnzKdZG
 rFkNYA+8kUG2vLirDvxSFh8WVND5VS17L30Z5aQCaosoznrLW3sYnF+lW2+xIneXPn0/Y6Pp+Exmf
 83nFacgzcMM6XIo61FmkL4ktavfEYojcDpqT2/52QAlQU68pJWYRZIbOD8VCDbpbXiNqC5wApCRB6
 CbaOkumJdC6UvA==;
Original-Received: from [87.69.77.57] (port=4846 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1oc70u-00039d-Rb; Sat, 24 Sep 2022 11:24:21 -0400
In-Reply-To: <m25yhcq083.fsf@Mini.fritz.box> (message from Gerd
 =?UTF-8?Q?M=C3=B6llmann?= on Sat, 24 Sep 2022 17:08:12 +0200)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:243546
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/243546>

> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Cc: 58042@debbugs.gnu.org
> Date: Sat, 24 Sep 2022 17:08:12 +0200
> 
> But in general, I think the small string compaction could be a serious
> problem here, as soon as a GC happens while the regexp machine holds
> pointers.

What is the path from regexp match to GC?  The GC was triggered by
redisplay, but how did redisplay start while regexp match was in
progress?  Do you see any code in regexp that could trigger redisplay?