From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal Date: Thu, 23 Jun 2022 09:57:53 +0300 Message-ID: <835ykrg93i.fsf@gnu.org> References: <83mte7kv7c.fsf@gnu.org> <32e548cc-ffd3-4669-ad9a-317c130b0c93@Spark> <83a6a4kec0.fsf@gnu.org> <6e56407a-b564-4aa9-b74c-78883727ef09@Spark> <831qvgkc8d.fsf@gnu.org> <83sfnwisbb.fsf@gnu.org> <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="13178"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 56108@debbugs.gnu.org To: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Jun 23 09:00:24 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1o4GpE-0003Ju-C6 for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 23 Jun 2022 09:00:24 +0200 Original-Received: from localhost ([::1]:60028 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o4GpD-0003EH-8W for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 23 Jun 2022 03:00:23 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45790) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4Gnu-0002zs-Ei for bug-gnu-emacs@gnu.org; Thu, 23 Jun 2022 02:59:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:43192) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o4Gnu-0006y8-6B for bug-gnu-emacs@gnu.org; Thu, 23 Jun 2022 02:59:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1o4Gnt-0004jL-UP for bug-gnu-emacs@gnu.org; Thu, 23 Jun 2022 02:59:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 23 Jun 2022 06:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56108 X-GNU-PR-Package: emacs Original-Received: via spool by 56108-submit@debbugs.gnu.org id=B56108.165596749018120 (code B ref 56108); Thu, 23 Jun 2022 06:59:01 +0000 Original-Received: (at 56108) by debbugs.gnu.org; 23 Jun 2022 06:58:10 +0000 Original-Received: from localhost ([127.0.0.1]:37089 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o4Gn4-0004iC-Ia for submit@debbugs.gnu.org; Thu, 23 Jun 2022 02:58:10 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:60752) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o4Gn2-0004hz-9h for 56108@debbugs.gnu.org; Thu, 23 Jun 2022 02:58:08 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:36012) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4Gmw-0006l7-MB; Thu, 23 Jun 2022 02:58:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=AgoEY9MieVXZY2Hoq2mtY+lm8fGu3XkvAFXPaMNPZtI=; b=VDsUZftExSKpEfKZzath pRHK68fQSJuTMQaFTKso16I0h5Gi3Lyn44l50lCo3AX40NG+x5MO+1GhMf56ZBVMi+1PKZ4JvU9bp oSYFyaaw3WN2vOWkj0QAsn5rgCA/1S+Zx8qjhg9gel3HQgdwVuSw2yD1YMugDyeUAAsnNDZIQjdRt ZzwougzY3kYGs+s9xgAYHV5hxtTk7zGB/zjbIYZBaifKIvlh+nq7mYrGC6xlTisWgiWbaAnGlyO9b ac1mkAq94XfEishxhsKbFyWzCcgqXNPGliqe7ZE/mTaCNcujDhswqcnVxlSHvP7jhdAFQTQ/BhduV ywzZiNL86R+0rg==; Original-Received: from [87.69.77.57] (port=1103 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4Gmw-0006dj-5R; Thu, 23 Jun 2022 02:58:02 -0400 In-Reply-To: <3146c990-63d9-4aa5-ab78-7bae2b7d6cd5@Spark> (message from Gerd =?UTF-8?Q?M=C3=B6llmann?= on Thu, 23 Jun 2022 07:53:29 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:235067 Archived-At: > Date: Thu, 23 Jun 2022 07:53:29 +0200 > From: Gerd Möllmann > Cc: 56108@debbugs.gnu.org > > On 22. Jun 2022, 18:20 +0200, Eli Zaretskii , wrote: > > I think the next step is to add the missing freeze_pattern calls and > see if that fixes the problem? > > I think the missing freezes are 100% a bug, and they should be fixed. I agree. > Do you want to do that or should I? Feel free to do it, I generally prefer that people who see the problem and could at least potentially test the solution also make the change to fix it. > Another side question, if I may: Have you perhaps heard of someone producing a static call graph for > Emacs, or better yet, specific functions in Emacs? Maybe using objdump -D or something similar? Does this make sense in a dynamic program such as Emacs? We call into Lisp quite a lot from C, and from there you can arrive anywhere, no? And objdump cannot capture Lisp levels. That is, btw, the main problem with maintaining Emacs internals nowadays: it is hard, almost impossible, to know, just by looking at C code, whether GC or any other Lisp-related activity could happen between two arbitrary lines of C. We have more and more hooks called from C that could potentially call any Lisp, and we have more and more direct calls into Lisp from the most intimate parts of Emacs, like the display engine and the main loop in keyboard.c. This basically makes any analysis of whether or not some code fragment could cause GC futile: even if today it's impossible, it can easily become possible tomorrow, with some innocent-looking change. This is exacerbated by the fact that GCPROs are long gone, so the caution we used to exercised 20 years ago to make sure GC doesn't surprise us is no longer needed nor practiced. But no, I don't think anyone tried to see what kind of graph could be obtained. Maybe it's worthwhile, who knows? we might learn something useful regardless.