From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal Date: Wed, 05 Oct 2022 09:16:05 +0300 Message-ID: <83pmf6u76i.fsf@gnu.org> References: <83edvnv965.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="36593"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 58042@debbugs.gnu.org To: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 08:17:50 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ofxj4-0009NW-8N for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 08:17:50 +0200 Original-Received: from localhost ([::1]:49536 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ofxj2-0005WU-Nt for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 02:17:48 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:48500) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ofxiJ-0005WI-0Y for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 02:17:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:56631) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ofxiI-0008MP-OL for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 02:17:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ofxiI-0007Ib-F1 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 02:17:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Oct 2022 06:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58042 X-GNU-PR-Package: emacs Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.166495058228004 (code B ref 58042); Wed, 05 Oct 2022 06:17:02 +0000 Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 06:16:22 +0000 Original-Received: from localhost ([127.0.0.1]:55709 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ofxhe-0007Hb-Ef for submit@debbugs.gnu.org; Wed, 05 Oct 2022 02:16:22 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:40440) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ofxhc-0007HF-Mx for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 02:16:21 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:36464) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ofxhX-0008FQ-14; Wed, 05 Oct 2022 02:16:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=njmtsM2eJrICeBAAh7qgJGop/o2B2FJFA/vptWYEK+c=; b=oDo+Ov7ofDEOEzd8vH2l +bRwhpZlsm9s7IyUN651wYEJZE64rVcdrpV+L/fF5XJMRenmL6PZB3wFT27h75ONnY0Q40EwdXr9y E4lBXSvXAis2HbCMR6pmAAjj95fCo1bhcnLkDaLB3KRlZmxlFEtmjJGjhxRzgn7VOfSPU3tI5l/cT Snqb1kXwphlZTp4F/Bcm94ro6grFqiLMO7lA3l/jHU9FpwwmJc9/2nhssVtbFXztkfr/r8NxE0Hli f7FdGzXcVUuDEgRRxyFP6gJ/+dF1DU7B8TCPBQsz+vy7OXcxppx7y6/TkkvpWmBXcBN1nKecAq980 k0tW4VM4HKQn2Q==; Original-Received: from [87.69.77.57] (port=3478 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ofxhP-0003cz-OC; Wed, 05 Oct 2022 02:16:14 -0400 In-Reply-To: (message from Gerd =?UTF-8?Q?M=C3=B6llmann?= on Wed, 05 Oct 2022 06:37:58 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244489 Archived-At: > From: Gerd Möllmann > Cc: 58042@debbugs.gnu.org > Date: Wed, 05 Oct 2022 06:37:58 +0200 > > >From top to bottom we're going into the past > > 1. Present = Where the problem was found with the pointer > 2. Past = where the memory block was freed that the pointer is in. > 3. Pre-Past = where block was allocated that is freed in (2) > > I don't know why the ASAN output in (1) stops after 30 frames. And I > don't know if the 30 can be changed. But 30 for (2) and (3) seems > reasonable to me. After all, this means 2 * 30 pointers most be > recorded per allocated memory block, and that's a quite noticeable > overhead, performance-wise. 30 looks like a heuristic. More make > programs slower, less is less helpful. > > When running under LLDB, we stop at (1), and can see the full callstack, > if we want, starting in the ASAN lib where it signals SIGABRT, and going > up to main etc. Then I guess we will have to wait until LLDB folks get their act together and fix LLDB to not crash before it provides the information to us? Or is it possible for you to downgrade to the previous, working version of LLDB? The question that we should try answering is this: what variable holds the C pointer to the data of a Lisp string that is being relocated and/or compacted by GC between the time the C pointer is assigned and the time its value is dereferenced? And I don't see how to answer that question without understanding how redisplay was called in the middle of what seems to be loading of a Lisp package, because none of the items 1 and 3 show anything that could call redisplay.