From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal Date: Wed, 05 Oct 2022 17:09:09 +0300 Message-ID: <83zgeas6pm.fsf@gnu.org> References: <83edvnv965.fsf@gnu.org> <83pmf6u76i.fsf@gnu.org> <83mtaau43p.fsf@gnu.org> <83ilkytyif.fsf@gnu.org> <877d1ewnx0.fsf@yahoo.com> <87tu4iv7w5.fsf@yahoo.com> <838rlutmqo.fsf@gnu.org> <871qrmv0ln.fsf@yahoo.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="2778"; mail-complaints-to="usenet@ciao.gmane.io" Cc: gerd.moellmann@gmail.com, alan@idiocy.org, 58042@debbugs.gnu.org To: Po Lu Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 16:21:22 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1og5Gz-0000Wv-SE for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 16:21:22 +0200 Original-Received: from localhost ([::1]:42442 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1og5Gx-00044p-VM for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 10:21:19 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52896) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1og563-0003zq-2W for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 10:10:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:58677) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1og562-0005vG-Lc for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 10:10:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1og562-0001Uq-83 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 10:10:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Oct 2022 14:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58042 X-GNU-PR-Package: emacs Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.16649789605694 (code B ref 58042); Wed, 05 Oct 2022 14:10:02 +0000 Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 14:09:20 +0000 Original-Received: from localhost ([127.0.0.1]:57755 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1og55M-0001Tm-HB for submit@debbugs.gnu.org; Wed, 05 Oct 2022 10:09:20 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:40502) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1og55J-0001TX-Gk for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 10:09:19 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:54092) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1og55D-0005r3-94; Wed, 05 Oct 2022 10:09:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=izD8b2C+DfalzQupXHYLEdqRDYEVK8qBsqiKSlUTUMY=; b=bW+SQXI5tRfO inZZ8Zs2kZtxP2msvdBZ1RT7DEC0Tkhb3/R2uD6brd2vQVaS1PUNks2zoNlxYiAMJasIlyYTlhEQk DecfdTYFZnybKXklm6TC4avIRkwZ9yJIcwjNNjxoAe3fYgEHUAsaa2ABCUL4rgzwg3TBzcO2vjjTC lEAI85L0n2TG2zWsUAAT+JckD/1Ls/5ZuRDMZJv6Obyi9jNxPZ84Vn6+HZvM77N/TNxv6VUcl4ZZf uHjCbclsn7Llev3CoYQ3V8SRw8/+dUsHomeoBJBqJ3j/0GlM6GruLFgak7ow+EHSnX5BCwKH8Dejl xwZd2+sqk3cm/UoDerKT1g==; Original-Received: from [87.69.77.57] (port=1625 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1og55C-0007rp-JM; Wed, 05 Oct 2022 10:09:10 -0400 In-Reply-To: <871qrmv0ln.fsf@yahoo.com> (message from Po Lu on Wed, 05 Oct 2022 21:52:52 +0800) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244543 Archived-At: > From: Po Lu > Cc: gerd.moellmann@gmail.com, 58042@debbugs.gnu.org, alan@idiocy.org > Date: Wed, 05 Oct 2022 21:52:52 +0800 > > Eli Zaretskii writes: > > > We call maybe_quit in many places, basically anywhere where we have > > potentially long loops. It isn't just Fmemq. So if we want to > > prevent maybe_quit from indirectly calling arbitrary Lisp, we'd need > > to block_input inside probably_quit. Which means > > process_pending_signals will not call the read-socket hook and will > > not gobble input. That's bad, I think. > > > > And note that this is only problematic on macOS (AFAIU), because there > > the read-socket hook can trigger redisplay. > > There are many different ways to trigger redisplay from the read-socket > hook in the Haiku port as well, and I haven't seen any problems there. > > Besides, any call to automatic GC today can run arbitrary Lisp through > finalizer functions, and that includes redisplay. So unless the > read_socket_hook does not cons at all, there is no way to prevent > probably_quit from running Lisp code. That we have other loopholes doesn't mean we shouldn't be concerned with this one. IMO, we should plug all those loopholes one by one. Finalizers are very rarely used (not at all in core, I believe), so it's a small wonder we didn't see bug reports. As for Haiku, how man y active users of it exist, and how "crazy" are the hooks they define for redisplay to call? If those hooks remain nil, nothing bad will ever happen.