From: npostavs@users.sourceforge.net
To: Eli Zaretskii <eliz@gnu.org>
Cc: 24358@debbugs.gnu.org, peder@klingenberg.no
Subject: bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size"
Date: Sat, 08 Oct 2016 12:57:32 -0400 [thread overview]
Message-ID: <8760p2wzgj.fsf@users.sourceforge.net> (raw)
In-Reply-To: <83k2dihpm9.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 08 Oct 2016 17:39:10 +0300")
Eli Zaretskii <eliz@gnu.org> writes:
>> From: npostavs@users.sourceforge.net
>> Cc: 24358@debbugs.gnu.org, peder@klingenberg.no
>> Date: Sat, 08 Oct 2016 09:45:20 -0400
>>
>> >> From: npostavs@users.sourceforge.net
>> >> Date: Fri, 07 Oct 2016 20:29:36 -0400
>> >> Cc: 24358@debbugs.gnu.org
>> >>
>> >> npostavs@users.sourceforge.net writes:
>> >> >
>> >> >> (I'm also on GNU/Linux, Arch) I get the same max-specpdl-size error with
>> >> >> 25.1.50, with 24.5 (and below) I get (error "Stack overflow in regexp
>> >> >> matcher")
>> >>
>> >> icalendar--read-element has been fixed, but this still reproduces when
>> >> doing (re-search-forward ".*\\(\n.*\\)*" nil t) on the text file given
>> >> in the OP.
>> >
>> > Isn't that "user error"?
>>
>> Yes, but it should give "Stack overflow in regexp matcher", not overflow
>> the lisp stack (or assertion failure).
>
> But that's what you said (see above): "Stack overflow in regexp
> matcher". That's what I meant when I said "user error".
Ah, I may have been a bit too terse there. What I meant was, in Emacs
24.5 I correctly get "Stack overflow in regexp matcher", whereas in
emacs-master I get "Variable binding depth exceeds max-specpdl-size".
In emacs-25 I get the assertion failure.
>
>> I show some more excerpts in the attached bug-24358-debug.log, but my
>> main finding is that string1 of re_match_2_internal is originally:
>>
>> string1=0x1835980 "DESCRIPTION;LANGUAGE=
>>
>> but then it becomes corrupted during a malloc:
>>
>> Old value = 68 'D'
>> New value = 0 '\000'
>
> If that string is data of a Lisp string, then a call to malloc could
> relocate the data. Code that holds C pointers into buffer or string
> text should either use SREF, or recompute the C pointer after each
> function call which could GC.
In that case, I believe the problem is that search_buffer calls
re_search_2 with a pointer to the buffer text, and then
re_match_2_internal (called by re_search_2), can allocate when doing
PUSH_FAILURE_POINT because it eventually does SAFE_ALLOCA to grow the
regex stack.
AFAICT, this bug is still present 24.5, but because re_max_failures is
set to a round number (see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24358#27), there are fewer
calls to malloc and thus less chance of relocating the particular string
in question.
So possible solutions I can would be to pass down the lisp reference to
re_match_2_internal, or else set re_max_failures according to MAX_ALLOCA
(but this would make it much smaller).
search_buffer()
/* Get pointers and sizes of the two strings
that make up the visible portion of the buffer. */
p1 = BEGV_ADDR;
s1 = GPT_BYTE - BEGV_BYTE;
p2 = GAP_END_ADDR;
s2 = ZV_BYTE - GPT_BYTE;
[...]
val = re_search_2 (bufp, (char *) p1, s1, (char *) p2, s2,
pos_byte - BEGV_BYTE, lim_byte - pos_byte,
(NILP (Vinhibit_changing_match_data)
? &search_regs : &search_regs_1),
/* Don't allow match past current point */
pos_byte - BEGV_BYTE);
re_match_2_internal()
case on_failure_jump:
EXTRACT_NUMBER_AND_INCR (mcnt, p);
DEBUG_PRINT ("EXECUTING on_failure_jump %d (to %p):\n",
mcnt, p + mcnt);
PUSH_FAILURE_POINT (p -3, d);
#define PUSH_FAILURE_POINT(pattern, string_place)
do { ...
ENSURE_FAIL_STACK (NUM_NONREG_ITEMS);...
#define ENSURE_FAIL_STACK(space) \
while (REMAINING_AVAIL_SLOTS <= space) { \
if (!GROW_FAIL_STACK (fail_stack)) \
return -2;...
#define GROW_FAIL_STACK(fail_stack) \
...
= REGEX_REALLOCATE_STACK ((fail_stack).stack, \
(fail_stack).size * sizeof (fail_stack_elt_t), \
min (re_max_failures * TYPICAL_FAILURE_SIZE, \
((fail_stack).size * sizeof (fail_stack_elt_t) \
* FAIL_STACK_GROWTH_FACTOR))), \
# define REGEX_ALLOCATE_STACK(size) REGEX_ALLOCATE (size)
# define REGEX_REALLOCATE_STACK(source, o, n) REGEX_REALLOCATE (source, o, n)
# define REGEX_ALLOCATE SAFE_ALLOCA
/* SAFE_ALLOCA normally allocates memory on the stack, but if size is
larger than MAX_ALLOCA, use xmalloc to avoid overflowing the stack. */
enum MAX_ALLOCA { MAX_ALLOCA = 16 * 1024 };
#define SAFE_ALLOCA(size) ((size) < MAX_ALLOCA \
? alloca (size) \
: (sa_must_free = true, record_xmalloc (size)))
^^^^^^^^^^^^^^^^^^^^^
next prev parent reply other threads:[~2016-10-08 16:57 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-26 20:17 bug#24315: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size" Peder O. Klingenberg
2016-08-27 3:35 ` npostavs
2016-08-30 13:09 ` Peder O. Klingenberg
2016-09-02 1:58 ` npostavs
2016-09-02 13:45 ` Peder O. Klingenberg
2016-09-03 14:21 ` npostavs
2016-09-06 8:18 ` Peder O. Klingenberg
2016-09-07 23:27 ` npostavs
2016-09-03 15:43 ` bug#24358: " npostavs
2016-10-08 0:29 ` npostavs
2016-10-08 5:55 ` Eli Zaretskii
2016-10-08 13:45 ` npostavs
2016-10-08 14:39 ` Eli Zaretskii
2016-10-08 14:47 ` Eli Zaretskii
2016-10-08 16:57 ` npostavs [this message]
2016-10-08 17:23 ` Eli Zaretskii
2016-10-08 18:52 ` npostavs
2016-10-08 19:47 ` Eli Zaretskii
2016-10-08 20:55 ` npostavs
2016-10-09 6:52 ` Eli Zaretskii
2016-10-13 1:29 ` npostavs
2016-10-13 6:19 ` Eli Zaretskii
2016-10-14 2:19 ` npostavs
2016-10-14 7:02 ` Eli Zaretskii
2016-10-19 3:11 ` npostavs
2016-10-19 7:02 ` Eli Zaretskii
2016-10-19 12:29 ` npostavs
2016-10-19 14:37 ` Eli Zaretskii
2016-10-20 4:31 ` npostavs
2016-10-20 8:39 ` Eli Zaretskii
2016-10-21 1:22 ` npostavs
2016-10-21 7:17 ` Eli Zaretskii
2016-10-22 2:36 ` npostavs
2016-10-22 21:54 ` Sam Halliday
2016-10-22 22:46 ` npostavs
2016-10-23 6:41 ` Eli Zaretskii
2016-10-23 8:57 ` Sam Halliday
2016-10-23 9:19 ` Eli Zaretskii
2016-10-23 13:40 ` Sam Halliday
2016-10-23 14:07 ` Eli Zaretskii
2016-10-23 15:42 ` Sam Halliday
2016-10-23 15:48 ` Eli Zaretskii
2016-10-23 15:58 ` Sam Halliday
2016-10-23 15:58 ` Sam Halliday
2016-10-23 16:44 ` Eli Zaretskii
2016-10-23 17:19 ` Eli Zaretskii
2016-10-23 18:06 ` Eli Zaretskii
2016-10-23 18:14 ` Noam Postavsky
2016-10-23 19:18 ` Eli Zaretskii
2016-10-24 13:29 ` npostavs
2016-10-24 13:39 ` Eli Zaretskii
2016-10-24 15:33 ` Noam Postavsky
2016-10-24 16:13 ` Eli Zaretskii
2016-10-25 2:00 ` npostavs
2016-10-25 16:03 ` Eli Zaretskii
2016-10-26 0:16 ` npostavs
2016-10-24 13:43 ` Eli Zaretskii
2016-10-24 14:03 ` Eli Zaretskii
2016-10-24 20:13 ` Sam Halliday
2016-10-24 23:44 ` npostavs
2016-11-07 3:39 ` Eli Zaretskii
2016-11-07 3:56 ` Noam Postavsky
2016-11-07 15:10 ` Eli Zaretskii
2016-10-23 18:16 ` Sam Halliday
2016-10-23 19:10 ` Eli Zaretskii
2016-10-23 19:32 ` Eli Zaretskii
2016-10-23 20:15 ` Sam Halliday
2016-10-23 20:27 ` Eli Zaretskii
2016-10-23 20:18 ` Eli Zaretskii
2016-10-23 23:18 ` Noam Postavsky
2016-10-24 7:05 ` Eli Zaretskii
2016-10-24 8:40 ` Eli Zaretskii
2016-10-23 18:11 ` Sam Halliday
2016-10-18 8:16 ` bug#24358: 25.1.50; Sam Halliday
2016-10-18 8:56 ` Sam Halliday
2016-10-18 9:28 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760p2wzgj.fsf@users.sourceforge.net \
--to=npostavs@users.sourceforge.net \
--cc=24358@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=peder@klingenberg.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).