From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: npostavs@users.sourceforge.net Newsgroups: gmane.emacs.bugs Subject: bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size" Date: Sat, 08 Oct 2016 12:57:32 -0400 Message-ID: <8760p2wzgj.fsf@users.sourceforge.net> References: <87twe6sx2g.fsf@users.sourceforge.net> <87eg51ng4r.fsf_-_@users.sourceforge.net> <87k2djwumn.fsf@users.sourceforge.net> <83h98nidvd.fsf@gnu.org> <87eg3rvtsf.fsf@users.sourceforge.net> <83k2dihpm9.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1475945912 19137 195.159.176.226 (8 Oct 2016 16:58:32 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 8 Oct 2016 16:58:32 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) Cc: 24358@debbugs.gnu.org, peder@klingenberg.no To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Oct 08 18:58:27 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bsuwx-0002i9-2g for geb-bug-gnu-emacs@m.gmane.org; Sat, 08 Oct 2016 18:58:15 +0200 Original-Received: from localhost ([::1]:41837 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bsuwv-00070q-L1 for geb-bug-gnu-emacs@m.gmane.org; Sat, 08 Oct 2016 12:58:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48357) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bsuwo-00070Z-Qg for bug-gnu-emacs@gnu.org; Sat, 08 Oct 2016 12:58:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bsuwk-0002Cs-QN for bug-gnu-emacs@gnu.org; Sat, 08 Oct 2016 12:58:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:42726) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bsuwk-0002Cm-MX for bug-gnu-emacs@gnu.org; Sat, 08 Oct 2016 12:58:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bsuwk-00060V-E5 for bug-gnu-emacs@gnu.org; Sat, 08 Oct 2016 12:58:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: npostavs@users.sourceforge.net Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 08 Oct 2016 16:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 24358 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 24358-submit@debbugs.gnu.org id=B24358.147594582623005 (code B ref 24358); Sat, 08 Oct 2016 16:58:02 +0000 Original-Received: (at 24358) by debbugs.gnu.org; 8 Oct 2016 16:57:06 +0000 Original-Received: from localhost ([127.0.0.1]:48916 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bsuvq-0005yz-8K for submit@debbugs.gnu.org; Sat, 08 Oct 2016 12:57:06 -0400 Original-Received: from mail-it0-f53.google.com ([209.85.214.53]:34749) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bsuvo-0005yU-LX for 24358@debbugs.gnu.org; Sat, 08 Oct 2016 12:57:05 -0400 Original-Received: by mail-it0-f53.google.com with SMTP id 189so7023635ity.1 for <24358@debbugs.gnu.org>; Sat, 08 Oct 2016 09:57:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=qWYI5srkSxtTGny1rgu3IKSRzgj253IE/VxsxwS2hak=; b=WHtufdiWOi89IG1M5TkB/mkQLKQxZZZj+yssVDcQobDDYjopF+ViYCCzLk4l63eGeN /9kqWT2qYbfoNMMALwOa2xYym6Sq1sBzOBRfI/Qi2z6AnK6piyjDXhgaiYbCl7UAnkPJ 7s285lF0iAx6FLrK8AuG42aX6araboupC1MmvZsMCpMGL33kOlYfb+86Q4+m0pnY9aRa ZIhXj4Vpm1KyHl0xOGSJZv7qKZYFxD5PJS9+ioCRO8kAUS9zmSQ1Z6MOSGcEHWS+2Yw3 JMq5eSu92HNTGAANqQaYFq1AOBTsL/e0EonoC242GyM2FHQtd4Hwgbd+kKB/1e18f7cH npUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=qWYI5srkSxtTGny1rgu3IKSRzgj253IE/VxsxwS2hak=; b=PrBuHZwTfMYsKi1puOYkLAk+ejC7dRvsJoGDAM7e3/nycSKCmrTPeFWtk6i3e4UFWB //tmPUpcudRKYfPPPaHHlVojREWPhZNAT2gUmfc/RRsz2MF5C3BBLQD0QvwS6wWKeY6w QF5Gts8cLMRDK8abaHFxd6+m7NWXphSHL7N6tiMvGrQY5KVfdM614tW8p+17TtXIBNxq oWrT/PZrF1MBFIqkGXxBwC0FiqL773tJ6snFDfuJRFtRThizMJa0fi22iZcJC1s4fzgq xpS65hdxpRyqOP3H8t2jXC6NgAdttRmh0N2JNxrRRpZzsDAoYfDhOr/NEtyp9aVw3OQj qvRg== X-Gm-Message-State: AA6/9RnR9GcPGmLfUizPGgYfvCwiLq6W/oAf2pt06cQVDdWRmoeCrF56p8LkYeC10gPkAA== X-Received: by 10.36.207.68 with SMTP id y65mr3700369itf.110.1475945818894; Sat, 08 Oct 2016 09:56:58 -0700 (PDT) Original-Received: from zony ([45.2.7.130]) by smtp.googlemail.com with ESMTPSA id g11sm4631137ioi.12.2016.10.08.09.56.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 08 Oct 2016 09:56:57 -0700 (PDT) In-Reply-To: <83k2dihpm9.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 08 Oct 2016 17:39:10 +0300") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:124227 Archived-At: Eli Zaretskii writes: >> From: npostavs@users.sourceforge.net >> Cc: 24358@debbugs.gnu.org, peder@klingenberg.no >> Date: Sat, 08 Oct 2016 09:45:20 -0400 >> >> >> From: npostavs@users.sourceforge.net >> >> Date: Fri, 07 Oct 2016 20:29:36 -0400 >> >> Cc: 24358@debbugs.gnu.org >> >> >> >> npostavs@users.sourceforge.net writes: >> >> > >> >> >> (I'm also on GNU/Linux, Arch) I get the same max-specpdl-size error with >> >> >> 25.1.50, with 24.5 (and below) I get (error "Stack overflow in regexp >> >> >> matcher") >> >> >> >> icalendar--read-element has been fixed, but this still reproduces when >> >> doing (re-search-forward ".*\\(\n.*\\)*" nil t) on the text file given >> >> in the OP. >> > >> > Isn't that "user error"? >> >> Yes, but it should give "Stack overflow in regexp matcher", not overflow >> the lisp stack (or assertion failure). > > But that's what you said (see above): "Stack overflow in regexp > matcher". That's what I meant when I said "user error". Ah, I may have been a bit too terse there. What I meant was, in Emacs 24.5 I correctly get "Stack overflow in regexp matcher", whereas in emacs-master I get "Variable binding depth exceeds max-specpdl-size". In emacs-25 I get the assertion failure. > >> I show some more excerpts in the attached bug-24358-debug.log, but my >> main finding is that string1 of re_match_2_internal is originally: >> >> string1=0x1835980 "DESCRIPTION;LANGUAGE= >> >> but then it becomes corrupted during a malloc: >> >> Old value = 68 'D' >> New value = 0 '\000' > > If that string is data of a Lisp string, then a call to malloc could > relocate the data. Code that holds C pointers into buffer or string > text should either use SREF, or recompute the C pointer after each > function call which could GC. In that case, I believe the problem is that search_buffer calls re_search_2 with a pointer to the buffer text, and then re_match_2_internal (called by re_search_2), can allocate when doing PUSH_FAILURE_POINT because it eventually does SAFE_ALLOCA to grow the regex stack. AFAICT, this bug is still present 24.5, but because re_max_failures is set to a round number (see https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24358#27), there are fewer calls to malloc and thus less chance of relocating the particular string in question. So possible solutions I can would be to pass down the lisp reference to re_match_2_internal, or else set re_max_failures according to MAX_ALLOCA (but this would make it much smaller). search_buffer() /* Get pointers and sizes of the two strings that make up the visible portion of the buffer. */ p1 = BEGV_ADDR; s1 = GPT_BYTE - BEGV_BYTE; p2 = GAP_END_ADDR; s2 = ZV_BYTE - GPT_BYTE; [...] val = re_search_2 (bufp, (char *) p1, s1, (char *) p2, s2, pos_byte - BEGV_BYTE, lim_byte - pos_byte, (NILP (Vinhibit_changing_match_data) ? &search_regs : &search_regs_1), /* Don't allow match past current point */ pos_byte - BEGV_BYTE); re_match_2_internal() case on_failure_jump: EXTRACT_NUMBER_AND_INCR (mcnt, p); DEBUG_PRINT ("EXECUTING on_failure_jump %d (to %p):\n", mcnt, p + mcnt); PUSH_FAILURE_POINT (p -3, d); #define PUSH_FAILURE_POINT(pattern, string_place) do { ... ENSURE_FAIL_STACK (NUM_NONREG_ITEMS);... #define ENSURE_FAIL_STACK(space) \ while (REMAINING_AVAIL_SLOTS <= space) { \ if (!GROW_FAIL_STACK (fail_stack)) \ return -2;... #define GROW_FAIL_STACK(fail_stack) \ ... = REGEX_REALLOCATE_STACK ((fail_stack).stack, \ (fail_stack).size * sizeof (fail_stack_elt_t), \ min (re_max_failures * TYPICAL_FAILURE_SIZE, \ ((fail_stack).size * sizeof (fail_stack_elt_t) \ * FAIL_STACK_GROWTH_FACTOR))), \ # define REGEX_ALLOCATE_STACK(size) REGEX_ALLOCATE (size) # define REGEX_REALLOCATE_STACK(source, o, n) REGEX_REALLOCATE (source, o, n) # define REGEX_ALLOCATE SAFE_ALLOCA /* SAFE_ALLOCA normally allocates memory on the stack, but if size is larger than MAX_ALLOCA, use xmalloc to avoid overflowing the stack. */ enum MAX_ALLOCA { MAX_ALLOCA = 16 * 1024 }; #define SAFE_ALLOCA(size) ((size) < MAX_ALLOCA \ ? alloca (size) \ : (sa_must_free = true, record_xmalloc (size))) ^^^^^^^^^^^^^^^^^^^^^