From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal Date: Wed, 05 Oct 2022 18:43:55 +0800 Message-ID: <877d1ewnx0.fsf@yahoo.com> References: <83edvnv965.fsf@gnu.org> <83pmf6u76i.fsf@gnu.org> <83mtaau43p.fsf@gnu.org> <83ilkytyif.fsf@gnu.org> Reply-To: Po Lu Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8904"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux) Cc: Eli Zaretskii , 58042@debbugs.gnu.org, Alan Third To: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 12:45:17 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1og1tt-00026h-1R for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 12:45:17 +0200 Original-Received: from localhost ([::1]:38754 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1og1ts-0003hN-0W for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 06:45:16 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52182) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1og1te-0003bL-IL for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 06:45:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:56927) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1og1te-0001tF-6c for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 06:45:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1og1td-0005qz-On for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 06:45:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Po Lu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Oct 2022 10:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58042 X-GNU-PR-Package: emacs Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.166496665722421 (code B ref 58042); Wed, 05 Oct 2022 10:45:01 +0000 Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 10:44:17 +0000 Original-Received: from localhost ([127.0.0.1]:56005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1og1su-0005pY-SA for submit@debbugs.gnu.org; Wed, 05 Oct 2022 06:44:17 -0400 Original-Received: from sonic306-20.consmr.mail.ne1.yahoo.com ([66.163.189.82]:36713) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1og1ss-0005pI-36 for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 06:44:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664966647; bh=sZ/TQsX54w1zbNDSSZ2bEEZmS8QuX3ea80IthPTWqeI=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From:Subject:Reply-To; b=kybtFxiLvOZzKugzJdGzeJpP1qoOyoANzSFmX6ZpXI6fkXYnzSF6KmVw6fx4+KoJAICDZDFLp+sU45JowtbLeCkjiFUSqsgUdwgD+/kAAGpmGRU2d+hcASMXF7ce/ZWaHfUt7steyBSoHAAJvG/HqeCubipoQxrdVN0mxbSkVladImcq4MER7FEUWcNHslyBmijiohe42lxnN9OErAnBsHxOQVBHpyZWl1+8sBlx+wfaV5E0VxvRH25HQqncT5rkGVJ2Hb6Tc2evTFm5Ag0ZdSk658tvNqqNFkYV7P0Aksrl5ZKpIjbTuaWvQeZC9lM2qcvw+LUpF4ShA001YW4REw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664966647; bh=d9jr5E/PkHUxnUqwai6OCm0p8yr6XUOC5ZTj5QxIbUJ=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=UxApzB1ozoTTZIBBOtavTcyIwYO/cVz0qw/bcg9Zg6u9IeT4wxrPkyg49tVVxqn+gd4HOlAygefyv038y9WsPhd/qmLmCg8OZXFy63CJ5OKHAvH+D/+C3eJBVM0H2XXlOAH7AklN8Cmj+PodMT18kUs6ECna2sluZ1+igawZe+xfsUjyu9igjjUM07ineHr8pX7jEXTzWB52N8Ym1ABphq0c+iyvC+Ofg+wG/Qmo303fTR3fMxeAfXlEdYHGAzOOiRrIqpc3HhR0w6KQz6jiA2/FRnS4yI9J7iY/+V84jdwL5HepVDtr11Lvf0DNjkyNDGmD8JP2M88VF0moKVqZ5w== X-YMail-OSG: gBgpqAwVM1lZQ_.hbAzGc2g_Ksx2I99xBUUjW23lRhJVpacTojO4hbbDdhjgVSs AoMviuXwBB.Notr7egeATcGz4xW7UUITkgnzSmFLWU3PLqaWNgyBrcU1Dw0S9.V3RQqlEc.fNRbT Yyo3XZhi.gBGL4zTVlY8eXJP7EafYcSSpZOQruxa7oIoXwUixXJVplSVQ.EGXeyT7k0_Ijnk7kUp 9K2.hdhOKKC92ewuQplAGaGFyaki5btihaAEY2eDmKQn.0zEPrJL3i.o5K7_HnQK7K8bocNxW1AV 9J97SA0lcmf9ggE1vjElQuvBH_mqk6BDyBHhcECXyJgrjdYDhU6EbU_NWRwvbONl.1_tqiW0d1z7 8BpYwM3gfG0OpmwtQP2C.MYucUSOM4hc0rZTyCOmh8uAHLYXU2HZQ39wWBEIhmouwx_oEt3zUHo4 9hXX6lpAUX5dJmfGe.BvJg6HYnKdLYMbb64W6duRxZOnd2tPDKld.ed4WfU44SGmVFfxojUTSLn4 HaA2zeAqUMSU.KwPxe8VAnwLE2Cfyo3QZoH0pXnU_X8w9TTHGM2rcTLHAv3A.s4lIU6BotRr_Bz1 69qmRJEN9rkVuvPKbcTRazisW49xBej7E1G6OZGj0kMHXhnYylFQJD_TIeox6lFXx1RpUVkogBC1 PH7beUqZ6TxemJlRnqrvD3Pr8dqf5D.fhdUm0b0TIb3X4p3wzgwOa__1sX2IHg91GscSjcWRZrCn 823LDciVT5ZfYdt8DaTYsFXZlLY7RNRNiz.AIFvfULuOdl5a002MW3SwEWLG0J0Bi5.Fji6Ey7tQ hJ0Xzl8ndoAy6aoKWHp1V96h_GsI1NV7WZd49S7o0b X-Sonic-MF: Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Wed, 5 Oct 2022 10:44:07 +0000 Original-Received: by hermes--production-sg3-cf9dc7f8d-vdvzk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7916e1caf1e14e465d13e22d9dc71a1e; Wed, 05 Oct 2022 10:44:02 +0000 (UTC) In-Reply-To: ("Gerd =?UTF-8?Q?M=C3=B6llmann?="'s message of "Wed, 05 Oct 2022 12:24:12 +0200") X-Mailer: WebService/1.1.20702 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244507 Archived-At: Gerd M=C3=B6llmann writes: >> Isn't the -[EmacsView layoutSublayersOfLayer:] the problem? AFAICT from >> a web search, this is an event handler method that is also called from >> by the framework? >> >> In the olden days, it was a serious error to call into Lisp from an >> event handler. All bets were off when that happened, not only related >> to GC. I believe that hasn't changed much. Today, event handling code calls Lisp all the time (through safe_call etc.) That happens in handle_one_xevent, ns_select, et cetera. It shouldn't affect GC at all because input is blocked for the entire duration of each GC, except for when finalizers are run after unmarked objects are sweeped. So AFAIU it has been safe ever since read_socket_hook stopped being called from a signal handler. >> That code was introduced by Alan around this time. >> >> 1ba02d85a964e1b2c6a9735cd3decdc524e06dc1 >> Author: Alan Third >> AuthorDate: Sat Jun 12 10:25:47 2021 +0100 >> Commit: Alan Third >> CommitDate: Sat Jul 31 11:13:05 2021 +0100 >> >> Maybe Allen can say something, I've CC'd him. >> >> Or maybe we should add your fix, too? > > And a similar question to Po Lu because of > > f81065a91be5a54b78e202df6918aff443588ae1 > Author: Po Lu > AuthorDate: Mon May 30 16:03:11 2022 +0800 > Commit: Po Lu > CommitDate: Mon May 30 16:03:11 2022 +0800 > > which added a call to redisplay to - (NSDragOperation) draggingUpdated: > (id ) sender. Is that safe here? It should be safe there since we use safe_call, as the only problem these days is that it isn't safe to longjmp out of an NS event handler.