From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal Date: Wed, 05 Oct 2022 20:48:25 +0800 Message-ID: <87czb6v3l2.fsf@yahoo.com> References: <83edvnv965.fsf@gnu.org> <83pmf6u76i.fsf@gnu.org> <83mtaau43p.fsf@gnu.org> <83ilkytyif.fsf@gnu.org> <87y1tuv851.fsf@yahoo.com> <87lepuv5l8.fsf@yahoo.com> Reply-To: Po Lu Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25709"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux) Cc: Eli Zaretskii , 58042@debbugs.gnu.org, Alan Third To: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 14:51:15 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1og3rn-0006UE-8N for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 14:51:15 +0200 Original-Received: from localhost ([::1]:50618 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1og3rk-0005es-DD for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 08:51:14 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44936) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1og3pe-0005ee-JU for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 08:49:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:57109) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1og3pe-0001Rp-B8 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 08:49:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1og3pd-00038w-Pt for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 08:49:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Po Lu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Oct 2022 12:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58042 X-GNU-PR-Package: emacs Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.166497412812063 (code B ref 58042); Wed, 05 Oct 2022 12:49:01 +0000 Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 12:48:48 +0000 Original-Received: from localhost ([127.0.0.1]:56187 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1og3pQ-00038V-C8 for submit@debbugs.gnu.org; Wed, 05 Oct 2022 08:48:48 -0400 Original-Received: from sonic317-34.consmr.mail.ne1.yahoo.com ([66.163.184.45]:34297) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1og3pL-00038F-IQ for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 08:48:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664974117; bh=Jc0aEB4iQoT8kNFrub6O5BsycigA725bmpXNJbsd+uA=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From:Subject:Reply-To; b=mlraUXqlAD+j6C5+npgjbhX7nZuOEglR8c+FDU05kcc+BdNn0GxnmDyTm7YZ3FaovBK0ZFEbgz2QhmqpUuQr2lDKAp1JXqHQZ7f/8My7CS7y9d1SeUELhtpYDpmI/1luZG2KFJeB8nnLCNajE2Z/kxLWY5fH/ta9zJY1Ha4YBJNWmQw+OiP6mx1Ih6CpW5iKKJuoDvPFajCOs5+USBfczO22htrd1M46lo5vGeZOqwrFEy3M7deYUBxLvCCJHi5kUdvfxymPtpUkD6vZr4qFPrQCBcZ4zepoL2XTzylIirVI2Q4/IKW7PUKJxoSQnvSKDjCB2uekKo8fQXnwSZxzqw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1664974117; bh=9RZHknQH1unP40tVTk7y4dtpFsx3Lj70zFK5Vdjkrl1=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XcyMtJcDP11wSa14uIKbCeuEnZBjaXqMaFm1a2hZXCupCCdKMaUmtzLJzWBnK92MILMYZe9Ct5fG0zIZjglg9Vi3ddR+Byl5s/HlVnKQquC2LAsr4JGsobWTiZJI1HvS/59SQkWTb6PWZdXKlalCptr7erex4nn0DJzRj8fcki/9fCTtxDdkIDG7DLcKp631/Cjpv3ybolkIz3xyFYFyXOltWaekT/W8s8UdcrTJVG4wLQcHuG+C+acDRf7V5xTuUl+wZPeNHxhe24/bTxIkWwTqBqQNIKEZnDEsCPxjoVckntfjxBRdRSj5+yDfFOq1yYBlykQMUWdBvZAJnswxzg== X-YMail-OSG: FWVnQGAVM1l8o5WWiuE6QGo0ewTfFnkkTQGxUTxg8MknrBGi2tx62OTGDiRD2Vr kYoR5tebuj7N7GLCGtWYw3MaV_VINRWi45c4CGeZ5ZXPq_0GVAJqdHZSFbfZpyI9ru95dMzzDlLz TLEqaJVCdPP71bnHl8rc6GtP_Y6w4VhYDjv9x7liRFL_L5noGnDon0zqqBJuGqwj3UFmQ._n7vze 1W.BSC2RGQollFtkJExRMUFcJccuaswu_mDIwKGqEBTP6cKSJyF.UH_aND1.5zPnYSB188rOeIeI QVLyGrzguwbOrqOKBroEwoQQnW0Eu7hvNEXTDXprBQRkjpUSIDdQU.Au5IkmI.3rmAQ97K9YBUHl NDYyrGV3ADW5JM5TDYDcRRVRJ5XjAH2jp_.9_GptP9eFE4CCHB5tr87fEmMp8N9tsCgqqr_nblCd 5T.aoQT_QyDbS9F9FhKk9NrtgVzU92r50qmwX0U96VatJMpT6f7DSjweY5jIyausaforTfG.WuxH tkZgKq9IcPDg87nb0i9y0eDKwLK3KNW0wwmhSNThpLo.rU3wY2urJHTb6T2GmcErUNam1Pv9rWpo e13hTlgGIo7RTqecknrGGE.JigEWld5fvvzHCY0ot9531btHKPcZC9WtXMLfMC2l0DUXuU0Wpqr8 VZ05MJJyzD6wnon8._PEAz2ZA1ROo7XP2.TwimxOSA50Jiq43tIijsUWvudcz717iRwfNh4k13DQ 9QWS48NWMEmKXKWNJg1yP7m2AbsG1t3ShP4KPlm0ZOYbvPKEt5qVOiaPD53ZDfVVz.uODR1Vcg0a UGeqXmM3oHU.y5GS549zUOI7MVM.76n6b8NnEksrii X-Sonic-MF: Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Wed, 5 Oct 2022 12:48:37 +0000 Original-Received: by hermes--production-sg3-cf9dc7f8d-lcfnp (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b3d28525a8c76a40a942a2bef978a1eb; Wed, 05 Oct 2022 12:48:30 +0000 (UTC) In-Reply-To: ("Gerd =?UTF-8?Q?M=C3=B6llmann?="'s message of "Wed, 05 Oct 2022 14:32:07 +0200") X-Mailer: WebService/1.1.20702 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244527 Archived-At: Gerd M=C3=B6llmann writes: > I don't get an abort, but the ASAN error again Interesting. > =3D=3D67682=3D=3DERROR: AddressSanitizer: heap-use-after-free on address = 0x000107130d00 at pc 0x0001002a481c bp 0x00016fdcc3c0 sp 0x00016fdcc3b8 > READ of size 8 at 0x000107130d00 thread T0 > #0 0x1002a4818 in PSEUDOVECTORP lisp.h:1110 > #1 0x1002a4888 in SYMBOL_WITH_POS_P lisp.h:1122 > #2 0x10025a338 in EQ lisp.h:1342 > #3 0x100280eb0 in run_window_change_functions window.c:3964 > #4 0x1000f18c4 in redisplay_internal xdisp.c:16600 > #5 0x100107bf8 in redisplay xdisp.c:16111 > #6 0x10089364c in -[EmacsView layoutSublayersOfLayer:] nsterm.m:8661 > #7 0x1900a9624 in CA::Layer::layout_if_needed(CA::Transaction*)+0x224= (QuartzCore:arm64e+0x20624) > #8 0x1901f661c in CA::Context::commit_transaction(CA::Transaction*, > double, double*)+0x1c0 (QuartzCore:arm6 > > frame #8: 0x0000000100280eb4 emacs`run_window_change_functions at window.= c:3964:7 > 3961 (de-)selected as its frame's or the globally selected > 3962 window. */ > 3963 if (((frame_selected_change > -> 3964 && (EQ (window, old_selected_window) > 3965 || EQ (window, selected_window))) > 3966 || (frame_selected_window_change > 3967 && (EQ (window, FRAME_OLD_SELECTED_WINDOW (f)) > > (lldb) p window > (Lisp_Object) $18 =3D 0x00000001071c2935 (struct window *) $23 =3D 0x0000= 0001071c2930 > (lldb) p old_selected_window > (Lisp_Object) $24 =3D 0x0000000107130d05 (struct Lisp_Vector *) $28 =3D 0= x0000000107130d00 > > old_selected_window looks strange. It's a global that is not > staticpro'd Isn't old_selected_window supposed to be kept in sync with FRAME_OLD_SELECTED_WINDOW in old_selected_frame, with the latter being removed once it is deleted? Would someone who knows the window code well please take a look at this?