From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Po Lu via "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Wed, 05 Oct 2022 20:05:07 +0800
Message-ID: <87lepuv5l8.fsf@yahoo.com>
References: <m2zgeoc2d8.fsf@Mini.fritz.box> <m21qrnzmie.fsf@Mini.fritz.box>
 <83edvnv965.fsf@gnu.org> <m2tu4i3mxl.fsf@Mini.fritz.box>
 <83pmf6u76i.fsf@gnu.org> <m2ilky3ges.fsf@Mini.fritz.box>
 <83mtaau43p.fsf@gnu.org> <m2a66a3erd.fsf@Mini.fritz.box>
 <m25ygy3asv.fsf@Mini.fritz.box> <83ilkytyif.fsf@gnu.org>
 <m2y1tu1ssz.fsf@Mini.fritz.box> <m2v8oy1sc3.fsf@Mini.fritz.box>
 <m2wn9ev9an.fsf@Mini.fritz.box> <87y1tuv851.fsf@yahoo.com>
 <m2mtaav7ve.fsf@Mini.fritz.box>
Reply-To: Po Lu <luangruo@yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="18719"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux)
Cc: Eli Zaretskii <eliz@gnu.org>, 58042@debbugs.gnu.org,
 Alan Third <alan@idiocy.org>
To: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 14:09:00 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1og3Cu-0004iq-Fn
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 14:09:00 +0200
Original-Received: from localhost ([::1]:46984 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1og3Cs-0004oQ-Qu
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 08:08:58 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:50718)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1og3AP-0004n0-Uo
 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 08:06:30 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:57061)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1og3A2-0007xd-HF
 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 08:06:23 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1og3A2-00022v-8n
 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 08:06:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Po Lu <luangruo@yahoo.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 05 Oct 2022 12:06:02 +0000
Resent-Message-ID: <handler.58042.B58042.16649715277822@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 58042
X-GNU-PR-Package: emacs
Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.16649715277822
 (code B ref 58042); Wed, 05 Oct 2022 12:06:02 +0000
Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 12:05:27 +0000
Original-Received: from localhost ([127.0.0.1]:56139 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1og39T-000226-7w
 for submit@debbugs.gnu.org; Wed, 05 Oct 2022 08:05:27 -0400
Original-Received: from sonic315-20.consmr.mail.ne1.yahoo.com ([66.163.190.146]:41442)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <luangruo@yahoo.com>) id 1og39R-00021r-3F
 for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 08:05:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1664971519; bh=emRsUQSaDDIiTZalZS5HOFZq2mRd/VRwf9Ef6jP32fA=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From:Subject:Reply-To;
 b=rgB0gT0fK+LxvxygmiNPnoOSuh7UOO1FKwykU1KBcrCU7ZtOFy0KJ4IhZKrxJI6ymHe1PcT6noSLyDlU+ALAaiwiY7qNnjvYfO8YYEJrEVEKQGDNsaXYdN52FMSynIUmKMjyNR1IbDnlcZWlAozvxApXrTXGeP9BPDXRY0kxdEoPGsJTTzRK34s+a7/1u2691tKLc66EJ2ftLPrJY4GI2PNysowu5pfifZ9czUmnFNc0+8gLyrm96gXtIdxt8hNa25ox1XKZ1pwD8OHH1RV84FLhrD2jvsT/xva88jLwGM7F6jojy+T4CaUfFYnnZnZYssArpYwTeNCL9KDOCihfuw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; 
 t=1664971519;
 bh=3D8QK8xaSR7Sz7QmfON1t00zuhn2ITSAdM4jK2ShPPL=; 
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=PDopys9Q4ECiHRj8CHjRbzKhj2zD/OJVrwaptnB3K/+4ShXxNXJiUcCWFkUnL4FFobjvS+Sxk0VUDOkUtZlUJ3ywM9eh+DorFnIB5avvi0UxyXDFP0gLvldWlIRyWrsGe92Yzg2AVNzsLZdZ+hbODdbp7yWgR6BW2S/042BBqK5YOFo1auB28ZRcPwZ8PYEtBQsetveaVqYBP3dEIe1dt8nCjsE0G72/kIAIQbvnED62qDN2lu+0pSQiQ0Em7EynrzPgZuLg0lEjSYpJEgfV0HuaTjlYaUnSkgmQV06F2Fc8MSuLFbyTih3pHtOEGblQKbaVz9n3e+ynD2rjSdeT9A==
X-YMail-OSG: FY6eXNQVM1n1lC.ucZXotc3frVY3lbAZy8QeUsTvZq6FlFRJaotigHoSxKYhLcD
 ZJHPwniJhKO_nNaKOjkWPuCGHLt.nMFNletxhSTuJI0O0wJQT71FRtVQ0beXm8qp3.EzEv3l_LEy
 0YaWjUhUrXDCzt6YDMziUGUNeqE_XbQ65Pf9jl1FgGPeI8_OU6Sae76gikKhGu1vy1epa9YeZle8
 2C.z6YX0__Aqm.4y.4bECoe7vbb8xycFgOxLynYXRMa_DpGtWNNfHBrCmm7hE.ZJa5.sEfq3jmn1
 Xfyya5SBf0WEHDAUHrR2vyH0whIL0aLVi3jmsaBXYCUy7skxccz_2Zjiy9xES1sP4YK0o.vaePOO
 sALaz53ZrDb2yL71kRybgVQnVgJOGYS7fAy.bGne9QjEt_t98Yjxsa.njPT6FjC15xm6BchsUTKV
 naZebFB7FRGY7yHBeI_YdUMVcCw_sES9mNL.mVC2Dg_.cOHSKMjteks11riwPK2Zwvr62b10KbGv
 HNofnxf0RbMSPHe7wprJ8eGZl_BGPeXit.nPIoLQRs9j5VX.6MXJH6aTbni.LJ1wgxVo11lzrDeR
 VHkvvvBCe7sJwMIYaNHemqgSNVqDySIoT9Oe4GV.Zf1hmFvcXGZuwsJoIVrg6BGc8B6ig54qtplS
 mj8CJtZajijrIUbnwUGVInNbhy0AOzdEuGKmjgbQU4EOWMO4MPMekvzV4UdRGnRikj_dUA.g4xOI
 aE3AEcwmUc2JJeV2SlCI9JCN2STh2dnLClxGJkqeNraV0aKWIwRinM.7ijxUm9suQiD.IaPabk8z
 GY5BrJpiZooO7v_3uJkjv95zrAWEvnTTYT5WFau7JS 
X-Sonic-MF: <luangruo@yahoo.com>
Original-Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic315.consmr.mail.ne1.yahoo.com with HTTP; Wed, 5 Oct 2022 12:05:19 +0000
Original-Received: by hermes--production-sg3-cf9dc7f8d-5h5f2 (Yahoo Inc. Hermes SMTP
 Server) with ESMTPA ID 0d2e388753e738ee365b43fe395c8f54; 
 Wed, 05 Oct 2022 12:05:13 +0000 (UTC)
In-Reply-To: <m2mtaav7ve.fsf@Mini.fritz.box> ("Gerd
 =?UTF-8?Q?M=C3=B6llmann?="'s message of "Wed, 05 Oct 2022 13:15:49 +0200")
X-Mailer: WebService/1.1.20702
 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:244523
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/244523>

Gerd M=C3=B6llmann <gerd.moellmann@gmail.com> writes:

> Po Lu <luangruo@yahoo.com> writes:
>
>> I'm going to guess that window_sub_list is returning a window that was
>> not marked during GC.  It's a problem that also exists with my
>> incremental garbage collector.  Does this help?
>>
>> diff --git a/src/alloc.c b/src/alloc.c
>> index 419c5e558b..522925d248 100644
>> --- a/src/alloc.c
>> +++ b/src/alloc.c
>> @@ -6634,6 +6634,9 @@ mark_window (struct Lisp_Vector *ptr)
>>        mark_glyph_matrix (w->desired_matrix);
>>      }
>>=20=20
>> +  if (w->next)
>> +    mark_window (w->next);
>> +
>>    /* Filter out killed buffers from both buffer lists
>>       in attempt to help GC to reclaim killed buffers faster.
>>       We can do it elsewhere for live windows, but this is the
>
> Indeed, that seems to work!

Could you please replace that code with:

  if (!NILP (w->next)
      && !vectorlike_marked_p (&XWINDOW (w->next)->header))
    emacs_abort ();

And see if Emacs ever aborts?

I just remembered that the old garbage collector does not work the same
way as the one in my branch, so that bug shouldn't be possible.