From: npostavs@users.sourceforge.net
To: Eli Zaretskii <eliz@gnu.org>
Cc: 24751@debbugs.gnu.org
Subject: bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size")
Date: Sat, 05 Nov 2016 15:34:29 -0400 [thread overview]
Message-ID: <87mvhdoh4q.fsf@users.sourceforge.net> (raw)
In-Reply-To: <83h97nlknj.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 04 Nov 2016 10:22:08 +0200")
Eli Zaretskii <eliz@gnu.org> writes:
>> From: npostavs@users.sourceforge.net
>> Date: Thu, 20 Oct 2016 23:54:05 -0400
>>
>> So we we might want to fix the re_max_failures setting in main, but it
>> doesn't quite make sense to me that GROW_FAIL_STACK relies on
>> re_max_failures being a multiple of (sizeof (fail_stack_elt_t)). At the
>> definition of TYPICAL_FAILURE_SIZE we have
>>
>> /* Estimate the size of data pushed by a typical failure stack entry.
>> An estimate is all we need, because all we use this for
>> is to choose a limit for how big to make the failure stack. */
>> /* BEWARE, the value `20' is hard-coded in emacs.c:main(). */
>> #define TYPICAL_FAILURE_SIZE 20
>>
>> Why do we use an "estimate" here? What's wrong with just using
>> (re_max_failures * sizeof (fail_stack_elt_t)) as the limit? Or should
>> the limit actually be (re_max_failures * TYPICAL_FAILURE_SIZE * sizeof
>> (fail_stack_elt_t))?
>
> I think it should be the latter, indeed.
>
> Can you propose a patch along those lines that would remove the
> infloop in ENSURE_FAIL_STACK?
>
> Thanks.
The below seems to work, but effectively increases the size of the
failure stack (so the sample file size has to be increased 8-fold to get
a regex stack overflow). Strangely, changing the value in the
definition of re_max_failures doesn't seem to have any effect, it stays
40000 regardless. I am quite confused.
diff --git i/src/regex.c w/src/regex.c
index 1c6c9e5..163c5b4 100644
--- i/src/regex.c
+++ w/src/regex.c
@@ -1320,19 +1320,22 @@ WEAK_ALIAS (__re_set_syntax, re_set_syntax)
#define GROW_FAIL_STACK(fail_stack) \
(((fail_stack).size * sizeof (fail_stack_elt_t) \
- >= re_max_failures * TYPICAL_FAILURE_SIZE) \
+ >= re_max_failures * sizeof (fail_stack_elt_t) \
+ * TYPICAL_FAILURE_SIZE) \
? 0 \
: ((fail_stack).stack \
= REGEX_REALLOCATE_STACK ((fail_stack).stack, \
(fail_stack).size * sizeof (fail_stack_elt_t), \
- min (re_max_failures * TYPICAL_FAILURE_SIZE, \
+ min (re_max_failures * sizeof (fail_stack_elt_t) \
+ * TYPICAL_FAILURE_SIZE, \
((fail_stack).size * sizeof (fail_stack_elt_t) \
* FAIL_STACK_GROWTH_FACTOR))), \
\
(fail_stack).stack == NULL \
? 0 \
: ((fail_stack).size \
- = (min (re_max_failures * TYPICAL_FAILURE_SIZE, \
+ = (min (re_max_failures * sizeof (fail_stack_elt_t) \
+ * TYPICAL_FAILURE_SIZE, \
((fail_stack).size * sizeof (fail_stack_elt_t) \
* FAIL_STACK_GROWTH_FACTOR)) \
/ sizeof (fail_stack_elt_t)), \
next prev parent reply other threads:[~2016-11-05 19:34 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-21 3:54 bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size") npostavs
2016-11-04 8:22 ` Eli Zaretskii
2016-11-05 19:34 ` npostavs [this message]
2016-11-06 15:45 ` Eli Zaretskii
2016-11-13 5:39 ` npostavs
2016-11-13 16:12 ` Eli Zaretskii
2016-11-15 3:08 ` npostavs
2016-11-15 16:12 ` Eli Zaretskii
2016-11-16 1:06 ` npostavs
2016-11-16 16:25 ` Eli Zaretskii
2016-11-16 23:25 ` npostavs
2016-11-17 16:21 ` Eli Zaretskii
2016-11-19 10:02 ` Eli Zaretskii
2017-01-01 18:33 ` npostavs
2017-01-01 18:41 ` Eli Zaretskii
2017-01-01 18:57 ` npostavs
2017-01-01 20:06 ` Eli Zaretskii
2017-01-02 4:49 ` npostavs
2017-01-02 15:24 ` Eli Zaretskii
2017-01-02 18:30 ` npostavs
2017-01-02 19:22 ` Eli Zaretskii
2017-01-08 23:49 ` npostavs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mvhdoh4q.fsf@users.sourceforge.net \
--to=npostavs@users.sourceforge.net \
--cc=24751@debbugs.gnu.org \
--cc=eliz@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).