From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Thu, 06 Oct 2022 07:35:26 +0200
Message-ID: <m27d1dfra9.fsf@Mini.fritz.box>
References: <m2zgeoc2d8.fsf@Mini.fritz.box>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="23212"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (darwin)
To: 58042@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Oct 06 07:36:22 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1ogJYR-0005uY-PN
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 06 Oct 2022 07:36:19 +0200
Original-Received: from localhost ([::1]:54526 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1ogJYQ-00076L-KS
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 06 Oct 2022 01:36:18 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42134)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ogJYB-00075u-0S
 for bug-gnu-emacs@gnu.org; Thu, 06 Oct 2022 01:36:03 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:59485)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ogJYA-0005MD-Oc
 for bug-gnu-emacs@gnu.org; Thu, 06 Oct 2022 01:36:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ogJYA-00022n-FC
 for bug-gnu-emacs@gnu.org; Thu, 06 Oct 2022 01:36:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 06 Oct 2022 05:36:02 +0000
Resent-Message-ID: <handler.58042.B58042.16650345387827@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 58042
X-GNU-PR-Package: emacs
Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.16650345387827
 (code B ref 58042); Thu, 06 Oct 2022 05:36:02 +0000
Original-Received: (at 58042) by debbugs.gnu.org; 6 Oct 2022 05:35:38 +0000
Original-Received: from localhost ([127.0.0.1]:58563 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1ogJXm-00022A-75
 for submit@debbugs.gnu.org; Thu, 06 Oct 2022 01:35:38 -0400
Original-Received: from mail-ed1-f52.google.com ([209.85.208.52]:38603)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <gerd.moellmann@gmail.com>) id 1ogJXj-00021u-77
 for 58042@debbugs.gnu.org; Thu, 06 Oct 2022 01:35:37 -0400
Original-Received: by mail-ed1-f52.google.com with SMTP id l22so1262072edj.5
 for <58042@debbugs.gnu.org>; Wed, 05 Oct 2022 22:35:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; 
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:to:from:from:to:cc:subject:date;
 bh=5xri2+ORbSr7WQwkSDylKiz+vaRWLyEtpGCwu/wjP5M=;
 b=EJGa3ygAETigAhWLEu4C9rwVLpfaNEWkuy9Gikya81Wo382cI6QOR7gfgWUnm6H6+E
 Mk9DLeJ8e/9uswFkYT+Xv/WNbJxC+LXH9YjUcr78FxuhrH4chsSA9KnFIEQO0ETQihmg
 9mZq2pu7ecJwZmmsIp/PfVwAKLxtjle6eqLydwGYnZwvNJvdJCxaDwP5eSRpl+R9YvlJ
 doGdII2j7UsH+VPqK89H/UVLtw0ReqsM5JWOV9Y9+ZPm64ErvwFFj0zukgTjyBw/zaf1
 iI1LFPRsGWY5XTNLZXLEXA4klJRs/z7htOlYKbKrztMLLHHs5h4O7Uw17gWEL4iWH/WA
 r+uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:to:from:x-gm-message-state:from:to:cc:subject:date;
 bh=5xri2+ORbSr7WQwkSDylKiz+vaRWLyEtpGCwu/wjP5M=;
 b=nUn6pG2QF4O19FR7A0nBe0mFF0/eeWtA/IalOXFU7xCiuJrbv7jOXByKTkiJroZ16g
 brLP63bO14wFrNlU0MR78p7FBnsQuwEcfJCpcCIg5Aa4HjfvGwcRal24Ef29sHbTRjP7
 B1UWY7Ry3oAARQ1Dj1tTkLfQImakyyNL3bk8HABtpYNF9hbYb7shU7TteEjFElpsud3g
 lmApHyAoco2OHXRwxlmO/Skj04r0gBpE3WXaGjTjFCDa6o/3YmgFDDBA3xToyktqMymy
 RwEVoF239h8x33FPBrbNz8XQWs/dvIP7Fkm71NGi3Winhn3UZ7+dtEfG+uokH4RdVG2o
 zerA==
X-Gm-Message-State: ACrzQf0agQ4uYGQG4d4moyWelhWk2WDIjqHiIbk+mO7nbr0OFN5otHRn
 S8izV+mEJwMj+1koU/Dd+s12jkF4ScMWNQ==
X-Google-Smtp-Source: AMsMyM7E29asy7OpYWEY8AvWMzCd0HGXtxJfMIxVXiYA99k+NCpg2Uxg9GWrBczvJNqhhvAMR5ALzw==
X-Received: by 2002:aa7:c607:0:b0:458:fe72:4756 with SMTP id
 h7-20020aa7c607000000b00458fe724756mr2950874edq.423.1665034527812; 
 Wed, 05 Oct 2022 22:35:27 -0700 (PDT)
Original-Received: from Mini.fritz.box (pd9e36a85.dip0.t-ipconnect.de.
 [217.227.106.133]) by smtp.gmail.com with ESMTPSA id
 21-20020a170906301500b00738467f743dsm9695091ejz.5.2022.10.05.22.35.26
 for <58042@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 05 Oct 2022 22:35:27 -0700 (PDT)
In-Reply-To: <m2zgeoc2d8.fsf@Mini.fritz.box> ("Gerd
 =?UTF-8?Q?M=C3=B6llmann?="'s message of "Sat, 24 Sep 2022 15:45:39 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:244594
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/244594>

Can we come to a decision about what to do with probably_quit, based
what we know now?  The threads under this bug are a bit deep and
complicated, so I'd like to make this a bit more visible.

I think the problem has been analyized to be:

1. The re_matcher uses char* pointer P into data of string S.
2. The re_matcher uses maybe_quit
3. maybe_quit can call garbage_collect
4. garbage_collect can call Lisp (finalizers, redisplay)
(4a. That Lisp can again garbage_collect)
5. One of the GCs can relocate the string data of S in step 1.
6. P is then invalid.

Possible solution:

Inhibit GC in probably_quit, so that P remains valid.

Q: Should we do that?  And if so, when?