From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Newsgroups: gmane.emacs.bugs Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal Date: Wed, 05 Oct 2022 06:37:58 +0200 Message-ID: References: <83edvnv965.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14997"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 58042@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 06:39:29 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ofwBs-0003j2-VW for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 06:39:28 +0200 Original-Received: from localhost ([::1]:54414 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ofwBr-0000JR-N1 for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 00:39:27 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:59708) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ofwBT-0000J0-3c for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 00:39:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:56498) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ofwBS-0006sI-JG for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 00:39:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ofwBS-0002N7-6f for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 00:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Oct 2022 04:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58042 X-GNU-PR-Package: emacs Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.16649446919047 (code B ref 58042); Wed, 05 Oct 2022 04:39:02 +0000 Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 04:38:11 +0000 Original-Received: from localhost ([127.0.0.1]:55576 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ofwAd-0002Lr-1n for submit@debbugs.gnu.org; Wed, 05 Oct 2022 00:38:11 -0400 Original-Received: from mail-ed1-f45.google.com ([209.85.208.45]:41954) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ofwAZ-0002LP-Ju for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 00:38:09 -0400 Original-Received: by mail-ed1-f45.google.com with SMTP id z97so21398718ede.8 for <58042@debbugs.gnu.org>; Tue, 04 Oct 2022 21:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date; bh=dumUcRMcHCvySp8pk5G+5NMXa5dfGePrVB2tZsvYR5U=; b=jeBdDoq1uRol9IXvB9MwDaJV21gsRroMaf57qCpkbrHs6tFYeVaIPPnvpIYdWiNCIH Sxxxidjwmxnx7+iJBo9SIUrR8CfK0ShP/5har97Bo4gVGBeiPPBeRmtb/SlozXzRkdRA QryAn6AiMhv7Aj34c1ZkesP7ycs1cwJEolcsivj6fx15HMZX7Sz7c+f/D2YKFxq9rkxL 6bWOukskHwMAh3mqOrv2QSJrxggbeMOss3SwdpbUVmOdNA2oKantDvQXUHVdjqtvGqN8 ppm53JcJKVJcuXDzghXQzhDplfgTN5Fn9AUP3DHOfr2RPjXRi3XfJCvXfVAIJZKfkj39 Orbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date; bh=dumUcRMcHCvySp8pk5G+5NMXa5dfGePrVB2tZsvYR5U=; b=nuUYdqYgF78Qt+5qh5+rIiaVyhRKN5YFPVWQcxi4JlwoNonE+Usa5fiop8ie6te+Rr t+PyLZsQo9HVaaz88ORdgZNhTspS6GqNFjQsGlI3bjoOmVzBgYzLDtcW8C6PyCcvOtHE bQYdCJtUEHIXOCNS4aHrT1jyxbUVS2WCJANTEDjiXwfRlAl4W+Bfsq9Dx21Qc65J5cld NN3aVU3xrJFUFa+51S+3NmJQYtkx8ih9Imof1/BVFjtERQo3sPSVOD8nQbt9FMTNFjtF S+/RVAN/aKwkhAT7BNvG/7VwSm7EHMroa975N8gfU+FJgJHacRed5GMqi9dteScgJsKG lC7A== X-Gm-Message-State: ACrzQf0H7RvXWohu07W4gUZ+FM1kZO4VPQ/s2WoSQcfcslAAYQhoR+Ej dU+0Hs1uUt0eUXn6r/OYW+ZzSO+QyGA= X-Google-Smtp-Source: AMsMyM5v5AA5JDfdwZQ3SL3FFngVXqSDt7tD/wlY0/7jeFXAU6j+0VvIBh16Pg+a1RNzz5il+0VV5w== X-Received: by 2002:a05:6402:2409:b0:456:f97b:3794 with SMTP id t9-20020a056402240900b00456f97b3794mr27006352eda.145.1664944680935; Tue, 04 Oct 2022 21:38:00 -0700 (PDT) Original-Received: from Mini.fritz.box (pd9e36cc6.dip0.t-ipconnect.de. [217.227.108.198]) by smtp.gmail.com with ESMTPSA id l12-20020aa7c30c000000b00458898fe90asm2926416edq.5.2022.10.04.21.37.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Oct 2022 21:38:00 -0700 (PDT) In-Reply-To: <83edvnv965.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 04 Oct 2022 19:35:30 +0300") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244483 Archived-At: Eli Zaretskii writes: >> From: Gerd M=C3=B6llmann >> Date: Tue, 04 Oct 2022 16:33:45 +0200 >>=20 >> 0x00011f90d0a1 is located 1953 bytes inside of 8184-byte region [0x00011= f90c900,0x00011f90e8f8) >> freed by thread T0 here: >> #0 0x103332de4 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib= :arm64e+0x3ede4) >> #1 0x100985df8 in rpl_free free.c:48 >> #2 0x1005b6e7c in lisp_free alloc.c:1038 > > Any idea how is the above related to the other two backtraces? Why > don't I see 'main' at the top of the backtrace here? Can the > sanitizer be asked to produce more than 30 backtrace frames? The three backtraces are printed by the ASAN lib, with or without LLDB. >From top to bottom we're going into the past 1. Present =3D Where the problem was found with the pointer 2. Past =3D where the memory block was freed that the pointer is in. 3. Pre-Past =3D where block was allocated that is freed in (2) I don't know why the ASAN output in (1) stops after 30 frames. And I don't know if the 30 can be changed. But 30 for (2) and (3) seems reasonable to me. After all, this means 2 * 30 pointers most be recorded per allocated memory block, and that's a quite noticeable overhead, performance-wise. 30 looks like a heuristic. More make programs slower, less is less helpful. When running under LLDB, we stop at (1), and can see the full callstack, if we want, starting in the ASAN lib where it signals SIGABRT, and going up to main etc.