* Re: [Emacs-diffs] emacs-25 fe27e03: Fix rx matcher overflow without limiting
[not found] ` <E1a8Ws5-00057V-DG@vcs.savannah.gnu.org>
@ 2015-12-14 17:34 ` Stefan Monnier
2015-12-14 17:56 ` Tassilo Horn
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Monnier @ 2015-12-14 17:34 UTC (permalink / raw)
To: emacs-devel; +Cc: Tassilo Horn
> - "\\[[^][]\\{0,2000\\}\\<label[[:space:]]*=[[:space:]]*{?\\(?1:[^],}]+\\)}?")
> + ;;
> + ;; If you think the first shy group is a bit strange, it is like
> + ;; that in order not to overflow the regexp matcher stack in the
> + ;; presence of unbalanced brackets, i.e., a [ and then no
> + ;; closing bracket anymore. In "[^[],]*,", the "*" repetition
> + ;; will be done without any need to record state for eventual
> + ;; backtracking because the "," is mutually exclusive with the
> + ;; "[^][,]", and the regexp matcher includes a special
> + ;; optimization for that case since it's common and very
> + ;; useful). (Hint by Stefan Monnier)
> + "\\[\\(?:[^][,]*,\\)*[ \t]*\\<label[[:space:]]*=[[:space:]]*{?\\(?1:[^],}]+\\)}?")
As mentioned in my email, this doesn't remove all risks of overflows,
since the second * still requires stashing the state onto the stack for
backtracking, but that's only "once per comma" instead of "once
per char", so in practice we can hope we won't bump into it.
Stefan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Emacs-diffs] emacs-25 fe27e03: Fix rx matcher overflow without limiting
2015-12-14 17:34 ` [Emacs-diffs] emacs-25 fe27e03: Fix rx matcher overflow without limiting Stefan Monnier
@ 2015-12-14 17:56 ` Tassilo Horn
2015-12-14 17:58 ` Stefan Monnier
0 siblings, 1 reply; 3+ messages in thread
From: Tassilo Horn @ 2015-12-14 17:56 UTC (permalink / raw)
To: Stefan Monnier; +Cc: emacs-devel
Stefan Monnier <monnier@IRO.UMontreal.CA> writes:
>> - "\\[[^][]\\{0,2000\\}\\<label[[:space:]]*=[[:space:]]*{?\\(?1:[^],}]+\\)}?")
>> + ;;
>> + ;; If you think the first shy group is a bit strange, it is like
>> + ;; that in order not to overflow the regexp matcher stack in the
>> + ;; presence of unbalanced brackets, i.e., a [ and then no
>> + ;; closing bracket anymore. In "[^[],]*,", the "*" repetition
>> + ;; will be done without any need to record state for eventual
>> + ;; backtracking because the "," is mutually exclusive with the
>> + ;; "[^][,]", and the regexp matcher includes a special
>> + ;; optimization for that case since it's common and very
>> + ;; useful). (Hint by Stefan Monnier)
>> + "\\[\\(?:[^][,]*,\\)*[ \t]*\\<label[[:space:]]*=[[:space:]]*{?\\(?1:[^],}]+\\)}?")
>
> As mentioned in my email, this doesn't remove all risks of overflows,
> since the second * still requires stashing the state onto the stack for
> backtracking, but that's only "once per comma" instead of "once
> per char", so in practice we can hope we won't bump into it.
I thought I had understood that but apparently not. My guess was that
commas improve the situation whereas it's exactly the other way round.
So with my test file
--8<---------------cut here---------------start------------->8---
\documentclass{article}
\begin{document}
[\}
foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo
foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo
[100000 times that line again]
--8<---------------cut here---------------end--------------->8---
I did not get an overflow. But after changing the file so that every
foo-line ends with a comma (which is more realistic "prose"), the
overflow re-appeared.
So in the end I reverted my commit. On the one hand, the test file is
not overly realistic, i.e., usually when you use unbalanced brackets
you're probably writing some math stuff, and then you'll probably also
have a closing ] somewhere within reach. But on the other hand, the
limit of the label=... being at least 2000 chars away from the beginning
of the optional arguments block is safer, simpler, and won't possibly be
invalidated.
Bye,
Tassilo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Emacs-diffs] emacs-25 fe27e03: Fix rx matcher overflow without limiting
2015-12-14 17:56 ` Tassilo Horn
@ 2015-12-14 17:58 ` Stefan Monnier
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Monnier @ 2015-12-14 17:58 UTC (permalink / raw)
To: emacs-devel
> So in the end I reverted my commit. On the one hand, the test file is
> not overly realistic, i.e., usually when you use unbalanced brackets
> you're probably writing some math stuff, and then you'll probably also
> have a closing ] somewhere within reach. But on the other hand, the
> limit of the label=... being at least 2000 chars away from the beginning
> of the optional arguments block is safer, simpler, and won't possibly be
> invalidated.
Sounds fine, yes,
Stefan
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-14 17:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20151214172513.19647.43539@vcs.savannah.gnu.org>
[not found] ` <E1a8Ws5-00057V-DG@vcs.savannah.gnu.org>
2015-12-14 17:34 ` [Emacs-diffs] emacs-25 fe27e03: Fix rx matcher overflow without limiting Stefan Monnier
2015-12-14 17:56 ` Tassilo Horn
2015-12-14 17:58 ` Stefan Monnier
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).