From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs Date: Fri, 07 Oct 2022 14:44:02 +0300 Message-ID: <83h70foo3h.fsf@gnu.org> References: <87mta8qx48.fsf@yahoo.com> <83v8ownmi1.fsf@gnu.org> <83r0zjopre.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="17182"; mail-complaints-to="usenet@ciao.gmane.io" Cc: luangruo@yahoo.com, 58334@debbugs.gnu.org To: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Oct 07 15:22:09 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ognIm-0004HL-Vx for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 07 Oct 2022 15:22:09 +0200 Original-Received: from localhost ([::1]:34154 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ognIl-0001pt-Iv for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 07 Oct 2022 09:22:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:47050) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oglmo-0005cE-T0 for bug-gnu-emacs@gnu.org; Fri, 07 Oct 2022 07:45:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:35474) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oglmo-00042n-Kf for bug-gnu-emacs@gnu.org; Fri, 07 Oct 2022 07:45:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oglmo-0003Rw-Fv for bug-gnu-emacs@gnu.org; Fri, 07 Oct 2022 07:45:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 07 Oct 2022 11:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58334 X-GNU-PR-Package: emacs Original-Received: via spool by 58334-submit@debbugs.gnu.org id=B58334.166514305213184 (code B ref 58334); Fri, 07 Oct 2022 11:45:02 +0000 Original-Received: (at 58334) by debbugs.gnu.org; 7 Oct 2022 11:44:12 +0000 Original-Received: from localhost ([127.0.0.1]:34552 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ogllz-0003QZ-SO for submit@debbugs.gnu.org; Fri, 07 Oct 2022 07:44:12 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:56892) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ogllx-0003QM-SP for 58334@debbugs.gnu.org; Fri, 07 Oct 2022 07:44:10 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:54326) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oglls-0003xh-FJ; Fri, 07 Oct 2022 07:44:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=EZelO/4HG4len7mCSOZZe1Cnoc8fYViEFhAp0T6gi3w=; b=J4heywzN80tV72OrZLIm VYANeSx4WLu+EUT/1iwEimZDTAFvpZCCMP6YsMs3GE9GakrQMuktnB/bmN0ZmV3j9U/V8/j1QvMHJ +Q1jcGyjLJFQg827NPZ36oo4h5dpCgtq68lDMKEJI9SwqXdreEgUfYUeeAGFUBLCcfXKWjTohEdz/ rEnuQz8mYAnZIs2Es0fctehsqNpPh6HPk6ojwpQovMCOYqsTGPqeYwQTu3xmtVwkXXK/lrTTjefht uBJ5VjyHvzTDWgsZkIgQFejWwjPGXXLfi8ZlXk255+1ZBED5UROxx3u6MyOqAk2FOa8hVR+jQp+eL BiDaRgq3AfENBA==; Original-Received: from [87.69.77.57] (port=2486 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ogllr-0006hO-SO; Fri, 07 Oct 2022 07:44:04 -0400 In-Reply-To: (message from Gerd =?UTF-8?Q?M=C3=B6llmann?= on Fri, 07 Oct 2022 13:29:38 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:244762 Archived-At: > From: Gerd Möllmann > Cc: luangruo@yahoo.com, 58334@debbugs.gnu.org > Date: Fri, 07 Oct 2022 13:29:38 +0200 > > If we don't change some other shared state, then we're safe if we > prevent freeing faces? That's would be good. Yes, I think so. But preventing freeing the faces is a losing game, in the long run, because we cannot prevent that forever without adversely affecting the Emacs memory footprint. I think a better way is to re-generate the faces when we discover they were freed. This is easy for the basic faces, but fundamentally impossible for non-basic ones. That's why I asked you earlier whether the offending face was a basic one. However, I think we can rely on inhibit_free_realized_faces to avoid freeing non-basic faces, if we use that flag in strategic places. Basically, non-basic faces are realized and cached by redisplay itself, so theoretically we should be able to prevent their freeing (and perhaps we already have that in place, see redisplay_internal). So I would recommend to fix FACE_FROM_ID to re-generate the basic faces if needed, on the assumption that the cases where we have problems with using face ID are limited to basic faces. If, after that, we will find cases with non-basic faces, I'd first look for more opportunities to use inhibit_free_realized_faces. One other thing is that inhibit_free_realized_faces is a boolean, so if nesting is possible, it cannot support such nesting; we'd need a reference count instead.