From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: npostavs@users.sourceforge.net Newsgroups: gmane.emacs.bugs Subject: bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size") Date: Wed, 16 Nov 2016 18:25:22 -0500 Message-ID: <87oa1fknx9.fsf@users.sourceforge.net> References: <87twc6tl0i.fsf@users.sourceforge.net> <83h97nlknj.fsf@gnu.org> <87mvhdoh4q.fsf@users.sourceforge.net> <83zilcipcr.fsf@gnu.org> <87a8d4lyzo.fsf@users.sourceforge.net> <83a8d3cq9s.fsf@gnu.org> <87wpg5l9st.fsf@users.sourceforge.net> <83d1hwhgdi.fsf@gnu.org> <87r36ckzca.fsf@users.sourceforge.net> <83polvfl3h.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1479338723 31966 195.159.176.226 (16 Nov 2016 23:25:23 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 16 Nov 2016 23:25:23 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) Cc: 24751@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Nov 17 00:25:18 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1c79Zt-0006o4-O0 for geb-bug-gnu-emacs@m.gmane.org; Thu, 17 Nov 2016 00:25:17 +0100 Original-Received: from localhost ([::1]:55611 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c79Zt-0004Am-GZ for geb-bug-gnu-emacs@m.gmane.org; Wed, 16 Nov 2016 18:25:17 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58237) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c79Zh-00046w-BO for bug-gnu-emacs@gnu.org; Wed, 16 Nov 2016 18:25:06 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c79Ze-0005ce-6K for bug-gnu-emacs@gnu.org; Wed, 16 Nov 2016 18:25:05 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:44548) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1c79Ze-0005cW-3U for bug-gnu-emacs@gnu.org; Wed, 16 Nov 2016 18:25:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1c79Zd-0004B8-Ny for bug-gnu-emacs@gnu.org; Wed, 16 Nov 2016 18:25:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: npostavs@users.sourceforge.net Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 16 Nov 2016 23:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 24751 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 24751-submit@debbugs.gnu.org id=B24751.147933868116030 (code B ref 24751); Wed, 16 Nov 2016 23:25:01 +0000 Original-Received: (at 24751) by debbugs.gnu.org; 16 Nov 2016 23:24:41 +0000 Original-Received: from localhost ([127.0.0.1]:59947 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1c79ZI-0004AU-S2 for submit@debbugs.gnu.org; Wed, 16 Nov 2016 18:24:41 -0500 Original-Received: from mail-it0-f42.google.com ([209.85.214.42]:38203) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1c79ZG-0004AG-LO for 24751@debbugs.gnu.org; Wed, 16 Nov 2016 18:24:39 -0500 Original-Received: by mail-it0-f42.google.com with SMTP id j191so2152320ita.1 for <24751@debbugs.gnu.org>; Wed, 16 Nov 2016 15:24:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=3IAAtItJLf5ekii13xP4oHVCljaxxSjX2IF223J6znw=; b=Jr3GvKB+GXmsFDeWoMMrZsZRiP9c5V/9HhGWfrTnWRLdPHjL68BJvXJ4Me7OYcVk/u XCUNEPMkDOvgYQanawfEgCjbkxaM/Y4fhtT8dRALLxNWTpOsaFKwGBZPxcLqRy/HbPcQ NtWO2+0mTKLqb4E4KeyoQyGnuBU7Y82Nf2bsqTXB8xHx4CRD0A8cWpbrLjrkRwgpID3V k8+83c331YEz5WtVOGFDSg8tcpHe38S0IrhiP/bLKfNBR+i6lt3WhH2Kv0nHyxhlQFAE qXhcHFXb82J3Heze1g6a0hG3DZLyOOqX7RnXqA7PsAH/hn4Zin9e3/G724Cnc36SXu1i I/Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=3IAAtItJLf5ekii13xP4oHVCljaxxSjX2IF223J6znw=; b=BzI2NPvpJpeX2mfHPOOmy5cRnBz01Fp5n8aIddnPmDGknvwNCzuvtZkOotD/MgarKY 2bs5beNmKEJXKmOV4NB/G9Zi8fCt8PDCIkGQiynhVxZDKBGsufg3dyczCZzNMKcU6CcJ AcwRR10jYGRdcfWQ0ivN2tTWqYQgxkVBFKZTO2Z5sVnuvOSb+kUlH7j1qozYDvjGR4uH e0l6cRLJIz4T7L2jv9IvHcNcMQDsPt8wGHAnpV2+mnMoUJouvkmI+w8W6Kt1kLdMb3eC 2TpYY1F6d5E5rFlcNxH9r38c+SUDD4S7F8tKaJpMPuQKvVGA+gMpOMoM+JvBPwg1nisi 81aQ== X-Gm-Message-State: ABUngverPGfyDGsUJ8IyoDNjaA+sC5hzpd+mTDPtq1pPAcNdb+vNG5u1TqtGercpb/6NUA== X-Received: by 10.36.76.22 with SMTP id a22mr615913itb.44.1479338672825; Wed, 16 Nov 2016 15:24:32 -0800 (PST) Original-Received: from zony ([45.2.7.65]) by smtp.googlemail.com with ESMTPSA id o144sm259322iod.40.2016.11.16.15.24.31 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 16 Nov 2016 15:24:31 -0800 (PST) In-Reply-To: <83polvfl3h.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 16 Nov 2016 18:25:22 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:125774 Archived-At: Eli Zaretskii writes: >> From: npostavs@users.sourceforge.net >> Cc: 24751@debbugs.gnu.org >> Date: Tue, 15 Nov 2016 20:06:29 -0500 >> >> >> @@ -869,6 +869,7 @@ main (int argc, char **argv) >> >> >> >> /* Don't let regex.c overflow the stack. */ >> >> re_max_failures = lim < extra ? 0 : min (lim - extra, SIZE_MAX) / ratio; >> >> + emacs_re_safe_alloca = re_max_failures * min_ratio; >> >> } >> >> #endif /* HAVE_SETRLIMIT and RLIMIT_STACK and not CYGWIN */ >> > >> > . we shouldn't set re_max_failures to zero if the amount of stack is >> > less than 'extra', since in that case we will allocate the failure >> > stack off the heap; >> >> Then what should we set it to? Maybe we shouldn't modify it at all, >> since the stack isn't actually a limiting factor? > > Yes, I think this is the best solution. > One more question, is this comment (around line 1198) now obsolete? (if not, it sounds like we might still have some serious problems) /* Define MATCH_MAY_ALLOCATE unless we need to make sure that the searching and matching functions should not call alloca. On some systems, alloca is implemented in terms of malloc, and if we're using the relocating allocator routines, then malloc could cause a relocation, which might (if the strings being searched are in the ralloc heap) shift the data out from underneath the regexp routines. Here's another reason to avoid allocation: Emacs processes input from X in a signal handler; processing X input may call malloc; if input arrives while a matching routine is calling malloc, then we're scrod. But Emacs can't just block input while calling matching routines; then we don't notice interrupts when they come in. So, Emacs blocks input around all regexp calls except the matching calls, which it leaves unprotected, in the faith that they will not malloc. */ Also this one (around line 430) /* Should we use malloc or alloca? If REGEX_MALLOC is not defined, we use `alloca' instead of `malloc'. This is because using malloc in re_search* or re_match* could cause memory leaks when C-g is used in Emacs; also, malloc is slower and causes storage fragmentation. On the other hand, malloc is more portable, and easier to debug. Because we sometimes use alloca, some routines have to be macros, not functions -- `alloca'-allocated space disappears at the end of the function it is called in. */