From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Keith David Bershatsky Newsgroups: gmane.emacs.bugs Subject: bug#27571: #27571; C stack overflow from `prin1' on deeply nested lisp object. Date: Tue, 09 Jan 2018 08:33:36 -0800 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Trace: blaine.gmane.org 1515515551 31535 195.159.176.226 (9 Jan 2018 16:32:31 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 9 Jan 2018 16:32:31 +0000 (UTC) Cc: 27571@debbugs.gnu.org, Noam Postavsky To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 09 17:32:27 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYwp5-0007eH-2W for geb-bug-gnu-emacs@m.gmane.org; Tue, 09 Jan 2018 17:32:23 +0100 Original-Received: from localhost ([::1]:32984 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eYwr4-0003hB-A8 for geb-bug-gnu-emacs@m.gmane.org; Tue, 09 Jan 2018 11:34:26 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34596) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eYwqm-0003dH-2V for bug-gnu-emacs@gnu.org; Tue, 09 Jan 2018 11:34:10 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eYwqh-0006Xv-2L for bug-gnu-emacs@gnu.org; Tue, 09 Jan 2018 11:34:08 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:41892) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eYwqg-0006XO-O3 for bug-gnu-emacs@gnu.org; Tue, 09 Jan 2018 11:34:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eYwqg-0000DO-Dj for bug-gnu-emacs@gnu.org; Tue, 09 Jan 2018 11:34:02 -0500 X-Loop: help-debbugs@gnu.org In-Reply-To: Resent-From: Keith David Bershatsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 09 Jan 2018 16:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27571 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: confirmed Original-Received: via spool by 27571-submit@debbugs.gnu.org id=B27571.1515515629807 (code B ref 27571); Tue, 09 Jan 2018 16:34:02 +0000 Original-Received: (at 27571) by debbugs.gnu.org; 9 Jan 2018 16:33:49 +0000 Original-Received: from localhost ([127.0.0.1]:49789 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYwqP-0000Ct-Cf for submit@debbugs.gnu.org; Tue, 09 Jan 2018 11:33:49 -0500 Original-Received: from gateway30.websitewelcome.com ([192.185.192.34]:24671) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYwqK-0000Cf-2V for 27571@debbugs.gnu.org; Tue, 09 Jan 2018 11:33:43 -0500 Original-Received: from cm13.websitewelcome.com (cm13.websitewelcome.com [100.42.49.6]) by gateway30.websitewelcome.com (Postfix) with ESMTP id 2BEF434D26 for <27571@debbugs.gnu.org>; Tue, 9 Jan 2018 10:33:39 -0600 (CST) Original-Received: from gator3053.hostgator.com ([50.87.144.69]) by cmsmtp with SMTP id YwqIewsYlBUMKYwqIe51CX; Tue, 09 Jan 2018 10:33:39 -0600 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lawlist.com ; s=default; h=Content-Type:MIME-Version:Subject:Cc:To:From:Message-ID:Date: Sender:Reply-To:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=vQna+CBlkx9zWWLyQllf25gYOpSMqyW19IPATofKcJ4=; b=kyHLqyenxbveEXmGK5C0QbfhrL s6ugUtQtHNVEG9c7/u6u6iNZCZUdLG4bR78em1fltRPNeiUvEYyu17RZW++ZtieNEluTrp5JJOp4c ud5y/00MKs8reZm9pv64k+mcpJJD7sbt9MCQSx315UFZhlf0vVB12S8Muuvw53HMixd261qO6eD+d rt/guzy7iuQe2gMCCtOJvYqIvg/Mfc53+IxV4kHvsRkSUpIzCqcHbVkezKL3Ko0oHzoWGEVOfdcid jF1dWzyDLjtkdXK2ygbCExbsEYJGdgdn+xDV4qcTtxJ9eHv4rYpcCsfR/sfKEt3x64CYOx2VzZyxV xB6xDkEg==; Original-Received: from cpe-45-48-239-195.socal.res.rr.com ([45.48.239.195]:49472 helo=server.private) by gator3053.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1eYwqH-00170y-Qn; Tue, 09 Jan 2018 10:33:38 -0600 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator3053.hostgator.com X-AntiAbuse: Original Domain - debbugs.gnu.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - lawlist.com X-BWhitelist: no X-Source-IP: 45.48.239.195 X-Source-L: No X-Exim-ID: 1eYwqH-00170y-Qn X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: cpe-45-48-239-195.socal.res.rr.com (server.private) [45.48.239.195]:49472 X-Source-Auth: lawlist X-Email-Count: 2 X-Source-Cap: bGF3bGlzdDtsYXdsaXN0O2dhdG9yMzA1My5ob3N0Z2F0b3IuY29t X-Local-Domain: yes X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:141930 Archived-At: Paul: I will use the layman's approach of performing git hard resets and going back in time -- building Emacs 25 and trying the test case. I used vc-region-history on emacs.c for the Emacs 25 branch and came up with just a few hits. I will start chiseling away with the layman's approach as time permits and report back with the results. Keith ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit 1564080f0b24551765d7068b9fc02f6e5a78fea3 Author: Paul Eggert Date: Sun Aug 31 19:37:22 2014 -0700 Clean up extern decls a bit. * configure.ac (WERROR_CFLAGS): Don't disable -Wnested-externs. While we're at it, don't disable -Wlogical-op either. * src/bytecode.c: Include blockinput.h and keyboard.h rather than rolling their APIs by hand. * src/emacs.c: Include regex.h and rely on its and lisp.h's API rather than rolling them by hand. * src/lastfile.c: Include lisp.h, to check this file's API. * src/lisp.h (lisp_eval_depth, my_edata, my_endbss, my_endbss_static): New decls. * src/regex.h (re_max_failures): New decl. * src/unexcw.c, src/unexmacosx.c, src/unexw32.c: Rely on lisp.h's API rather than rolling it by hand. * src/vm-limit.c (__after_morecore_hook, __morecore, real_morecore): Declare at top level, to pacify GCC -Wnested-externs. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -868,34 +866,33 @@ if (1 #ifndef CANNOT_DUMP && (!noninteractive || initialized) #endif && !getrlimit (RLIMIT_STACK, &rlim)) { long newlim; - extern size_t re_max_failures; /* Approximate the amount regex.c needs per unit of re_max_failures. */ int ratio = 20 * sizeof (char *); /* Then add 33% to cover the size of the smaller stacks that regex.c successively allocates and discards, on its way to the maximum. */ ratio += ratio / 3; /* Add in some extra to cover what we're likely to use for other reasons. */ newlim = re_max_failures * ratio + 200000; #ifdef __NetBSD__ /* NetBSD (at least NetBSD 1.2G and former) has a bug in its stack allocation routine for new process that the allocation fails if stack limit is not on page boundary. So, round up the new limit to page boundary. */ newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize (); #endif if (newlim > rlim.rlim_max) { newlim = rlim.rlim_max; /* Don't let regex.c overflow the stack we have. */ re_max_failures = (newlim - 200000) / ratio; } if (rlim.rlim_cur < newlim) rlim.rlim_cur = newlim; setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit 5e617bc2b62189768814fafd1a875e89a094d3ef Author: Juanma Barranquero Date: Fri Sep 9 03:06:52 2011 +0200 Whitespace changes. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -830,34 +830,34 @@ if (1 #ifndef CANNOT_DUMP && (!noninteractive || initialized) #endif && !getrlimit (RLIMIT_STACK, &rlim)) { long newlim; extern size_t re_max_failures; /* Approximate the amount regex.c needs per unit of re_max_failures. */ int ratio = 20 * sizeof (char *); /* Then add 33% to cover the size of the smaller stacks that regex.c successively allocates and discards, on its way to the maximum. */ ratio += ratio / 3; /* Add in some extra to cover what we're likely to use for other reasons. */ newlim = re_max_failures * ratio + 200000; #ifdef __NetBSD__ /* NetBSD (at least NetBSD 1.2G and former) has a bug in its stack allocation routine for new process that the allocation fails if stack limit is not on page boundary. So, round up the new limit to page boundary. */ - newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize(); + newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize (); #endif if (newlim > rlim.rlim_max) { newlim = rlim.rlim_max; /* Don't let regex.c overflow the stack we have. */ re_max_failures = (newlim - 200000) / ratio; } if (rlim.rlim_cur < newlim) rlim.rlim_cur = newlim; setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit fa8459a34e076cacde3b7c259af9b5dd84b60802 Author: Dan Nicolaescu Date: Fri Sep 30 22:38:16 2005 +0000 * image.c (slurp_file, xbm_read_bitmap_data): Cast to the correct type. * xterm.c (handle_one_xevent, handle_one_xevent): Likewise. * unexelf.c (fatal): Fix prototype. * term.c (fatal): Implement using varargs. * regex.c (re_char): Move typedef ... * regex.h (re_char): ... here. (re_iswctype, re_wctype, re_set_whitespace_regexp): New prototypes. * emacs.c (malloc_set_state): Fix return type. (endif): Fix type. * lisp.h (fatal): Add argument types. * dispextern.h (fatal): Delete prototype. * systime.h: (make_time): Prototype moved from ... * editfns.c (make_time): ... here. * editfns.c: Move systime.h include after lisp.h. * dired.c: * xsmfns.c: * process.c: Likewise. * alloc.c (old_malloc_hook, old_realloc_hook, old_realloc_hook): Add parameter types. (__malloc_hook, __realloc_hook, __free_hook): Fix prototypes. (emacs_blocked_free): Change definition to match __free_hook. (emacs_blocked_malloc): Change definition to match __malloc_hook. (emacs_blocked_realloc): Change definition to match __realloc_hook. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -997,34 +997,34 @@ if (1 #ifndef CANNOT_DUMP && (!noninteractive || initialized) #endif && !getrlimit (RLIMIT_STACK, &rlim)) { long newlim; - extern int re_max_failures; + extern size_t re_max_failures; /* Approximate the amount regex.c needs per unit of re_max_failures. */ int ratio = 20 * sizeof (char *); /* Then add 33% to cover the size of the smaller stacks that regex.c successively allocates and discards, on its way to the maximum. */ ratio += ratio / 3; /* Add in some extra to cover what we're likely to use for other reasons. */ newlim = re_max_failures * ratio + 200000; #ifdef __NetBSD__ /* NetBSD (at least NetBSD 1.2G and former) has a bug in its stack allocation routine for new process that the allocation fails if stack limit is not on page boundary. So, round up the new limit to page boundary. */ newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize(); #endif if (newlim > rlim.rlim_max) { newlim = rlim.rlim_max; /* Don't let regex.c overflow the stack we have. */ re_max_failures = (newlim - 200000) / ratio; } if (rlim.rlim_cur < newlim) rlim.rlim_cur = newlim; setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit 03effc232ed9b79aba077d912f17dd844d703e5e Author: Karl Heuer Date: Thu Dec 4 05:53:41 1997 +0000 (main): Fix the stack-limit code to calculate the ratio for re_max_failures accurately and leave some extra slack. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -590,28 +590,34 @@ if (1 #ifndef CANNOT_DUMP && (!noninteractive || initialized) #endif && !getrlimit (RLIMIT_STACK, &rlim)) { long newlim; extern int re_max_failures; - /* Approximate the amount regex.c needs, plus some more. */ - newlim = re_max_failures * 2 * 20 * sizeof (char *); + /* Approximate the amount regex.c needs per unit of re_max_failures. */ + int ratio = 20 * sizeof (char *); + /* Then add 33% to cover the size of the smaller stacks that regex.c + successively allocates and discards, on its way to the maximum. */ + ratio += ratio / 3; + /* Add in some extra to cover + what we're likely to use for other reasons. */ + newlim = re_max_failures * ratio + 200000; #ifdef __NetBSD__ /* NetBSD (at least NetBSD 1.2G and former) has a bug in its stack allocation routine for new process that the allocation fails if stack limit is not on page boundary. So, round up the new limit to page boundary. */ newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize(); #endif if (newlim > rlim.rlim_max) { newlim = rlim.rlim_max; - /* Don't let regex.c overflow the stack. */ - re_max_failures = newlim / (2 * 20 * sizeof (char *)); + /* Don't let regex.c overflow the stack we have. */ + re_max_failures = (newlim - 200000) / ratio; } if (rlim.rlim_cur < newlim) rlim.rlim_cur = newlim; setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit 6c2935e99fd15a0c10a4a648a09a499076e031c1 Author: Richard M. Stallman Date: Fri Aug 15 05:07:01 1997 +0000 (main): Update re_max_failures so regex.c won't overflow the stack, except when dumping. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -582,20 +585,28 @@ - /* Extend the stack space available. */ - if (!getrlimit (RLIMIT_STACK, &rlim)) + if (1 +#ifndef CANNOT_DUMP + && (!noninteractive || initialized) +#endif + && !getrlimit (RLIMIT_STACK, &rlim)) { long newlim; + extern int re_max_failures; /* Approximate the amount regex.c needs, plus some more. */ - newlim = 800000 * sizeof (char *); + newlim = re_max_failures * 2 * 20 * sizeof (char *); #ifdef __NetBSD__ /* NetBSD (at least NetBSD 1.2G and former) has a bug in its stack allocation routine for new process that the allocation fails if stack limit is not on page boundary. So, round up the new limit to page boundary. */ newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize(); #endif if (newlim > rlim.rlim_max) - newlim = rlim.rlim_max; + { + newlim = rlim.rlim_max; + /* Don't let regex.c overflow the stack. */ + re_max_failures = newlim / (2 * 20 * sizeof (char *)); + } if (rlim.rlim_cur < newlim) rlim.rlim_cur = newlim; setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit d0381a7fa3f50d1042a2372eb23b6f03299aaaa5 Author: Richard M. Stallman Date: Wed Jul 9 00:07:19 1997 +0000 (main) [__NetBSD__]: Round up new stack limit to page bdry. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -581,13 +581,20 @@ /* Extend the stack space available. */ if (!getrlimit (RLIMIT_STACK, &rlim)) { long newlim; /* Approximate the amount regex.c needs, plus some more. */ newlim = 800000 * sizeof (char *); +#ifdef __NetBSD__ + /* NetBSD (at least NetBSD 1.2G and former) has a bug in its + stack allocation routine for new process that the allocation + fails if stack limit is not on page boundary. So, round up the + new limit to page boundary. */ + newlim = (newlim + getpagesize () - 1) / getpagesize () * getpagesize(); +#endif if (newlim > rlim.rlim_max) newlim = rlim.rlim_max; if (rlim.rlim_cur < newlim) rlim.rlim_cur = newlim; setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit 509a8fcde89b144b6638693f1bbeb854e7aa492c Author: Richard M. Stallman Date: Mon Feb 3 02:51:09 1997 +0000 (main): Don't extend stack limit too far. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -553,6 +553,13 @@ /* Extend the stack space available. */ if (!getrlimit (RLIMIT_STACK, &rlim)) { - rlim.rlim_cur = rlim.rlim_max; + long newlim; + /* Approximate the amount regex.c needs, plus some more. */ + newlim = 800000 * sizeof (char *); + if (newlim > rlim.rlim_max) + newlim = rlim.rlim_max; + if (rlim.rlim_cur < newlim) + rlim.rlim_cur = newlim; + setrlimit (RLIMIT_STACK, &rlim); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; commit 53c58b5d489f21fdeb5f3d011e34638f8124fb91 Author: Richard M. Stallman Date: Sun Sep 1 20:47:10 1996 +0000 [HAVE_SETRLIMIT]: Include time.h and resource.h. (main) [HAVE_SETRLIMIT]: Call setrlimit to extend the stack limit. New local `rlim'. diff --git a/src/emacs.c b/src/emacs.c --- a/src/emacs.c +++ b/src/emacs.c @@ -504,0 +513,6 @@ + /* Extend the stack space available. */ + if (!getrlimit (RLIMIT_STACK, &rlim)) + { + rlim.rlim_cur = rlim.rlim_max; + setrlimit (RLIMIT_STACK, &rlim); + } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DATE: [01-08-2018 23:53:05] <8 Jan 2018 23:53:05 -0800> FROM: Paul Eggert > > * * * > > That commit was a merge commit, and installed all sorts of changes. The patch > you sent reverses just part of the commit. It'd be helpful to know the original > commit that caused the problem, as opposed to the later merge. > > Also, the patch undoes some fixes, such as integer overflow checking, that we'd > like to keep. This is another reason that it'd be helpful to know the original > commit. Alternatively, it'd be helpful to know why the patch fixes the bug, so > that we can keep that part of the patch without discarding other fixes from the > source.