bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size"

[Noam Postavsky]

On Mon, Oct 24, 2016 at 9:39 AM, Eli Zaretskii <eliz@gnu.org> wrote:
>> From: npostavs@users.sourceforge.net
>> Cc: 24358@debbugs.gnu.org,  sam.halliday@gmail.com
>> Date: Mon, 24 Oct 2016 09:29:21 -0400
>>
>> >   regstart[*p] = d;
>> >   [...]
>> >   regs->start[reg] = POINTER_TO_OFFSET (regstart[reg]);
>> >
>> > POINTER_TO_OFFSET assumes that the pointer in regstart[reg] is
>> > consistent with the current base address of the string into which it
>> > points.  Did you study this aspect of regex.c when you decided which
>> > values need to be affected by relocation?
>>
>> I did not look at that before, but looking now, I don't see why it would
>> be a problem.  I put the base address updating code around the only
>> place where malloc may be called, so string1 and string2 (which
>> POINTER_TO_OFFSET uses) should always be consistent with the base
>> address (unless there is some other malloc call that I missed?).
>
> What bothers me is this: could it be that relocation happens between
> the first and the second line above?  If it can, then what
> POINTER_TO_OFFSET does will be inconsistent with the base address at
> the time regstart[*p] was assigned the value of d.
>
> The code runs in a loop, or so it seems, so it's hard to reason about
> time sequences.

Oh, I see. Yes, I think you're right, the pointers stored in regstart,
regend, and fail_stack could become inconsistent. Hard to say what
kind of regex could trigger it, but it seems quite possible.