bug#58042: 29.0.50; ASAN use-after-free in re_match_2

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal

From:	Gerd Möllmann
Subject:	bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date:	Sun, 25 Sep 2022 09:06:59 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (darwin)

Eli Zaretskii <eliz@gnu.org> writes:

>       #14 0x1000f2340 in redisplay_internal xdisp.c:16523
>       #15 0x100108f34 in redisplay xdisp.c:16105
>
> AFAIU, this says that the GC which freed the string data was caused by
> safe__call1 inside prepare_menu_bars, which was called from
> redisplay_internal.

Ah, okay!  Sorry, I didn't remember that redisplay on the stack.  Please
see below.

> Yes, but I have difficulty with the fact that GC was caused by
> redisplay, and redisplay cannot be invoked while we are in
> re_match_2_internal, AFAIK.  So something else is missing here (or
> maybe I'm misinterpreting the ASAN report you posted).

The second and third backtrace that ASAN displays (freed by, and
previously allocated) are not backtraces directly involved in the crash.
They display some history related to the pointer that causes the crash.

When something is allocated or freed, ASAN records callstacks that show
from where that happens.  Also, in the case pf free, it somehow arranges
that accessing that freed memory leads to a signal.  I think it uses VM
page protection for that.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/24
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/24
  - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/24
  - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/09/24
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/24
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/09/24
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/25
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/09/25
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann <=
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/09/25
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/25
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/09/25
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/09/26

Prev by Date: bug#58064: 29.0.50; XHTML+ mode misinterpretes apostrophe in element text
Next by Date: bug#50951: 28.0.50; Urdu text is not displayed correctly
Previous by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Next by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Index(es):
- Date
- Thread