bug#58042: 29.0.50; ASAN use-after-free in re_match_2

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal

From:	Gerd Möllmann
Subject:	bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date:	Mon, 26 Sep 2022 07:13:05 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (darwin)

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Gerd Möllmann <gerd.moellmann@gmail.com>
>> Cc: 58042@debbugs.gnu.org
>> Date: Sun, 25 Sep 2022 10:28:48 +0200
>> 
>> So, the question seems to be what scenario would create a live string
>> that points into a freed sdata struct.
>
> That sounds highly improbable to me.  But stranger things have
> happened...

Yeah :-/.

In the meantime, and in an attempt to get some more information, I've
made me a script that starts Emacs in LLDB, with my init file, and exits
Emacs after a delay, and then does things in LLDB depending on what
happened.

I left that script running over night, and the result wasn't very
helpful.  After almost 2 hours of running, I got an ASAN error in
copyRect:(NSRect)srcRect to:(NSPoint)dest, nsterm.m.  And LLDB crashed
again.

This is with HEAD 568920a5b703e80c43e1b6f31778ea5776218a1e.

I meanwhile wonder what that all means.  An "invalid display" that isn't
reproducible, a crash in regexp, a crash in copyRect, and then the
crashes in LLDB itself.

I think I'll let that sit for a bit.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, (continued)

Prev by Date: bug#58063: 29.0.50; MacOS invalid display identifier
Next by Date: bug#57995: <wheel-right> with pixel-scroll-precision-mode
Previous by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Next by thread: bug#57376: 28.1; rcirc-fill-flag ignored after 27->28 upgrade
Index(es):
- Date
- Thread