[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
From: |
Gerd Möllmann |
Subject: |
bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal |
Date: |
Tue, 04 Oct 2022 16:33:45 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (darwin) |
Gerd Möllmann <gerd.moellmann@gmail.com> writes:
Happened again today when starting Emacs with my init filem and I can't
make sense of it. And, of course,LLDB finally crashed :-(.
(lldb) PLEASE submit a bug report to https://developer.apple.com/bug-reporting/
and include the crash backtrace.
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH
or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0 lldb 0x00000001041e55dc
llvm::sys::PrintStackTrace(llvm::raw_ostream&,
This is c3eb6c0563cc95b2134af9fe0ee6f304ddbb0480, which is from the
noverlay branch.
==15586==ERROR: AddressSanitizer: heap-use-after-free on address 0x00011f90d0a1
at pc 0x000100582044 bp 0x00016fdc8290 sp 0x00016fdc8288
READ of size 1 at 0x00011f90d0a1 thread T0
#0 0x100582040 in re_match_2_internal regex-emacs.c:4328
#1 0x10057e2a4 in rpl_re_search_2 regex-emacs.c:3383
#2 0x10057ce9c in rpl_re_search regex-emacs.c:3177
#3 0x100560e34 in fast_string_match_internal search.c:492
#4 0x100504298 in fast_string_match lisp.h:4816
#5 0x100503cf0 in Ffind_file_name_handler fileio.c:324
#6 0x1006dbb34 in openp lread.c:1911
#7 0x1006d851c in Fload lread.c:1302
#8 0x1006e17c8 in save_match_data_load lread.c:1630
#9 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#10 0x10067cfd0 in Frequire fns.c:3274
#11 0x100654630 in funcall_subr eval.c:3019
#12 0x10072e674 in exec_byte_code bytecode.c:809
#13 0x10072c238 in Fbyte_code bytecode.c:329
#14 0x100641c48 in eval_sub eval.c:2486
#15 0x1006e118c in readevalloop lread.c:2339
#16 0x1006d9d80 in Fload lread.c:1581
#17 0x1006e17c8 in save_match_data_load lread.c:1630
#18 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#19 0x10067cfd0 in Frequire fns.c:3274
#20 0x100641c48 in eval_sub eval.c:2486
#21 0x1006f5a04 in readevalloop_eager_expand_eval lread.c:2154
#22 0x1006e117c in readevalloop lread.c:2337
#23 0x1006e29dc in Feval_buffer lread.c:2410
#24 0x100654900 in funcall_subr eval.c:3023
#25 0x10072e674 in exec_byte_code bytecode.c:809
#26 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#27 0x100655570 in funcall_lambda eval.c:3136
#28 0x100653d48 in funcall_general eval.c:2927
#29 0x100648db4 in Ffuncall eval.c:2977
#30 0x1006de658 in call4 lisp.h:3317
#31 0x1006d96d0 in Fload lread.c:1477
#32 0x1006e17c8 in save_match_data_load lread.c:1630
#33 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#34 0x10067cfd0 in Frequire fns.c:3274
#35 0x100641c48 in eval_sub eval.c:2486
#36 0x1006f5a04 in readevalloop_eager_expand_eval lread.c:2154
#37 0x1006e117c in readevalloop lread.c:2337
#38 0x1006e29dc in Feval_buffer lread.c:2410
#39 0x100654900 in funcall_subr eval.c:3023
#40 0x10072e674 in exec_byte_code bytecode.c:809
#41 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#42 0x100655570 in funcall_lambda eval.c:3136
#43 0x100653d48 in funcall_general eval.c:2927
#44 0x100648db4 in Ffuncall eval.c:2977
#45 0x1006de658 in call4 lisp.h:3317
#46 0x1006d96d0 in Fload lread.c:1477
#47 0x1006e17c8 in save_match_data_load lread.c:1630
#48 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#49 0x10067cfd0 in Frequire fns.c:3274
#50 0x100641c48 in eval_sub eval.c:2486
#51 0x1006f5a04 in readevalloop_eager_expand_eval lread.c:2154
#52 0x1006e117c in readevalloop lread.c:2337
#53 0x1006e29dc in Feval_buffer lread.c:2410
#54 0x100654900 in funcall_subr eval.c:3023
#55 0x10072e674 in exec_byte_code bytecode.c:809
#56 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#57 0x100655570 in funcall_lambda eval.c:3136
#58 0x100653d48 in funcall_general eval.c:2927
#59 0x100648db4 in Ffuncall eval.c:2977
#60 0x1006de658 in call4 lisp.h:3317
#61 0x1006d96d0 in Fload lread.c:1477
#62 0x1006e17c8 in save_match_data_load lread.c:1630
#63 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#64 0x10067cfd0 in Frequire fns.c:3274
#65 0x100641c48 in eval_sub eval.c:2486
#66 0x1006f5a04 in readevalloop_eager_expand_eval lread.c:2154
#67 0x1006e117c in readevalloop lread.c:2337
#68 0x1006e29dc in Feval_buffer lread.c:2410
#69 0x100654900 in funcall_subr eval.c:3023
#70 0x10072e674 in exec_byte_code bytecode.c:809
#71 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#72 0x100655570 in funcall_lambda eval.c:3136
#73 0x100653d48 in funcall_general eval.c:2927
#74 0x100648db4 in Ffuncall eval.c:2977
#75 0x1006de658 in call4 lisp.h:3317
#76 0x1006d96d0 in Fload lread.c:1477
#77 0x100641ed0 in eval_sub eval.c:2494
#78 0x100643134 in Fprogn eval.c:436
#79 0x100647a78 in Flet eval.c:1023
#80 0x1006411c8 in eval_sub eval.c:2433
#81 0x100643134 in Fprogn eval.c:436
#82 0x100655a94 in funcall_lambda eval.c:3216
#83 0x100651410 in apply_lambda eval.c:3086
#84 0x100642a50 in eval_sub eval.c:2570
#85 0x1006f5a04 in readevalloop_eager_expand_eval lread.c:2154
#86 0x1006e117c in readevalloop lread.c:2337
#87 0x1006e29dc in Feval_buffer lread.c:2410
#88 0x100654900 in funcall_subr eval.c:3023
#89 0x10072e674 in exec_byte_code bytecode.c:809
#90 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#91 0x100655570 in funcall_lambda eval.c:3136
#92 0x100653d48 in funcall_general eval.c:2927
#93 0x100648db4 in Ffuncall eval.c:2977
#94 0x1006de658 in call4 lisp.h:3317
#95 0x1006d96d0 in Fload lread.c:1477
#96 0x100654900 in funcall_subr eval.c:3023
#97 0x10072e674 in exec_byte_code bytecode.c:809
#98 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#99 0x100655570 in funcall_lambda eval.c:3136
#100 0x100651410 in apply_lambda eval.c:3086
#101 0x10064251c in eval_sub eval.c:2527
#102 0x10064fb8c in Feval eval.c:2343
#103 0x1004524b0 in top_level_2 keyboard.c:1141
#104 0x10064b100 in internal_condition_case eval.c:1471
#105 0x1004523c4 in top_level_1 keyboard.c:1149
#106 0x10064988c in internal_catch eval.c:1194
#107 0x100417d64 in command_loop keyboard.c:1109
#108 0x1004177f4 in recursive_edit_1 keyboard.c:719
#109 0x1004187b0 in Frecursive_edit keyboard.c:802
#110 0x100410988 in main emacs.c:2521
#111 0x101545088 in start+0x204 (dyld:arm64e+0x5088)
0x00011f90d0a1 is located 1953 bytes inside of 8184-byte region
[0x00011f90c900,0x00011f90e8f8)
freed by thread T0 here:
#0 0x103332de4 in wrap_free+0x98
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3ede4)
#1 0x100985df8 in rpl_free free.c:48
#2 0x1005b6e7c in lisp_free alloc.c:1038
#3 0x1005cba7c in compact_small_strings alloc.c:2191
#4 0x1005c9bfc in sweep_strings alloc.c:2072
#5 0x1005bcd00 in gc_sweep alloc.c:7397
#6 0x1005bae50 in garbage_collect alloc.c:6245
#7 0x1005ba36c in maybe_garbage_collect alloc.c:6090
#8 0x100650284 in maybe_gc lisp.h:5622
#9 0x100648cd4 in Ffuncall eval.c:2972
#10 0x10064b9a8 in internal_condition_case_n eval.c:1555
#11 0x1000cd964 in safe__call xdisp.c:3026
#12 0x1000cdc9c in safe__call1 xdisp.c:3062
#13 0x1001d60dc in prepare_menu_bars xdisp.c:13572
#14 0x1000f2018 in redisplay_internal xdisp.c:16523
#15 0x100108c0c in redisplay xdisp.c:16105
#16 0x10088fa44 in -[EmacsView layoutSublayersOfLayer:] nsterm.m:8662
#17 0x1900a9624 in CA::Layer::layout_if_needed(CA::Transaction*)+0x224
(QuartzCore:arm64e+0x20624)
#18 0x1901f661c in CA::Context::commit_transaction(CA::Transaction*,
double, double*)+0x1c0 (QuartzCore:arm64e+0x16d61c)
#19 0x19008b4c8 in CA::Transaction::commit()+0x2bc
(QuartzCore:arm64e+0x24c8)
#20 0x18bee1698 in __62+[CATransaction(NSCATransaction)
NS_setFlushesWithDisplayLink]_block_invoke+0x12c (AppKit:arm64e+0x1ac698)
#21 0x18c646754 in ___NSRunLoopObserverCreateWithHandler_block_invoke+0x3c
(AppKit:arm64e+0x911754)
#22 0x1892101a0 in
__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__+0x20
(CoreFoundation:arm64e+0x841a0)
#23 0x18920fff0 in __CFRunLoopDoObservers+0x24c
(CoreFoundation:arm64e+0x83ff0)
#24 0x18920f524 in __CFRunLoopRun+0x300 (CoreFoundation:arm64e+0x83524)
#25 0x18920ea80 in CFRunLoopRunSpecific+0x254
(CoreFoundation:arm64e+0x82a80)
#26 0x191e4e334 in RunCurrentEventLoopInMode+0x120
(HIToolbox:arm64e+0x32334)
#27 0x191e4dfc0 in ReceiveNextEventCommon+0x140 (HIToolbox:arm64e+0x31fc0)
#28 0x191e4de64 in _BlockUntilNextEventMatchingListInModeWithFilter+0x44
(HIToolbox:arm64e+0x31e64)
#29 0x18bd76518 in _DPSNextEvent+0x358 (AppKit:arm64e+0x41518)
previously allocated by thread T0 here:
#0 0x103332ca8 in wrap_malloc+0x94
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3eca8)
#1 0x1005ae5d4 in lmalloc alloc.c:1361
#2 0x1005afe60 in lisp_malloc alloc.c:994
#3 0x1005b0734 in allocate_string_data alloc.c:1889
#4 0x1005b18b0 in make_clear_multibyte_string alloc.c:2475
#5 0x1005b1348 in make_clear_string alloc.c:2443
#6 0x1005b23ec in make_uninit_string alloc.c:2454
#7 0x1005b2358 in make_unibyte_string alloc.c:2369
#8 0x1006dba68 in openp lread.c:1908
#9 0x1006d851c in Fload lread.c:1302
#10 0x1006e17c8 in save_match_data_load lread.c:1630
#11 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#12 0x10067cfd0 in Frequire fns.c:3274
#13 0x100654630 in funcall_subr eval.c:3019
#14 0x10072e674 in exec_byte_code bytecode.c:809
#15 0x10072c238 in Fbyte_code bytecode.c:329
#16 0x100641c48 in eval_sub eval.c:2486
#17 0x1006e118c in readevalloop lread.c:2339
#18 0x1006d9d80 in Fload lread.c:1581
#19 0x1006e17c8 in save_match_data_load lread.c:1630
#20 0x10064f5a4 in load_with_autoload_queue eval.c:2269
#21 0x10067cfd0 in Frequire fns.c:3274
#22 0x100641c48 in eval_sub eval.c:2486
#23 0x1006f5a04 in readevalloop_eager_expand_eval lread.c:2154
#24 0x1006e117c in readevalloop lread.c:2337
#25 0x1006e29dc in Feval_buffer lread.c:2410
#26 0x100654900 in funcall_subr eval.c:3023
#27 0x10072e674 in exec_byte_code bytecode.c:809
#28 0x10065cd48 in fetch_and_exec_byte_code eval.c:3064
#29 0x100655570 in funcall_lambda eval.c:3136
SUMMARY: AddressSanitizer: heap-use-after-free regex-emacs.c:4328 in
re_match_2_internal
Shadow bytes around the buggy address:
0x007023f419c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f419d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f419e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f419f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f41a00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x007023f41a10: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
0x007023f41a20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f41a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f41a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f41a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x007023f41a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15586==ABORTING
(lldb) AddressSanitizer report breakpoint hit. Use 'thread info -s' to get
extended information about the report.
(lldb) xbacktrace
(unsigned char *) data = 0x0000000100a205e0 "require"
(unsigned char *) data = 0x0000000100a25940 "byte-code"
(unsigned char *) data = 0x0000000100a205e0 "require"
(unsigned char *) data = 0x0000000100a24000 "eval-buffer"
(unsigned char *) data = 0x0000000107e7d013 "load-with-code-conversion"
(unsigned char *) data = 0x0000000100a205e0 "require"
(unsigned char *) data = 0x0000000100a24000 "eval-buffer"
(unsigned char *) data = 0x0000000107e7d013 "load-with-code-conversion"
(unsigned char *) data = 0x0000000100a205e0 "require"
(unsigned char *) data = 0x0000000100a24000 "eval-buffer"
(unsigned char *) data = 0x0000000107e7d013 "load-with-code-conversion"
(unsigned char *) data = 0x0000000100a205e0 "require"
(unsigned char *) data = 0x0000000100a24000 "eval-buffer"
(unsigned char *) data = 0x0000000107e7d013 "load-with-code-conversion"
(unsigned char *) data = 0x0000000100a1dac0 "load"
(unsigned char *) data = 0x0000000100a1d760 "let"
(unsigned char *) data = 0x0000000105c184b0 "chemacs-load-user-init"
(unsigned char *) data = 0x0000000100a24000 "eval-buffer"
(unsigned char *) data = 0x0000000107e7d013 "load-with-code-conversion"
(unsigned char *) data = 0x0000000100a1dac0 "load"
(unsigned char *) data = 0x0000000107e7ee82 "startup--load-user-init-file"
(unsigned char *) data = 0x0000000107e7f852 "command-line"
(unsigned char *) data = 0x0000000107e80b37 "normal-top-level"
frame #5: 0x0000000100582044 emacs`re_match_2_internal(bufp=0x000000010111ace8,
string1=0x0000000000000000, size1=0,
string2="/Users/gerd/.config/emacs.d.default/elpa/magit-section-20220901.331/puny.dylib",
size2=78, pos=0, regs=0x0000000000000000, stop=78) at regex-emacs.c:4328:15
4325 DEBUG_PRINT ("EXECUTING anychar.\n");
4326
4327 PREFETCH ();
-> 4328 buf_ch = RE_STRING_CHAR_AND_LENGTH (d, buf_charlen,
4329 target_multibyte);
4330 buf_ch = TRANSLATE (buf_ch);
4331 if (buf_ch == '\n')
(lldb)
frame #6: 0x000000010057e2a8 emacs`rpl_re_search_2(bufp=0x000000010111ace8,
str1=0x0000000000000000, size1=0,
str2="/Users/gerd/.config/emacs.d.default/elpa/magit-section-20220901.331/puny.dylib",
size2=78, startpos=0, range=0, regs=0x0000000000000000, stop=78) at
regex-emacs.c:3383:13
3380 && !bufp->can_be_null)
3381 return -1;
3382
-> 3383 val = re_match_2_internal (bufp, string1, size1, string2, size2,
3384 startpos, regs, stop);
3385
3386 if (val >= 0)
(lldb) down
frame #5: 0x0000000100582044 emacs`re_match_2_internal(bufp=0x000000010111ace8,
string1=0x0000000000000000, size1=0,
string2="/Users/gerd/.config/emacs.d.default/elpa/magit-section-20220901.331/puny.dylib",
size2=78, pos=0, regs=0x0000000000000000, stop=78) at regex-emacs.c:4328:15
4325 DEBUG_PRINT ("EXECUTING anychar.\n");
4326
4327 PREFETCH ();
-> 4328 buf_ch = RE_STRING_CHAR_AND_LENGTH (d, buf_charlen,
4329 target_multibyte);
4330 buf_ch = TRANSLATE (buf_ch);
4331 if (buf_ch == '\n')
(lldb) p d
(re_char *) $285 = 0x000000011f90d0a1 "magit-section-20220901.331/puny.dylib"
frame #10: 0x0000000100503cf4 emacs`Ffind_file_name_handler(filename=(struct
Lisp_String *) $318 = 0x000000011f6ec4c0, operation=(struct Lisp_Symbol *) $321
= 0x00000001010ec310) at fileio.c:324:24
321 operations = Fget (handler, Qoperations);
322
323 if (STRINGP (string)
-> 324 && (match_pos = fast_string_match (string, filename)) >
pos
325 && (NILP (operations) || ! NILP (Fmemq (operation,
operations))))
326 {
327 Lisp_Object tem;
(lldb) p filename
(Lisp_Object) $322 = 0x000000011f6ec4c4 (struct Lisp_String *) $324 =
0x000000011f6ec4c0
(lldb) p *$324
(struct Lisp_String) $325 = {
u = {
s = {
size = 78
size_byte = -1
intervals = NULL
data = 0x000000011f5d2f38
"/Users/gerd/.config/emacs.d.default/elpa/magit-section-20220901.331/puny.dylib"
}
next = 0x000000000000004e
gcaligned = 'N'
}
}
(lldb) p string
(Lisp_Object) $326 = 0x000000011ce990c4 (struct Lisp_String *) $328 =
0x000000011ce990c0
(lldb) p *$328
(struct Lisp_String) $329 = {
u = {
s = {
size = 313
size_byte = -1
intervals = NULL
data = 0x000000011cdce9f0
"\\`\\(.+\\.\\(?:7z\\|CAB\\|LZH\\|MSU\\|ZIP\\|a\\(?:pk\\|r\\)\\|c\\(?:ab\\|pio\\|rate\\)\\|de\\(?:b\\|pot\\)\\|e\\(?:pub\\|xe\\)\\|iso\\|jar\\|lzh\\|m\\(?:su\\|tree\\)\\|od[bfgpst]\\|pax\\|r\\(?:ar\\|pm\\)\\|shar\\|t\\(?:ar\\|bz\\|gz\\|lz\\|xz\\|zst\\)\\|warc\\|x\\(?:ar\\|p[is]\\)\\|zip\\)\\(?:\\.\\(?:Z\\|bz2\\|gz\\|l\\(?:rz\\|z\\(?:ma\\|[4o]\\)?\\)\\|uu\\|xz\\|zst\\)\\)?\\)\\(/.*\\)\\'"
}
next = 0x0000000000000139
gcaligned = '9'
}
}
frame #8: 0x0000000100560e38 emacs`fast_string_match_internal(regexp=(struct
Lisp_String *) $342 = 0x000000011ce990c0, string=(struct Lisp_String *) $344 =
0x000000011f6ec4c0, table=(struct Lisp_Symbol *) $347 = 0x00000001010e5860) at
search.c:492:19
489 struct regexp_cache *cache_entry
490 = compile_pattern (regexp, 0, table, 0, STRING_MULTIBYTE (string));
491 freeze_pattern (cache_entry);
-> 492 ptrdiff_t val = re_search (&cache_entry->buf, SSDATA (string),
493 SBYTES (string), 0,
494 SBYTES (string), 0);
495 unbind_to (count, Qnil);
(lldb) p cache_entry
(regexp_cache *) $348 = 0x000000010111acc8
(lldb) p *cache_entry
(regexp_cache) $349 = {
next = NULL
regexp = 0x000000011f6dbbc4 (struct Lisp_String *) $351 = 0x000000011f6dbbc0
f_whitespace_regexp = NULL
syntax_table = 0x0000000000000030 (struct Lisp_Symbol *) $354 =
0x00000001010e5890
buf = {
buffer = 0x0000000108991b80
"\v\U00000006\U00000001\U00000003\U0000000e\U00000004"
allocated = 648
used = 555
charset_unibyte = 1
fastmap = 0x000000010111ad28 ""
translate = NULL
re_nsub = 2
can_be_null = true
regs_allocated = 0
fastmap_accurate = true
used_syntax = false
multibyte = false
target_multibyte = false
}
fastmap =
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
posix = false
busy = true
}
(lldb) p *$351
(struct Lisp_String) $355 = {
u = {
s = {
size = 313
size_byte = -1
intervals = NULL
data = 0x000000011f5cfd90
"\\`\\(.+\\.\\(?:7z\\|CAB\\|LZH\\|MSU\\|ZIP\\|a\\(?:pk\\|r\\)\\|c\\(?:ab\\|pio\\|rate\\)\\|de\\(?:b\\|pot\\)\\|e\\(?:pub\\|xe\\)\\|iso\\|jar\\|lzh\\|m\\(?:su\\|tree\\)\\|od[bfgpst]\\|pax\\|r\\(?:ar\\|pm\\)\\|shar\\|t\\(?:ar\\|bz\\|gz\\|lz\\|xz\\|zst\\)\\|warc\\|x\\(?:ar\\|p[is]\\)\\|zip\\)\\(?:\\.\\(?:Z\\|bz2\\|gz\\|l\\(?:rz\\|z\\(?:ma\\|[4o]\\)?\\)\\|uu\\|xz\\|zst\\)\\)?\\)\\(/.*\\)\\'"
}
next = 0x0000000000000139
gcaligned = '9'
}
}
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal,
Gerd Möllmann <=
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/04
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05