bug#58042: 29.0.50; ASAN use-after-free in re_match_2

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal

From:	Po Lu
Subject:	bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date:	Wed, 05 Oct 2022 21:52:52 +0800
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux)

Eli Zaretskii <eliz@gnu.org> writes:

> We call maybe_quit in many places, basically anywhere where we have
> potentially long loops.  It isn't just Fmemq.  So if we want to
> prevent maybe_quit from indirectly calling arbitrary Lisp, we'd need
> to block_input inside probably_quit.  Which means
> process_pending_signals will not call the read-socket hook and will
> not gobble input.  That's bad, I think.
>
> And note that this is only problematic on macOS (AFAIU), because there
> the read-socket hook can trigger redisplay.

There are many different ways to trigger redisplay from the read-socket
hook in the Haiku port as well, and I haven't seen any problems there.

Besides, any call to automatic GC today can run arbitrary Lisp through
finalizer functions, and that includes redisplay.  So unless the
read_socket_hook does not cons at all, there is no way to prevent
probably_quit from running Lisp code.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, (continued)

Prev by Date: bug#57996: Re[4]: bug#57996: 28.2; imenu doesn't differentiate overloaded c++ functions
Next by Date: bug#58288: 29.0.50; (flyspell-correct-word-before-point) followed by <down> crashes emacs
Previous by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Next by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Index(es):
- Date
- Thread