bug#58042: 29.0.50; ASAN use-after-free in re_match_2

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal

From:	Gerd Möllmann
Subject:	bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date:	Thu, 06 Oct 2022 07:35:26 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (darwin)

Can we come to a decision about what to do with probably_quit, based
what we know now?  The threads under this bug are a bit deep and
complicated, so I'd like to make this a bit more visible.

I think the problem has been analyized to be:

1. The re_matcher uses char* pointer P into data of string S.
2. The re_matcher uses maybe_quit
3. maybe_quit can call garbage_collect
4. garbage_collect can call Lisp (finalizers, redisplay)
(4a. That Lisp can again garbage_collect)
5. One of the GCs can relocate the string data of S in step 1.
6. P is then invalid.

Possible solution:

Inhibit GC in probably_quit, so that P remains valid.

Q: Should we do that?  And if so, when?

[Prev in Thread]

Current Thread

[Next in Thread]

bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, (continued)
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann <=
  - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/06
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/06
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/06
    - bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/06

Prev by Date: bug#58319: 29.0.50; Not logical compilation warnings
Next by Date: bug#58318: 28.2; Emacs installed from package won't work with MinGW
Previous by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Next by thread: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Index(es):
- Date
- Thread