[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
|
From: |
Eli Zaretskii |
|
Subject: |
bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal |
|
Date: |
Thu, 06 Oct 2022 09:59:21 +0300 |
> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Date: Thu, 06 Oct 2022 07:35:26 +0200
>
> Can we come to a decision about what to do with probably_quit, based
> what we know now? The threads under this bug are a bit deep and
> complicated, so I'd like to make this a bit more visible.
>
> I think the problem has been analyized to be:
>
> 1. The re_matcher uses char* pointer P into data of string S.
> 2. The re_matcher uses maybe_quit
> 3. maybe_quit can call garbage_collect
> 4. garbage_collect can call Lisp (finalizers, redisplay)
> (4a. That Lisp can again garbage_collect)
> 5. One of the GCs can relocate the string data of S in step 1.
> 6. P is then invalid.
>
> Possible solution:
>
> Inhibit GC in probably_quit, so that P remains valid.
>
> Q: Should we do that?
IMO, yes.
> And if so, when?
"Now"?
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, (continued)
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Po Lu, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/06
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/05
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/10/05
bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/10/06
- bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal,
Eli Zaretskii <=