[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal
From: |
Eli Zaretskii |
Subject: |
bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal |
Date: |
Mon, 20 Jun 2022 22:09:59 +0300 |
> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Date: Mon, 20 Jun 2022 16:07:55 +0200
>
> FWIW, here is another non-reproducible crash with ASAN.
>
> In short, shrink_regexp_cache realloc'd something leading to a malloc +
> free, and something is still holding a pointer the old memory. Or so it
> looks to me.
I don't understand why some callers of compile_pattern mark the cache
entry as busy, but some others don't. If a cache entry that is in use
is not marked as busy, then any GC can decide to shrink the cache by
freeing that entry.
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/20
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal,
Eli Zaretskii <=
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/22
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/22
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/22
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/22
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/22
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/22
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/23
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/23
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/23
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Stefan Monnier, 2022/06/23