bug#56108: 29.0.50; ASAN use-after-free in re_match_2

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal

From:	Stefan Monnier
Subject:	bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal
Date:	Thu, 23 Jun 2022 17:29:13 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

> Stefan, do you happen to know why some of the callers of
> compile_pattern don't call freeze_pattern to protect the new cache
> entry?  Is it just an omission or do we miss something here?

Before `freeze_pattern`, the design was that nothing could happen while
running the regexp matcher (no GC, no execution of Lisp code).

Commit 938d252d1c6c5e2027aa250c649deb024154f936 changed that so that
searching inside a *buffer* could end up running ELisp code (and hence
also GC).  AFAIK this still can't happen when searching in strings.
[ IIRC The need to run ELisp is so as to apply `syntax-table` text
  properties on demand via `syntax-propertize`.  ]

So I think freeze_pattern should be used in all cases where
`compile_pattern` is used to search inside a buffer, but it shouldn't be
necessary when searching within a string.

At least, that's my recollection.


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, (continued)
- bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/20
  - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/22
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/22
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/22
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/22
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/22
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/22
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/23
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/23
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/23
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Stefan Monnier <=
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/24
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/24
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/24
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/24
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/25
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/27
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/27
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/23
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Eli Zaretskii, 2022/06/23
    - bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal, Gerd Möllmann, 2022/06/23

Prev by Date: bug#56171: Request for marking DEF entry when using completing-read
Next by Date: bug#56110: 27+; switching from line-mode to char-mode
Previous by thread: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal
Next by thread: bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal
Index(es):
- Date
- Thread