[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: memory corruption in regex.c
From: |
Chong Yidong |
Subject: |
Re: memory corruption in regex.c |
Date: |
Sat, 22 Mar 2008 17:34:05 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1.92 (gnu/linux) |
Alexandre Oliva <address@hidden> writes:
> https://bugzilla.redhat.com/show_bug.cgi?id=435767
>
> emacs invokes undefined behavior in regex.c, computing the difference
> between unrelated pointers. In general, this wouldn't be too much of
> a problem, as long as the type used to represent the difference was
> wide enough to cover the entire possible range of pointer differences.
>
> Such a type is not even guaranteed to exist, and it can be tricky to
> get reasonable results on segmented architectures. So, the correct
> code needs to compute offsets between pointers in the old buffer, and
> apply the same offset into the new buffer. On most cases, the
> compiler will just optimize the code to the same we got before on
> i386, and to something very close, but using a 64-bit offset on
> x86-64.
This sounds correct. Thanks very much for catching this bug. I don't
see any problem with your patch, except:
> - re_char *old_buffer = bufp->buffer;
> \
> + unsigned char *old_buffer = bufp->buffer;
> \
What is the purpose of this?