[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24358: 25.1.50; re-search-forward errors with "Variable binding dept
From: |
npostavs |
Subject: |
bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size" |
Date: |
Sat, 08 Oct 2016 09:45:20 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Eli Zaretskii <eliz@gnu.org> writes:
>> From: npostavs@users.sourceforge.net
>> Date: Fri, 07 Oct 2016 20:29:36 -0400
>> Cc: 24358@debbugs.gnu.org
>>
>> npostavs@users.sourceforge.net writes:
>> >
>> >> (I'm also on GNU/Linux, Arch) I get the same max-specpdl-size error with
>> >> 25.1.50, with 24.5 (and below) I get (error "Stack overflow in regexp
>> >> matcher")
>>
>> icalendar--read-element has been fixed, but this still reproduces when
>> doing (re-search-forward ".*\\(\n.*\\)*" nil t) on the text file given
>> in the OP.
>
> Isn't that "user error"?
Yes, but it should give "Stack overflow in regexp matcher", not overflow
the lisp stack (or assertion failure).
>
>> And I'm still seeing an assertion failure due to what looks like
>> memory corruption on the emacs-25 branch.
>
> Details of the assertion?
(See also https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24358#8)
I tracked the corruption to a malloc call, but I wasn't able to figure
out what's happening there.
I used the following to debug:
Apply the attached bug-24358-hunting.diff and then run
gdb --args ./emacs -Q -batch -l ~/src/emacs/bug-24358-regex-max-specpdl.el
Where ~/src/emacs/bug-24358-regex-max-specpdl.el is:
(with-temp-buffer
(insert-file-contents "~/src/emacs/bug-24358-regex-max-specpdl.txt") ;
adjust path
(goto-char (point-min))
(re-search-forward ".*\\(\n.*\\)*" nil t))
I show some more excerpts in the attached bug-24358-debug.log, but my
main finding is that string1 of re_match_2_internal is originally:
string1=0x1835980 "DESCRIPTION;LANGUAGE=
but then it becomes corrupted during a malloc:
Old value = 68 'D'
New value = 0 '\000'
0x00007ffff0cc01a7 in __memset_sse2_unaligned_erms () from /usr/lib/libc.so.6
(gdb) bt 13
#0 0x00007ffff0cc01a7 in __memset_sse2_unaligned_erms () from
/usr/lib/libc.so.6
#1 0x00000000006d27f5 in r_alloc_sbrk (size=290816) at ralloc.c:848
#2 0x00000000006ced96 in get_contiguous_space (size=290816,
position=0x1833000) at gmalloc.c:476
#3 0x00000000006cf92a in _malloc_internal_nolock (size=163840) at gmalloc.c:844
#4 0x00000000006cfe9d in _malloc_internal (size=163840) at gmalloc.c:927
#5 0x00000000006cff1a in gmalloc (size=163840) at gmalloc.c:951
#6 0x00000000006d14e4 in malloc (size=163840) at gmalloc.c:1827
#7 0x00000000005f3e6b in lmalloc (size=163840) at alloc.c:1414
#8 0x00000000005f3356 in xmalloc (size=163840) at alloc.c:821
#9 0x00000000005f38e4 in record_xmalloc (size=163840) at alloc.c:1038
#10 0x00000000005ee233 in re_match_2_internal (bufp=0xd6d650 <searchbufs+5072>,
string1=0x1835980 "",
size1=0, string2=0x1835980 "", size2=40918, pos=0, regs=0xd6deb0
<search_regs>, stop=40918)
at regex.c:5844
bug-24358-hunting.diff
Description: changes to hunt down bug 24358
bug-24358-debug.log
Description: gdb session excerpts
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", npostavs, 2016/10/07
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size",
npostavs <=
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", npostavs, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", npostavs, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", npostavs, 2016/10/08
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/09
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", npostavs, 2016/10/12
- bug#24358: 25.1.50; re-search-forward errors with "Variable binding depth exceeds max-specpdl-size", Eli Zaretskii, 2016/10/13