[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Va
From: |
Eli Zaretskii |
Subject: |
bug#24751: 26.0.50; Regex stack overflow not detected properly (gets "Variable binding depth exceeds max-specpdl-size") |
Date: |
Sun, 01 Jan 2017 20:41:57 +0200 |
> From: npostavs@users.sourceforge.net
> Cc: 24751@debbugs.gnu.org
> Date: Sun, 01 Jan 2017 13:33:35 -0500
>
> Eli Zaretskii <eliz@gnu.org> writes:
> >>
> >> /* Define MATCH_MAY_ALLOCATE unless we need to make sure that the
> >> searching and matching functions should not call alloca. On some
> >> systems, alloca is implemented in terms of malloc, and if we're
> >> using the relocating allocator routines, then malloc could cause a
> >> relocation, which might (if the strings being searched are in the
> >> ralloc heap) shift the data out from underneath the regexp
> >> routines.
> >>
> >> [...]
> >
> > The first part is not obsolete, but its reasoning is backwards:
> > SAFE_ALLOCA indeed can call malloc, but it could only cause relocation
> > if REGEX_MALLOC is defined (and ralloc.c is compiled in). And when
> > you define REGEX_MALLOC, MATCH_MAY_ALLOCATE is undefined. So the text
> > there should be revised.
>
> Is there ever any case where REGEX_MALLOC is defined? I can't see where
> it happens.
I don't understand the question. You can compile regex.c with the
"-DREGEX_MALLOC" option whenever you like. We don't do that, but as
long as the code which supports that is in regex.c, the comment goes
with it.
> I don't understand why you say relocation is dependent on
> REGEX_MALLOC, I thought only REL_ALLOC affects that.
REL_ALLOC determines whether ralloc.c is compiled in, which I
mentioned above.
> And since we added r_alloc_inhibit_buffer_relocation around the regex
> calls, aren't all these concerns about relocation obsolete?
The calls to r_alloc_inhibit_buffer_relocation are outside of regex.c,
so the comments in regex.c don't know anything about that.