Re: memory corruption in regex.c

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: memory corruption in regex.c

From:	Chong Yidong
Subject:	Re: memory corruption in regex.c
Date:	Sat, 22 Mar 2008 17:34:05 -0400
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.1.92 (gnu/linux)

Alexandre Oliva <address@hidden> writes:

> https://bugzilla.redhat.com/show_bug.cgi?id=435767
>
> emacs invokes undefined behavior in regex.c, computing the difference
> between unrelated pointers.  In general, this wouldn't be too much of
> a problem, as long as the type used to represent the difference was
> wide enough to cover the entire possible range of pointer differences.
>
> Such a type is not even guaranteed to exist, and it can be tricky to
> get reasonable results on segmented architectures.  So, the correct
> code needs to compute offsets between pointers in the old buffer, and
> apply the same offset into the new buffer.  On most cases, the
> compiler will just optimize the code to the same we got before on
> i386, and to something very close, but using a 64-bit offset on
> x86-64.

This sounds correct.  Thanks very much for catching this bug.  I don't
see any problem with your patch, except:

> -    re_char *old_buffer = bufp->buffer;                                      
> \
> +    unsigned char *old_buffer = bufp->buffer;                                
> \

What is the purpose of this?

[Prev in Thread]

Current Thread

[Next in Thread]

memory corruption in regex.c, Alexandre Oliva, 2008/03/22
- Re: memory corruption in regex.c, Chong Yidong <=
  - Re: memory corruption in regex.c, Alexandre Oliva, 2008/03/23
    - Re: memory corruption in regex.c, Chong Yidong, 2008/03/26

Prev by Date: Re: Release schedule for 22.2
Next by Date: Neat features in Eclipse editor
Previous by thread: memory corruption in regex.c
Next by thread: Re: memory corruption in regex.c
Index(es):
- Date
- Thread