regexp match violates string bound
Stephen J. Turnbull
stephen at xemacs.org
Fri Dec 3 12:20:34 EST 2004
>>>>> "Ilya" == Ilya N Golubev <gin at mo.msk.ru> writes:
Ilya> `re_search' when called by `string_match_1' may leave
Ilya> `search_regs.end' unchanged, even if it points beyond end
Ilya> of data of STRING being searched in. My build with mule
Ilya> sometimes crashes on such a values, when
Ilya> `fixup_search_regs_for_string' called by the same
Ilya> `string_match_1' tries to process such an incorrect value
Ilya> and traverse byte sequence that is not in mule internal
I don't see how that can happen, offhand. I'll take a more careful
look later, but as far as I can see search_regs.end[i] should get
accessed only for registers that successfully matched in the current
search. Can you be more specific about where the offending access is?
Ilya> Whether the crash will occur depends on data beyond string
Ilya> data bound, and that can not be reproduced reliably.
Ilya> Incorrect `search_regs.end' value, however, reproduces
Ilya> even when evaluating the following code.
This is irrelevant. First, there are no promises about the contents
of registers after an unsuccessful match, so "incorrect" is
inapplicable. Second and more important, the following code
(string-match "\\(a\\)" "..a")
(match-string 1 "c")
is legal and must not crash. So the code must be careful to check
bounds in strings here, and as far as I can tell it does. Certainly
the particular example above signals an error. Can you point more
specifically to the code that is causing the problem?
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
More information about the XEmacs-Beta