Re: regexp match violates string bound

Ilya> `re_search' when called by `string_match_1' may leave Ilya> `search_regs.end[1]' unchanged, even if it points beyond end Ilya> of data of STRING being searched in. My build with mule Ilya> sometimes crashes on such a values, when Ilya> `fixup_search_regs_for_string' called by the same Ilya> `string_match_1' tries to process such an incorrect value Ilya> and traverse byte sequence that is not in mule internal Ilya> coding. I don't see how that can happen, offhand. I'll take a more careful look later, but as far as I can see search_regs.end[i] should get accessed only for registers that successfully matched in the current search. Can you be more specific about where the offending access is? Ilya> Whether the crash will occur depends on data beyond string Ilya> data bound, and that can not be reproduced reliably. Ilya> Incorrect `search_regs.end[1]' value, however, reproduces Ilya> even when evaluating the following code. This is irrelevant. First, there are no promises about the contents of registers after an unsuccessful match, so "incorrect" is inapplicable. Second and more important, the following code (string-match "\\(a\\)" "..a") (match-string 1 "c") is legal and must not crash. So the code must be careful to check bounds in strings here, and as far as I can tell it does. Certainly the particular example above signals an error. Can you point more specifically to the code that is causing the problem? -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software.