regexp match violates string bound

Ilya N. Golubev gin at mo.msk.ru
Fri Dec 3 08:32:10 EST 2004 

Version: 21.4
Build configuration: '--with-mule'; see `Installation' below

`re_search' when called by `string_match_1' may leave
`search_regs.end[1]' unchanged, even if it points beyond end of data
of STRING being searched in.  My build with mule sometimes crashes on
such a values, when `fixup_search_regs_for_string' called by the same
`string_match_1' tries to process such an incorrect value and traverse
byte sequence that is not in mule internal coding.

Whether the crash will occur depends on data beyond string data bound,
and that can not be reproduced reliably.  Incorrect
`search_regs.end[1]' value, however, reproduces even when evaluating
the following code.

(string-match "\\(a\\)" "..a")
(string-match "\\(b\\)" "c")

One should print `search_regs.end[1]' value:

. just after 1st `re_search' call;

. before 2nd `re_search' call, where it is the same;

. after 2nd `re_search' call, where it is the same.

--
`Installation' contents follows.

uname -a: Linux way2go 2.6.3-19mdk #1 Thu Sep 23 22:04:58 MDT 2004 i686 unknown unknown GNU/Linux

../share/xemacs-local-21.4/configure  '--prefix=/home/gin' '--cflags=-g -Wall -Wno-switch -Wpointer-arith -Winline -Wmissing-prototypes -Wshadow' '--cppflags=-DASSERTIONS_DONT_ABORT=1' '--with-gpm=no' '--with-sound=native' '--with-pop' '--mail-locking=lockf' '--with-clash-detection' '--debug' '--error-checking=all' '--with-file-coding' '--with-mule' '--with-database=no' '--with-hesiod=no' '--with-menubars=lucid' '--with-scrollbars=lucid' '--with-dialogs=lucid' '--with-xim=xlib' '--with-canna=no' '--with-wnn=no' '--with-wnn6=no' '--with-msw=no' '--with-xfs=yes'


XEmacs 21.4.15 "Security Through Obscurity" configured for `i686-pc-linux'.


Compilation / Installation:
  Source code location:              /home/gin/share/xemacs-local-21.4
  Installation prefix:               /home/gin
  Operating system description file: `s/linux.h'
  Machine description file:          `m/intel386.h'
  Compiler:                          gcc -g -Wall -Wno-switch -Wpointer-arith -Winline -Wmissing-prototypes -Wshadow
  Compiler version:                  gcc (GCC) 3.3.2 (Mandrake Linux 10.0 3.3.2-6mdk)
  Compiler specs file:               /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.3.2/specs
  Relocating allocator for buffers:  no
  GNU version of malloc:             yes
    - Using Doug Lea's new malloc from the GNU C Library.
  libc:                              glibc-2.3.3-10mdk

Window System:
  Compiling in support for the X window system:
    - X Windows headers location:                 /usr/X11R6/include
    - X Windows libraries location:               /usr/X11R6/lib
    - Handling WM_COMMAND properly.
  Compiling in support for the Athena widget set:
    - Athena headers location:                    X11/Xaw
    - Athena library to link:                     Xaw
  Using Lucid menubars.
  Using Lucid scrollbars.
  Using Athena dialog boxes.

TTY:
  Compiling in support for ncurses.

Images:
  Compiling in support for GIF  images (builtin).
  Compiling in support for XPM  images.
  Compiling in support for PNG  images.
  Compiling in support for JPEG images.
  Compiling in support for TIFF images.
  Compiling in support for X-Face message headers.

Sound:
  Compiling in support for sound (native).
  Compiling in support for NAS (network audio system).

Databases:
  Compiling in support for LDAP.
  Compiling in support for PostgreSQL.
    - Using PostgreSQL header file:  pgsql/libpq-fe.h
    - Using PostgreSQL V7 bindings.

Internationalization:
  Compiling in support for Mule (multi-lingual Emacs).
  Compiling in support for file coding.
  Compiling in support for XIM (X11R5+ I18N input method).
    - Using raw Xlib to provide XIM support.
    - Using XFontSet to provide bilingual menubar.

Mail:
  Compiling in support for POP mail retrieval.
  Compiling in support for "lockf" mail spool file locking method.

Other Features:
  Inhibiting IPv6 canonicalization at startup.
  Compiling in support for dynamic shared object modules.
  Using the new portable dumper.
  Compiling in support for extra debugging code.
  WARNING: ---------------------------------------------------------
  WARNING: Compiling in support for runtime error checking.
  WARNING: XEmacs will run noticeably more slowly as a result.
  WARNING: Error checking is on by default for XEmacs beta releases.
  WARNING: ---------------------------------------------------------

More information about the XEmacs-Beta mailing list