Markus Linnala <maage(a)cs.tut.fi> writes:
eval
(string-match "\\(\\.\\=\\)" ".")
The crash is caused by buffer bound checking code. When
matching against string, pointer d in re_match_2_internal
does not point to a string inside the buffer.
BI_BUF_PTR_BYTE_POS returns right value only when d points
inside the buffer.
This patch checks if the value is reasonable so that assert
won't be hit. I'm not so good at this regexp stuff, so I'd
appreciate it very much if someone comes up with a better
fix.
I guess this can be tested by others with following patch.
Index: tests/automated/lisp-tests.el
Thanks. I've applied it to the sources.
2000-08-03 Yoshiki Hayashi <yoshiki(a)xemacs.org>
* regex.c (re_match_2_internal): Check if pointer is inside
a buffer so that assert won't be triggered when matching against
strings.
* buffer.h (VALID_BUF_PTR_P): New macro.
Index: buffer.h
===================================================================
RCS file: /usr/CVSroot/XEmacs/xemacs/src/buffer.h,v
retrieving revision 1.13.2.21
diff -u -r1.13.2.21 buffer.h
--- buffer.h 2000/07/21 10:15:48 1.13.2.21
+++ buffer.h 2000/08/03 08:23:44
@@ -636,6 +636,9 @@
#define BUF_PTR_BYTE_POS(buf, ptr) \
bytind_to_bufpos (buf, BI_BUF_PTR_BYTE_POS (buf, ptr))
+#define VALID_BUF_PTR_P(buf, ptr) \
+ valid_memind_p (buf, bytind_to_memind (buf, BI_BUF_PTR_BYTE_POS (buf, ptr)))
+
/* Address of byte at position POS in buffer. */
INLINE_HEADER Bufbyte * BI_BUF_BYTE_ADDRESS (struct buffer *buf, Bytind pos);
INLINE_HEADER Bufbyte *
Index: regex.c
===================================================================
RCS file: /usr/CVSroot/XEmacs/xemacs/src/regex.c,v
retrieving revision 1.22.2.6
diff -u -r1.22.2.6 regex.c
--- regex.c 2000/03/13 07:28:04 1.22.2.6
+++ regex.c 2000/08/03 08:23:45
@@ -5500,21 +5500,24 @@
#ifdef emacs
case before_dot:
DEBUG_PRINT1 ("EXECUTING before_dot.\n");
- if (BUF_PTR_BYTE_POS (regex_emacs_buffer, (unsigned char *) d) >=
- BUF_PT (regex_emacs_buffer))
+ if (!VALID_BUF_PTR_P (regex_emacs_buffer, (unsigned char *) d)
+ || BUF_PTR_BYTE_POS (regex_emacs_buffer, (unsigned char *) d)
+ >= BUF_PT (regex_emacs_buffer))
goto fail;
break;
case at_dot:
DEBUG_PRINT1 ("EXECUTING at_dot.\n");
- if (BUF_PTR_BYTE_POS (regex_emacs_buffer, (unsigned char *) d)
+ if (!VALID_BUF_PTR_P (regex_emacs_buffer, (unsigned char *) d)
+ || BUF_PTR_BYTE_POS (regex_emacs_buffer, (unsigned char *) d)
!= BUF_PT (regex_emacs_buffer))
goto fail;
break;
case after_dot:
DEBUG_PRINT1 ("EXECUTING after_dot.\n");
- if (BUF_PTR_BYTE_POS (regex_emacs_buffer, (unsigned char *) d)
+ if (!VALID_BUF_PTR_P (regex_emacs_buffer, (unsigned char *) d)
+ || BUF_PTR_BYTE_POS (regex_emacs_buffer, (unsigned char *) d)
<= BUF_PT (regex_emacs_buffer))
goto fail;
break;
--
Yoshiki Hayashi