Fix handling of allocation in regex matching
commitad66b3fadb7ae22a4cbb82bb1507c39ceadf3897
authorNoam Postavsky <npostavs@gmail.com>
Thu, 20 Oct 2016 00:23:50 +0000 (19 20:23 -0400)
committerNoam Postavsky <npostavs@gmail.com>
Sat, 22 Oct 2016 02:24:54 +0000 (21 22:24 -0400)
treebc3857bb1d0eeccfd16a0fb3e4d8cb44a9ebec56
parent5a26c9b0e1b0d9a2de35e0a8b0a803017e70def0
Fix handling of allocation in regex matching

`re_match_2_internal' uses pointers to the lisp objects that it
searches.  Since it may call malloc when growing the "fail stack", these
pointers may be invalidated while searching, resulting in memory
curruption (Bug #24358).

To fix this, we check the pointer that the lisp object (as specified by
re_match_object) points to before and after growing the stack, and
update existing pointers accordingly.

* src/regex.c (STR_BASE_PTR): New macro.
(ENSURE_FAIL_STACK, re_search_2): Use it to convert pointers into
offsets before possible malloc call, and back into pointers again
afterwards.
(POS_AS_IN_BUFFER): Add explanatory comment about punning trick.
* src/search.c (search_buffer): Instead of storing search location as
pointers, store them as pointers and recompute the corresponding address
for each call to `re_search_2'.
(string_match_1, fast_string_match_internal, fast_looking_at):
* src/dired.c (directory_files_internal): Set `re_match_object' to Qnil
after calling `re_search' or `re_match_2'.
* src/regex.h (re_match_object): Mention new usage in commentary.
src/dired.c
src/regex.c
src/regex.h
src/search.c