From xemacs-m  Fri Feb 14 22:30:49 1997
Received: from jagor.srce.hr (hniksic@jagor.srce.hr [161.53.2.130])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id WAA27986
	for <xemacs-beta@xemacs.org>; Fri, 14 Feb 1997 22:30:48 -0600 (CST)
Received: (from hniksic@localhost)
          by jagor.srce.hr (8.8.5/8.8.4)
	  id FAA22576; Sat, 15 Feb 1997 05:30:46 +0100 (MET)
Sender: hniksic@public.srce.hr
To: xemacs-beta@xemacs.org
Subject: Possible regexp crash
X-URL: ftp://gnjilux.cc.fer.hr/pub/unix/util/wget/
X-Attribution: Hrv
X-Face: &}4JQk=L;e.~x+|eo]#DGk@x3~ed!.~lZ}YQcYb7f[WL9L'Z*+OyA\nAEL1M(".[qvI#a2E
 6WYI5>>e7'@_)3Ol9p|Nn2wNa/;~06jL*B%tTcn/XvhAu7qeES0\|MF%$;sI#yn1+y"
From: Hrvoje Niksic <hniksic@srce.hr>
Date: 15 Feb 1997 05:30:44 +0100
Message-ID: <kigwwsaitcb.fsf@jagor.srce.hr>
Lines: 188
X-Mailer: Gnus v5.4.12/XEmacs 19.14

Oh, it's a crash all right.  One of the repeateble ones (even 19.14
and 20.0-nomule, sparc-sun-solaris and alpha-dec-osf*), I guess it's
the result of a regexp overflow.  Go to the beginning of a large
buffer (I use gnus.texi), and evaluate:

(re-search-forward "\\(.\\|\n\\)*")

and there it goes.  Of course, this is an evil regexp that would
probably produce an overflow in every decent matcher, but XEmacs
crashes.  GNU Emacs 19.34 just says `Stack overflow in regexp
matcher".

The dump is in the following lines (regex.c):

4981              DEBUG_PRINT1 (":\n");
4982              PUSH_FAILURE_POINT (p + mcnt, d, -2);
4983              break;

PUSH_FAILURE_POINT is a big, ugly macro.  I'm not sure if it's
supposed to break the thing.

Perl5 coredumps on that one too. ;-)

The lisp backtrace is not worth mentioning.  The complete C backtrace
(I compile with -g) follows:

#0  0x3ff800e7a50 in kill ()
#1  0x120085b1c in fatal_error_signal (sig=535551000)
    at /home/hniksic/work/xemacs-20.0/src/emacs.c:200
#2  <signal handler called>
#3  0x120123a48 in re_match_2_internal (bufp=0x140179360, string1=0x0, 
    size1=0, 
    string2=0x24000 "\\input texinfo", ' ' <repeats 18 times>, "@c -*-texinfo-*-\n\n@setfilename ../info/gnus.info\n@settitle Gnus 5.2 Manual\n@synindex fn cp\n@synindex vr cp\n@synindex pg cp\n@iftex\n@finalout\n@end iftex\n@setchapternewpag"..., size2=442491, pos=0, regs=0x14014e0e0, stop=442491)
    at /home/hniksic/work/xemacs-20.0/src/regex.c:4982
#4  0x120121f1c in sys_re_search_2 (bufp=0x140179360, 
    string1=0x24000 "\\input texinfo", ' ' <repeats 18 times>, "@c -*-texinfo-*-\n\n@setfilename ../info/gnus.info\n@settitle Gnus 5.2 Manual\n@synindex fn cp\n@synindex vr cp\n@synindex pg cp\n@iftex\n@finalout\n@end iftex\n@setchapternewpag"..., size1=442491, string2=0x987d0 "", size2=0, startpos=0, range=442491, 
    regs=0x14014e0e0, stop=442491)
    at /home/hniksic/work/xemacs-20.0/src/regex.c:3938
#5  0x1201294f8 in search_buffer (buf=0x140429800, string={s = {type_mark = 0, 
        val = 335629838}, gu = {type = Lisp_Int, markbit = 0, 
        val = 335629838}, i = 5370077408, v = 0x14014e0e0, cv = 0x14014e0e0}, 
    bufpos=1, buflim=1, n=1, RE=1, trt=0x140187cb0 "", 
    inverse_trt=0x140187dc0 "", posix=0)
    at /home/hniksic/work/xemacs-20.0/src/search.c:1156
#6  0x120128f04 in search_command (string={s = {type_mark = 3, 
        val = 5372555192}, gu = {type = Lisp_String, markbit = 0, 
        val = 5372555192}, i = 85960883075, v = 0x1403aafb83, 
      cv = 0x1403aafb83}, bound={s = {type_mark = 12, val = 27655}, gu = {
        type = Lisp_Vector, markbit = 1, val = 27655}, i = 442492, 
      v = 0x6c07c, cv = 0x6c07c}, no_error={s = {type_mark = 1, 
        val = 5370320904}, gu = {type = Lisp_Record, markbit = 0, 
        val = 5370320904}, i = 85925134465, v = 0x1401898081, 
      cv = 0x1401898081}, count={s = {type_mark = 0, val = 301968908}, gu = {
        type = Lisp_Int, markbit = 0, val = 301968908}, i = 4831502528, 
      v = 0x11ffae0c0, cv = 0x11ffae0c0}, buffer={s = {type_mark = 0, 
        val = 301927948}, gu = {type = Lisp_Int, markbit = 0, 
        val = 301927948}, i = 4830847168, v = 0x11ff0e0c0, cv = 0x11ff0e0c0}, 
    direction=1, RE=1, posix=0)
    at /home/hniksic/work/xemacs-20.0/src/search.c:975
#7  0x12012a5e8 in Fre_search_forward (regexp={s = {type_mark = 0, 
        val = 301968908}, gu = {type = Lisp_Int, markbit = 0, 
        val = 301968908}, i = 4831502528, v = 0x11ffae0c0, cv = 0x11ffae0c0}, 
    bound={s = {type_mark = 0, val = 0}, gu = {type = Lisp_Int, markbit = 0, 
        val = 0}, i = 0, v = 0x0, cv = 0x0}, no_error={s = {type_mark = 0, 
        val = 39037}, gu = {type = Lisp_Int, markbit = 0, val = 39037}, 
      i = 624592, v = 0x987d0, cv = 0x987d0}, count={s = {type_mark = 8, 
        val = 301968908}, gu = {type = Lisp_Int, markbit = 1, 
        val = 301968908}, i = 4831502536, v = 0x11ffae0c8, cv = 0x11ffae0c8}, 
    buffer={s = {type_mark = 0, val = 0}, gu = {type = Lisp_Int, markbit = 0, 
        val = 0}, i = 0, v = 0x0, cv = 0x0})
    at /home/hniksic/work/xemacs-20.0/src/search.c:1692
#8  0x1200904c0 in primitive_funcall (fn=0x3ff800eabd0 <memmove>, nargs=0, 
    args=0x11fd7e0c8) at /home/hniksic/work/xemacs-20.0/src/eval.c:3460
#9  0x12009074c in funcall_subr (subr=0x11ffae0c0, args=0x987d0)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3481
#10 0x12008f394 in Feval (form={s = {type_mark = 2, val = 5371858216}, gu = {
        type = Lisp_Cons, markbit = 0, val = 5371858216}, i = 85949731458, 
      v = 0x140300d282, cv = 0x140300d282})
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3029
#11 0x120090438 in primitive_funcall (fn=0x3ff800eabd0 <memmove>, nargs=0, 
    args=0x11fd7e0c8) at /home/hniksic/work/xemacs-20.0/src/eval.c:3456
#12 0x12009074c in funcall_subr (subr=0x11ffae0c0, args=0x987d0)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3481
#13 0x12008f894 in funcall_recording_as (recorded_as={s = {type_mark = 0, 
        val = 301968908}, gu = {type = Lisp_Int, markbit = 0, 
        val = 301968908}, i = 4831502528, v = 0x11ffae0c0, cv = 0x11ffae0c0}, 
    nargs=1, args=0x11fffe8d8)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3173
#14 0x12008fa18 in Ffuncall (nargs=0, args=0x987d0)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3217
#15 0x120061338 in Fbyte_code (bytestr={s = {type_mark = 3, val = 5369076352}, 
      gu = {type = Lisp_String, markbit = 0, val = 5369076352}, 
      i = 85905221635, v = 0x140059a803, cv = 0x140059a803}, vector={s = {
        type_mark = 4, val = 5369076584}, gu = {type = Lisp_Vector, 
        markbit = 0, val = 5369076584}, i = 85905225348, v = 0x140059b684, 
      cv = 0x140059b684}, maxdepth={s = {type_mark = 3, val = 0}, gu = {
        type = Lisp_String, markbit = 0, val = 0}, i = 3, v = 0x3, cv = 0x3})
    at /home/hniksic/work/xemacs-20.0/src/bytecode.c:418
#16 0x120090d18 in funcall_lambda (fun={s = {type_mark = 1, val = 5369076632}, 
      gu = {type = Lisp_Record, markbit = 0, val = 5369076632}, 
      i = 85905226113, v = 0x140059b981, cv = 0x140059b981}, nargs=1, 
    arg_vector=0x11fffee80) at /home/hniksic/work/xemacs-20.0/src/eval.c:3591
#17 0x12008f980 in funcall_recording_as (recorded_as={s = {type_mark = 0, 
        val = 301968908}, gu = {type = Lisp_Int, markbit = 0, 
        val = 301968908}, i = 4831502528, v = 0x11ffae0c0, cv = 0x11ffae0c0}, 
    nargs=1, args=0x11fffee78)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3189
#18 0x12008fa18 in Ffuncall (nargs=0, args=0x987d0)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3217
#19 0x1200901ac in Fapply (nargs=2, args=0x11fffee78)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3373
#20 0x1200916cc in apply1 (fn={s = {type_mark = 1, val = 5369076632}, gu = {
        type = Lisp_Record, markbit = 0, val = 5369076632}, i = 85905226113, 
      v = 0x140059b981, cv = 0x140059b981}, arg={s = {type_mark = 8, 
        val = 301858572}, gu = {type = Lisp_Int, markbit = 1, 
        val = 301858572}, i = 4829737160, v = 0x11fdff0c8, cv = 0x11fdff0c8})
    at /home/hniksic/work/xemacs-20.0/src/eval.c:3912
#21 0x120063c50 in Fcall_interactively (function={s = {type_mark = 1, 
        val = 5371221320}, gu = {type = Lisp_Record, markbit = 0, 
        val = 5371221320}, i = 85939541121, v = 0x1402655481, 
      cv = 0x1402655481}, record_flag={s = {type_mark = 1, val = 5370320904}, 
      gu = {type = Lisp_Record, markbit = 0, val = 5370320904}, 
      i = 85925134465, v = 0x1401898081, cv = 0x1401898081}, keys={s = {
        type_mark = 1, val = 5370320904}, gu = {type = Lisp_Record, 
        markbit = 0, val = 5370320904}, i = 85925134465, v = 0x1401898081, 
      cv = 0x1401898081}) at /home/hniksic/work/xemacs-20.0/src/callint.c:394
#22 0x12008e2a8 in Fcommand_execute (cmd={s = {type_mark = 1, 
        val = 5371221320}, gu = {type = Lisp_Record, markbit = 0, 
        val = 5371221320}, i = 85939541121, v = 0x1402655481, 
      cv = 0x1402655481}, record={s = {type_mark = 1, val = 5370320904}, gu = {
        type = Lisp_Record, markbit = 0, val = 5370320904}, i = 85925134465, 
      v = 0x1401898081, cv = 0x1401898081}, keys={s = {type_mark = 1, 
        val = 5370320904}, gu = {type = Lisp_Record, markbit = 0, 
        val = 5370320904}, i = 85925134465, v = 0x1401898081, 
      cv = 0x1401898081}) at /home/hniksic/work/xemacs-20.0/src/eval.c:2594
#23 0x1200a1170 in execute_command_event (command_builder=0x140353d00, event={
      s = {type_mark = 1, val = 5373262656}, gu = {type = Lisp_Record, 
        markbit = 0, val = 5373262656}, i = 85972202497, v = 0x140457b401, 
      cv = 0x140457b401})
    at /home/hniksic/work/xemacs-20.0/src/event-stream.c:3554
#24 0x1200a1838 in Fdispatch_event (event={s = {type_mark = 1, 
        val = 5373262656}, gu = {type = Lisp_Record, markbit = 0, 
        val = 5373262656}, i = 85972202497, v = 0x140457b401, 
      cv = 0x140457b401})
    at /home/hniksic/work/xemacs-20.0/src/event-stream.c:3847
#25 0x12006b400 in Fcommand_loop_1 ()
    at /home/hniksic/work/xemacs-20.0/src/cmdloop.c:540
#26 0x12006b140 in command_loop_1 (dummy={s = {type_mark = 0, 
        val = 301968908}, gu = {type = Lisp_Int, markbit = 0, 
        val = 301968908}, i = 4831502528, v = 0x11ffae0c0, cv = 0x11ffae0c0})
    at /home/hniksic/work/xemacs-20.0/src/cmdloop.c:460
#27 0x12008becc in condition_case_1 (handlers={s = {type_mark = 8, 
        val = 301858572}, gu = {type = Lisp_Int, markbit = 1, 
        val = 301858572}, i = 4829737160, v = 0x11fdff0c8, cv = 0x11fdff0c8}, 
    bfun=0x12006b100 <command_loop_1>, barg={s = {type_mark = 1, 
        val = 5370320904}, gu = {type = Lisp_Record, markbit = 0, 
        val = 5370320904}, i = 85925134465, v = 0x1401898081, 
      cv = 0x1401898081}, hfun=0x12006a848 <cmd_error>, harg={s = {
        type_mark = 1, val = 5370320904}, gu = {type = Lisp_Record, 
        markbit = 0, val = 5370320904}, i = 85925134465, v = 0x1401898081, 
      cv = 0x1401898081}) at /home/hniksic/work/xemacs-20.0/src/eval.c:1647
#28 0x12006aa28 in command_loop_3 ()
    at /home/hniksic/work/xemacs-20.0/src/cmdloop.c:222
#29 0x12006aa64 in command_loop_2 (dummy={s = {type_mark = 0, 
        val = 301968908}, gu = {type = Lisp_Int, markbit = 0, 
        val = 301968908}, i = 4831502528, v = 0x11ffae0c0, cv = 0x11ffae0c0})
    at /home/hniksic/work/xemacs-20.0/src/cmdloop.c:233
#30 0x12008b8d4 in internal_catch (tag={s = {type_mark = 0, val = 301968908}, 
      gu = {type = Lisp_Int, markbit = 0, val = 301968908}, i = 4831502528, 
      v = 0x11ffae0c0, cv = 0x11ffae0c0}, func=0x12006aa48 <command_loop_2>, 
    arg={s = {type_mark = 1, val = 5370320904}, gu = {type = Lisp_Record, 
        markbit = 0, val = 5370320904}, i = 85925134465, v = 0x1401898081, 
      cv = 0x1401898081}, threw=0x0)
    at /home/hniksic/work/xemacs-20.0/src/eval.c:1324
#31 0x12006aca0 in initial_command_loop (load_me={s = {type_mark = 0, 
        val = 0}, gu = {type = Lisp_Int, markbit = 0, val = 0}, i = 0, 
      v = 0x0, cv = 0x0}) at /home/hniksic/work/xemacs-20.0/src/cmdloop.c:271
#32 0x120087790 in main_1 (argc=1, argv=0x11ffffa28, envp=0x0)
    at /home/hniksic/work/xemacs-20.0/src/emacs.c:1466
#33 0x1200881c4 in main (argc=535879872, argv=0x11ffae0c0, envp=0x0)
    at /home/hniksic/work/xemacs-20.0/src/emacs.c:1817


-- 
Hrvoje Niksic <hniksic@srce.hr> | Student at FER Zagreb, Croatia
--------------------------------+--------------------------------
"Silence!" cries Freydag. "I did not call thee in for a consultation!" 
"They are my innards! I will not have them misread by a poseur!"

