diff options
| author | Eli Zaretskii | 2016-07-04 18:34:40 +0300 |
|---|---|---|
| committer | Eli Zaretskii | 2016-07-04 18:34:40 +0300 |
| commit | 3a9d6296b35e5317c497674d5725eb52699bd3b8 (patch) | |
| tree | e13372abfb6aec9edee8e5a0400cb6807eb0a77c /src | |
| parent | 178b2f590982e37991bc72b08a9e02b64d750601 (diff) | |
| download | emacs-3a9d6296b35e5317c497674d5725eb52699bd3b8.tar.gz emacs-3a9d6296b35e5317c497674d5725eb52699bd3b8.zip | |
Avoid crashes when buffer modification hooks clobber match data
* src/search.c (Freplace_match): Error out if buffer modification
hooks triggered by buffer changes in replace_range, upcase-region,
and upcase-initials-region clobber the match data needed to be
adjusted for the replacement. (Bug#23869)
Diffstat (limited to 'src')
| -rw-r--r-- | src/search.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/search.c b/src/search.c index f39df6784c3..bcdd8f16d0b 100644 --- a/src/search.c +++ b/src/search.c | |||
| @@ -2684,6 +2684,14 @@ since only regular expressions have distinguished subexpressions. */) | |||
| 2684 | xfree (substed); | 2684 | xfree (substed); |
| 2685 | } | 2685 | } |
| 2686 | 2686 | ||
| 2687 | /* The functions below modify the buffer, so they could trigger | ||
| 2688 | various modification hooks (see signal_before_change and | ||
| 2689 | signal_after_change), which might clobber the match data we need | ||
| 2690 | to adjust after the replacement. If that happens, we error out. */ | ||
| 2691 | ptrdiff_t sub_start = search_regs.start[sub]; | ||
| 2692 | ptrdiff_t sub_end = search_regs.end[sub]; | ||
| 2693 | unsigned num_regs = search_regs.num_regs; | ||
| 2694 | |||
| 2687 | /* Replace the old text with the new in the cleanest possible way. */ | 2695 | /* Replace the old text with the new in the cleanest possible way. */ |
| 2688 | replace_range (search_regs.start[sub], search_regs.end[sub], | 2696 | replace_range (search_regs.start[sub], search_regs.end[sub], |
| 2689 | newtext, 1, 0, 1); | 2697 | newtext, 1, 0, 1); |
| @@ -2696,6 +2704,11 @@ since only regular expressions have distinguished subexpressions. */) | |||
| 2696 | Fupcase_initials_region (make_number (search_regs.start[sub]), | 2704 | Fupcase_initials_region (make_number (search_regs.start[sub]), |
| 2697 | make_number (newpoint)); | 2705 | make_number (newpoint)); |
| 2698 | 2706 | ||
| 2707 | if (search_regs.start[sub] != sub_start | ||
| 2708 | || search_regs.end[sub] != sub_end | ||
| 2709 | || search_regs.num_regs != num_regs) | ||
| 2710 | error ("Match data clobbered by buffer modification hooks"); | ||
| 2711 | |||
| 2699 | /* Adjust search data for this change. */ | 2712 | /* Adjust search data for this change. */ |
| 2700 | { | 2713 | { |
| 2701 | ptrdiff_t oldend = search_regs.end[sub]; | 2714 | ptrdiff_t oldend = search_regs.end[sub]; |