texinfo 6.4: info crashes on C-s \ x

Wed, 02 Aug 2017 08:29:13 -0700 

Hi,

info from texinfo 6.4 crashes when the first char of a regexp i-search
is a backslash, and then something is typed:  C-s \ x

regexp error: Trailing backslash
Program received signal SIGSEGV, Segmentation fault.
    __GI___libc_free (mem=0xa47) at malloc.c:2928
2928    malloc.c: No such file or directory.
(gdb) l
2923    in malloc.c
(gdb) bt
#0  __GI___libc_free (mem=0xa47) at malloc.c:2928
#1  0x000055555556f85c in free_matches (state=state@entry=0x7fffffffe150)
    at search.c:480
#2  0x0000555555572733 in info_search_in_node_internal (
    window=window@entry=0x5555558444c0, node=node@entry=0x55555584eb80, 
    string=string@entry=0x55555584e6a0 "\\", start=<optimized out>, 
    dir=dir@entry=1, case_sensitive=case_sensitive@entry=0, match_regexp=1, 
    poff=0x7fffffffe308) at session.c:3957
#3  0x0000555555572b25 in info_search_internal (
    string=string@entry=0x55555584e6a0 "\\", 
    window=window@entry=0x5555558444c0, dir=<optimized out>, case_sensitive=0, 
    start_off=start_off@entry=0x7fffffffe308) at session.c:4080
#4  0x000055555557362e in incremental_search (window=0x5555558444c0, 
    count=<optimized out>) at session.c:5198
#5  0x0000555555578199 in info_read_and_dispatch () at session.c:253
#6  0x000055555557834b in info_session (ref_list=<optimized out>, 
    user_filename=<optimized out>, error=<optimized out>) at session.c:221
#7  0x000055555555c9e4 in main (argc=<optimized out>, argv=<optimized out>)
    at info.c:1079
(gdb) p *state
$2 = {matches = 0xa47, match_count = 4096, match_alloc = 8, 
  finished = 1501678829, regex = {buffer = 0x18f23b05, allocated = 1484145823, 
    used = 0, syntax = 1484226471, 
    fastmap = 0x29937c30 <error: Cannot access memory at address 0x29937c30>, 
    translate = 0x0, re_nsub = 0, can_be_null = 0, regs_allocated = 0, 
    fastmap_accurate = 0, no_sub = 0, not_bol = 0, not_eol = 0, 
    newline_anchor = 0}, buffer = 0x0, buflen = 3267013710450018048}

result is search_invalid, regcomp returned REG_EESCAPE, and I think
state is uninitialized and thus contains a "pointer" that crashes free().

Running Void Linux on x86_64/glibc, Linux 4.12.1, glibc glibc-2.25.

Thanks,
-- 
Leah Neukirchen  <[email protected]>  http://leah.zone

Reply via email to