Commit 3a9d6296 authored by Eli Zaretskii's avatar Eli Zaretskii
Browse files

Avoid crashes when buffer modification hooks clobber match data

* src/search.c (Freplace_match): Error out if buffer modification
hooks triggered by buffer changes in replace_range, upcase-region,
and upcase-initials-region clobber the match data needed to be
adjusted for the replacement.  (Bug#23869)
parent 178b2f59
......@@ -2684,6 +2684,14 @@ since only regular expressions have distinguished subexpressions. */)
xfree (substed);
}
/* The functions below modify the buffer, so they could trigger
various modification hooks (see signal_before_change and
signal_after_change), which might clobber the match data we need
to adjust after the replacement. If that happens, we error out. */
ptrdiff_t sub_start = search_regs.start[sub];
ptrdiff_t sub_end = search_regs.end[sub];
unsigned num_regs = search_regs.num_regs;
/* Replace the old text with the new in the cleanest possible way. */
replace_range (search_regs.start[sub], search_regs.end[sub],
newtext, 1, 0, 1);
......@@ -2696,6 +2704,11 @@ since only regular expressions have distinguished subexpressions. */)
Fupcase_initials_region (make_number (search_regs.start[sub]),
make_number (newpoint));
if (search_regs.start[sub] != sub_start
|| search_regs.end[sub] != sub_end
|| search_regs.num_regs != num_regs)
error ("Match data clobbered by buffer modification hooks");
/* Adjust search data for this change. */
{
ptrdiff_t oldend = search_regs.end[sub];
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment