Avoid crashes when buffer modification hooks clobber match data

* src/search.c (Freplace_match): Error out if buffer modification hooks triggered by buffer changes in replace_range, upcase-region, and upcase-initials-region clobber the match data needed to be adjusted for the replacement. (Bug#23869)
2016-07-04 18:34:40 +03:00 · 2016-07-04 18:34:40 +03:00 · 3a9d6296b3
commit 3a9d6296b3
parent 178b2f5909
1 changed files with 13 additions and 0 deletions
--- a/src/search.c
+++ b/src/search.c
@ -2684,6 +2684,14 @@ since only regular expressions have distinguished subexpressions.  */)
      xfree (substed);
    }
  /* The functions below modify the buffer, so they could trigger
     various modification hooks (see signal_before_change and
     signal_after_change), which might clobber the match data we need
     to adjust after the replacement.  If that happens, we error out.  */
  ptrdiff_t sub_start = search_regs.start[sub];
  ptrdiff_t sub_end = search_regs.end[sub];
  unsigned  num_regs = search_regs.num_regs;
  /* Replace the old text with the new in the cleanest possible way.  */
  replace_range (search_regs.start[sub], search_regs.end[sub],
 		 newtext, 1, 0, 1);
@ -2696,6 +2704,11 @@ since only regular expressions have distinguished subexpressions.  */)
    Fupcase_initials_region (make_number (search_regs.start[sub]),
 			     make_number (newpoint));
  if (search_regs.start[sub] != sub_start
      || search_regs.end[sub] != sub_end
      || search_regs.num_regs != num_regs)
    error ("Match data clobbered by buffer modification hooks");
  /* Adjust search data for this change.  */
  {
    ptrdiff_t oldend = search_regs.end[sub];