[Emacs-diffs] emacs-25 3a9d629: Avoid crashes when buffer modification hooks clobber match data

[Eli Zaretskii]

branch: emacs-25
commit 3a9d6296b35e5317c497674d5725eb52699bd3b8
Author: Eli Zaretskii <address@hidden>
Commit: Eli Zaretskii <address@hidden>

    Avoid crashes when buffer modification hooks clobber match data
    
    * src/search.c (Freplace_match): Error out if buffer modification
    hooks triggered by buffer changes in replace_range, upcase-region,
    and upcase-initials-region clobber the match data needed to be
    adjusted for the replacement.  (Bug#23869)
---
 src/search.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/search.c b/src/search.c
index f39df67..bcdd8f1 100644
--- a/src/search.c
+++ b/src/search.c
@@ -2684,6 +2684,14 @@ since only regular expressions have distinguished 
subexpressions.  */)
       xfree (substed);
     }
 
+  /* The functions below modify the buffer, so they could trigger
+     various modification hooks (see signal_before_change and
+     signal_after_change), which might clobber the match data we need
+     to adjust after the replacement.  If that happens, we error out.  */
+  ptrdiff_t sub_start = search_regs.start[sub];
+  ptrdiff_t sub_end = search_regs.end[sub];
+  unsigned  num_regs = search_regs.num_regs;
+
   /* Replace the old text with the new in the cleanest possible way.  */
   replace_range (search_regs.start[sub], search_regs.end[sub],
                 newtext, 1, 0, 1);
@@ -2696,6 +2704,11 @@ since only regular expressions have distinguished 
subexpressions.  */)
     Fupcase_initials_region (make_number (search_regs.start[sub]),
                             make_number (newpoint));
 
+  if (search_regs.start[sub] != sub_start
+      || search_regs.end[sub] != sub_end
+      || search_regs.num_regs != num_regs)
+    error ("Match data clobbered by buffer modification hooks");
+
   /* Adjust search data for this change.  */
   {
     ptrdiff_t oldend = search_regs.end[sub];