Re: bug#34141: Stackoverflow triggered at lib/regexec.c:1948

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug#34141: Stackoverflow triggered at lib/regexec.c:1948

From:	Assaf Gordon
Subject:	Re: bug#34141: Stackoverflow triggered at lib/regexec.c:1948
Date:	Sun, 20 Jan 2019 02:20:57 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

(forwarding to gnulib)

Hello,

Hongxu Chen reported a stack-overflow in regexec.
I suspect it is the same as the one reported here:
  https://lists.gnu.org/r/bug-gnulib/2018-09/msg00066.html

But just in case, the full report is below.

regards,
 - assaf

On 2019-01-19 10:58 p.m., Hongxu Chen wrote:

Hi,

     Latest sed (4.7.4-f8503-dirty; and prior to this, e.g. 4.4) may trigger
a stack overflow error by executing the following command.

     echo 0 | ./sed '/\(\)\(\1\(\)\1\(\)\)*/c0'    # equivalently sed -f
c01.sed c01.in

     ASan reports like this:
AddressSanitizer:DEADLYSIGNAL



=================================================================



==26879==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea609bff8
(pc 0x0000005b0b76 bp 0x7ffea609c090 sp 0x7ffea609bf20 T0)


     #0 0x5b0b75 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18


     #1 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #2 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #3 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #4 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #5 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #6 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #7 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
...
     #247 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #248 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


     #249 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7






SUMMARY: AddressSanitizer: stack-overflow
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18 in
check_dst_limits_calc_pos_1

==26879==ABORTING

Best Regards,
Hongxu

[Prev in Thread]

Current Thread

[Next in Thread]

Re: bug#34141: Stackoverflow triggered at lib/regexec.c:1948, Assaf Gordon <=

Prev by Date: Re: bug#34142: AddressSanitizer reported heap-buffer-overflow
Next by Date: Re: VLA and alloca
Previous by thread: Re: bug#34142: AddressSanitizer reported heap-buffer-overflow
Next by thread: Defeat current GCC optimizations in math autoconf tests
Index(es):
- Date
- Thread