bug-grep
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19061: [PATCH] dfa: building superset, access to unallocated memory

From: Norihiro Tanaka
Subject: bug#19061: [PATCH] dfa: building superset, access to unallocated memory
Date: Sun, 16 Nov 2014 10:06:41 +0900 
On Sat, 15 Nov 2014 10:00:49 -0800
Jim Meyering <address@hidden> wrote:
> Thank you for the patch.
> That seems like a fine change, but so far, I cannot see how
> it avoids accessing uninitialized memory.
> I do see that it fixes an error whereby memcpy was being
> called with its 2nd argument NULL, though in each case,
> the third argument is always 0.  Passing a NULL pointer as
> the 2nd argument to memcpy is officially "undefined
> behavior", and I confirmed that building with gcc and its
> "undefined behavior sanitizer", the problem was exposed,
> and that your patch fixes it.
> 
> Do you know of a way to make grep crash, as stated in your
> proposed NEWS entry?  If so, please give details.
> 
> It is UB after all.  Perhaps you found a system whose memcpy
> dereferences the source pointer even when the size is 0?

Thanks for the review.

I ran accross this problem when I made next improvement.  If size is 0,
when dfa_charclass_index has been called, the crash was caused.  And If
I fixed it, the crash was not caused.  So I think that it is a bug.

However, I deleted the branch as the improvement was bad.  And I cannot
see cause of the bug in the source code.  I seem that the code has no bug.
Further more, I could not reproduce it, though I re-wrote a similar code
to the branch.

Possibly other changes which I made are bad, and it might cause a
buffer-overrun and override memory range for characlasses in the branch.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]