[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sed SEGV bug detected by ASAN
From: |
project-repo |
Subject: |
Re: sed SEGV bug detected by ASAN |
Date: |
Sat, 11 Aug 2018 11:01:28 +0200 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Hi,
Sorry guys, that bug was the result of me tampering around with sed and
not reverting my changes before I started fuzzing again. However, I
believe that I have now found an actual bug as I was able to reproduce
this bug on a clean repository cloned this morning. Following is a
detailed backtrace of this bug.
ASAN:DEADLYSIGNAL
=================================================================
==4164==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x55a49c22e986 bp 0x7ffdb9c9ae60 sp 0x7ffdb9c9ad80 T0)
==4164==The signal is caused by a READ memory access.
==4164==Hint: address points to the zero page.
#0 0x55a49c22e985 in re_string_peek_byte_case lib/regex_internal.c:849
#1 0x55a49c22e985 in peek_token lib/regcomp.c:1830
#2 0x55a49c273120 in fetch_token lib/regcomp.c:1790
#3 0x55a49c273120 in parse_expression lib/regcomp.c:2459
#4 0x55a49c282c66 in parse_branch lib/regcomp.c:2221
#5 0x55a49c283a21 in parse_reg_exp lib/regcomp.c:2173
#6 0x55a49c286526 in parse lib/regcomp.c:2141
#7 0x55a49c286526 in re_compile_internal lib/regcomp.c:803
#8 0x55a49c290118 in rpl_re_compile_pattern lib/regcomp.c:230
#9 0x55a49c1a5266 in compile_regex_1 sed/regexp.c:113
#10 0x55a49c1a5266 in compile_regex sed/regexp.c:190
#11 0x55a49c1813f0 in compile_address sed/compile.c:953
#12 0x55a49c187b62 in compile_program sed/compile.c:1029
#13 0x55a49c192bf4 in compile_file sed/compile.c:1593
#14 0x55a49c17b38a in main sed/sed.c:280
#15 0x7fef9979ba86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
#16 0x55a49c17c239 in _start (/home/jefeus/sed/sed/sed+0xc239)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV lib/regex_internal.c:849 in
re_string_peek_byte_case
==4164==ABORTING
This bug can be reproduced by calling sed as 'sed -f min <(echo " ")',
where min is the attached file. I hope I'm not doing another stupid
mistake and this is an actual bug.
cheers,
project-repo
PS. The build-asan Makefile option is awesome!
In-Reply-To: <address@hidden>
On Fri, Aug 10, 2018 at 06:11:06PM -0600, Assaf Gordon wrote:
> Hello,
>
> > ----- Forwarded message from project-repo <address@hidden> -----
> >
> > This bug can be reproduced by calling sed as 'sed -f min <(echo " ")',
> > where min is the file attached.
>
> Thanks for the report.
>
> This time I'm unable to reproduce it locally.
> I'm using latest sed from git ( v4.5-27-g36e3485 ),
> with gnulib version c5e76a9560 ( v0.1-2015-gc5e76a956 ),
> compiled with gcc-8.2 and gcc-6.3.
> I tried with both ASAN and valgrind, and they don't report
> a SEGV.
>
> May I ask for more details? which git version are you using,
> did you re-run "./bootstrap", which compiler, etc?
>
> Thanks!
> - assaf
>
>
min
Description: Binary data