sed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sed SEGV bug detected by ASAN


From: project-repo
Subject: Re: sed SEGV bug detected by ASAN
Date: Sat, 11 Aug 2018 11:01:28 +0200
User-agent: Mutt/1.10.1 (2018-07-13)

Hi,

Sorry guys, that bug was the result of me tampering around with sed and
not reverting my changes before I started fuzzing again. However, I
believe that I have now found an actual bug as I was able to reproduce
this bug on a clean repository cloned this morning. Following is a
detailed backtrace of this bug.

ASAN:DEADLYSIGNAL
=================================================================
==4164==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 
0x55a49c22e986 bp 0x7ffdb9c9ae60 sp 0x7ffdb9c9ad80 T0)
==4164==The signal is caused by a READ memory access.
==4164==Hint: address points to the zero page.
    #0 0x55a49c22e985 in re_string_peek_byte_case lib/regex_internal.c:849
    #1 0x55a49c22e985 in peek_token lib/regcomp.c:1830
    #2 0x55a49c273120 in fetch_token lib/regcomp.c:1790
    #3 0x55a49c273120 in parse_expression lib/regcomp.c:2459
    #4 0x55a49c282c66 in parse_branch lib/regcomp.c:2221
    #5 0x55a49c283a21 in parse_reg_exp lib/regcomp.c:2173
    #6 0x55a49c286526 in parse lib/regcomp.c:2141
    #7 0x55a49c286526 in re_compile_internal lib/regcomp.c:803
    #8 0x55a49c290118 in rpl_re_compile_pattern lib/regcomp.c:230
    #9 0x55a49c1a5266 in compile_regex_1 sed/regexp.c:113
    #10 0x55a49c1a5266 in compile_regex sed/regexp.c:190
    #11 0x55a49c1813f0 in compile_address sed/compile.c:953
    #12 0x55a49c187b62 in compile_program sed/compile.c:1029
    #13 0x55a49c192bf4 in compile_file sed/compile.c:1593
    #14 0x55a49c17b38a in main sed/sed.c:280
    #15 0x7fef9979ba86 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
    #16 0x55a49c17c239 in _start (/home/jefeus/sed/sed/sed+0xc239)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV lib/regex_internal.c:849 in 
re_string_peek_byte_case
==4164==ABORTING

This bug can be reproduced by calling sed as 'sed -f min <(echo " ")',
where min is the attached file. I hope I'm not doing another stupid
mistake and this is an actual bug.

cheers,
project-repo

PS. The build-asan Makefile option is awesome!

In-Reply-To: <address@hidden>

On Fri, Aug 10, 2018 at 06:11:06PM -0600, Assaf Gordon wrote:
> Hello,
> 
> > ----- Forwarded message from project-repo <address@hidden> -----
> > 
> > This bug can be reproduced by calling sed as 'sed -f min <(echo " ")',
> > where min is the file attached.
> 
> Thanks for the report.
> 
> This time I'm unable to reproduce it locally.
> I'm using latest sed from git ( v4.5-27-g36e3485 ),
> with gnulib version c5e76a9560 ( v0.1-2015-gc5e76a956 ),
> compiled with gcc-8.2 and gcc-6.3.
> I tried with both ASAN and valgrind, and they don't report
> a SEGV.
> 
> May I ask for more details? which git version are you using,
> did you re-run "./bootstrap", which compiler, etc?
> 
> Thanks!
>  - assaf
> 
> 

Attachment: min
Description: Binary data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]