[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44538: grep -E might exhaust stack space
|
From: |
JIang Yuancheng |
|
Subject: |
bug#44538: grep -E might exhaust stack space |
|
Date: |
Tue, 10 Nov 2020 01:34:47 +0800 |
Hi,
grep -E “.*{10,}{10,}{10,}{10,}{10,}” can exhaust stack space then stack
overflow comes out. (Tested on latest version 3.6)
jyc@ubuntu18:~/GREP/grep-3.6/src$ ./grep -E ".*{10,}{10,}{10,}{10,}{10,}"
grep: stack overflow
Gdb information:
[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x20 (' ')
RCX: 0x555555799010 --> 0x705070701010700
RDX: 0x0
RSI: 0x8
RDI: 0x7ffff7b5dc40 --> 0x0
RBP: 0xffffffffffffffb0
RSP: 0x7fffff7fefa0
RIP: 0x7ffff780637e (<_int_malloc+62>: mov QWORD PTR [rsp+0x8],rsi)
R8 : 0x68b1d
R9 : 0x0
R10: 0x555555799010 --> 0x705070701010700
R11: 0x0
R12: 0x7ffff4d228f8 --> 0x0
R13: 0x3458e8
R14: 0x0
R15: 0x55555579e460 --> 0x7ffff545e010 --> 0x2e ('.')
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
0x7ffff7806373 <_int_malloc+51>: test al,al
0x7ffff7806375 <_int_malloc+53>: jne 0x7ffff7806a58 <_int_malloc+1816>
0x7ffff780637b <_int_malloc+59>: test rdi,rdi
=> 0x7ffff780637e <_int_malloc+62>: mov QWORD PTR [rsp+0x8],rsi
0x7ffff7806383 <_int_malloc+67>: mov r14,rdi
0x7ffff7806386 <_int_malloc+70>: je 0x7ffff7806a38 <_int_malloc+1784>
0x7ffff780638c <_int_malloc+76>: mov r15d,ebx
0x7ffff780638f <_int_malloc+79>: shr r15d,0x4
[------------------------------------stack-------------------------------------]
Invalid $SP address: 0x7fffff7fefa0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff780637e in _int_malloc (av=av@entry=0x7ffff7b5dc40 <main_arena>,
bytes=bytes@entry=0x8)
at malloc.c:3557
3557 malloc.c: No such file or directory.
ASAN:
=================================================================
==12861==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9c8afc8 (pc
0x7f9f6989dd2e bp 0x7fffe9c8b060 sp 0x7fffe9c8afd0 T0)
#0 0x7f9f6989dd2d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
#1 0x7f9f69954b0a in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
#2 0x555aa36928ec in re_node_set_alloc
/home/jyc/GREP/grep-3.6/lib/regex_internal.c:973
#3 0x555aa369f8cf in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1700
#4 0x555aa369fe25 in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#5 0x555aa369fe25 in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#6 0x555aa369fe25 in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
…
#248 0x555aa369fe25 in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#249 0x555aa369fe25 in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#250 0x555aa369fe25 in calc_eclosure_iter
/home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
SUMMARY: AddressSanitizer: stack-overflow
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
==12861==ABORTING
Thanks,
Yuancheng
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#44538: grep -E might exhaust stack space,
JIang Yuancheng <=