[Bug regex/18713] New: Segmentation Fault in check_matching at regexec.c:1142

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug regex/18713] New: Segmentation Fault in check_matching at regexec.c:1142

cvs-commit at gcc dot gnu.org
https://sourceware.org/bugzilla/show_bug.cgi?id=18713

            Bug ID: 18713
           Summary: Segmentation Fault in check_matching  at
                    regexec.c:1142
           Product: glibc
           Version: 2.12
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
          Assignee: unassigned at sourceware dot org
          Reporter: edwardsmaaail at gmail dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Program using regexec occurs segmentation fault.
And I cannot sure whether this is already fixed
(Of course this could be my program's bug.)


Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0  0x0000003dec4c9238 in check_halt_state_context (preg=0x7f9ea4a13270,
    string=0x7f9ea4704dd0 "\261\342\305\270", length=4, start=<value optimized
out>,
    range=4, stop=<value optimized out>, nmatch=<value optimized out>,
    pmatch=0x7f9ef86470b0, eflags=0) at regexec.c:1256
#1  check_matching (preg=0x7f9ea4a13270, string=0x7f9ea4704dd0
"\261\342\305\270",
    length=4, start=<value optimized out>, range=4, stop=<value optimized out>,
    nmatch=<value optimized out>, pmatch=0x7f9ef86470b0, eflags=0) at
regexec.c:1142
#2  re_search_internal (preg=0x7f9ea4a13270, string=0x7f9ea4704dd0
"\261\342\305\270",
    length=4, start=<value optimized out>, range=4, stop=<value optimized out>,
    nmatch=<value optimized out>, pmatch=0x7f9ef86470b0, eflags=0) at
regexec.c:843
#3  0x0000003dec4c9513 in __regexec (preg=0x7f9ea4a13270,
    string=0x7f9ea4704dd0 "\261\342\305\270", nmatch=1, pmatch=0x7f9ef86470b0,
    eflags=<value optimized out>) at regexec.c:251
#4  0x00000000004cb1da in check_regexec_data (content=0x7f9ea4704dd0
"\261\342\305\270") at checkregexec.c:7102
...



(gdb) bt full
#0  0x0000003dec4c9238 in check_halt_state_context (preg=0x7f9ea4a13270,
    string=0x7f9ea4704dd0 "\261\342\305\270", length=4, start=<value optimized
out>,
    range=4, stop=<value optimized out>, nmatch=<value optimized out>,
    pmatch=0x7f9ef86470b0, eflags=0) at regexec.c:1256
        i = 0
        context = 0
#1  check_matching (preg=0x7f9ea4a13270, string=0x7f9ea4704dd0
"\261\342\305\270",
    length=4, start=<value optimized out>, range=4, stop=<value optimized out>,
    nmatch=<value optimized out>, pmatch=0x7f9ef86470b0, eflags=0) at
regexec.c:1142
        dfa = <value optimized out>
        err = REG_NOERROR
        match = 0
        match_last = -1
        next_start_idx = 0
        cur_str_idx = 0
        cur_state = <value optimized out>
        at_init_state = 1
#2  re_search_internal (preg=0x7f9ea4a13270, string=0x7f9ea4704dd0
"\261\342\305\270",
    length=4, start=<value optimized out>, range=4, stop=<value optimized out>,
    nmatch=<value optimized out>, pmatch=0x7f9ef86470b0, eflags=0) at
regexec.c:843
        err = <value optimized out>
        dfa = 0x7f9ea49b0d60
        left_lim = 0
        right_lim = 4
        incr = <value optimized out>
        fl_longest_match = 1
        match_first = 1
        match_kind = 6
        match_last = <value optimized out>
        extra_nmatch = 0
        sb = 1
        mctx = {
          input = {
            raw_mbs = 0x7f9ea4704dd0 "\261\342\305\270",
            mbs = 0x7f9ea4704dd1 "\342\305\270",
            wcs = 0x0,
            offsets = 0x0,
            cur_state = {
              __count = 0,
              __value = {
                __wch = 0,
                __wchb = "\000\000\000"
              }
            },
            raw_mbs_idx = 1,
            valid_len = 3,
            valid_raw_len = 3,
            bufs_len = 5,
            cur_idx = 0,
            raw_len = 4,
            len = 3,
            raw_stop = 4,
            stop = 3,
            tip_context = 0,
            trans = 0x0,
            word_char = 0x7f9ea49b0e08,
            icase = 0 '\000',
            is_utf8 = 0 '\000',
            map_notascii = 0 '\000',
            mbs_allocated = 0 '\000',
            offsets_needed = 0 '\000',
            newline_anchor = 0 '\000',
            word_ops_used = 0 '\000',
            mb_cur_max = 1
          },
          dfa = 0x7f9ea49b0d60,
          eflags = 0,
          match_last = -1,
          last_node = 0,
          state_log = 0x0,
          state_log_top = 0,
          nbkref_ents = 0,
          abkref_ents = 0,
          bkref_ents = 0x0,
          max_mb_elem_len = 0,
          nsub_tops = 0,
          asub_tops = 0,
          sub_tops = 0x0
        }
        fastmap = 0x7f9ef428c440 ""
        t = 0x0
#3  0x0000003dec4c9513 in __regexec (preg=0x7f9ea4a13270,
    string=0x7f9ea4704dd0 "\261\342\305\270", nmatch=1, pmatch=0x7f9ef86470b0,
    eflags=<value optimized out>) at regexec.c:251
        err = <value optimized out>
        start = <value optimized out>
        length = <value optimized out>
        dfa = 0x7f9ea49b0d60
#4  0x00000000004cb1da in check_regexec_data (content=0x7f9ea4704dd0
"\261\342\305\270") at checkregexec.c:7102
        ret = <value optimized out>
        txn = <value optimized out>
        str = <value optimized out>
        rm = {
          rm_so = 401442672,
          rm_eo = 32671
        }
        builtin_alert_hash = 0x0
        clen = 4
        slen = 0
        match = 0
...

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug regex/18713] Segmentation Fault in check_matching at regexec.c:1142

cvs-commit at gcc dot gnu.org
https://sourceware.org/bugzilla/show_bug.cgi?id=18713

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security?

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Could you please provide a complete test case?  I don't think the backtrace
includes the pattern which causes the crash.

--
You are receiving this mail because:
You are on the CC list for the bug.