[Bug regex/23609] New: regex backreference heap errors

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug regex/23609] New: regex backreference heap errors

glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=23609

            Bug ID: 23609
           Summary: regex backreference heap errors
           Product: glibc
           Version: 2.28
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: regex
          Assignee: unassigned at sourceware dot org
          Reporter: eggert at cs dot ucla.edu
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Created attachment 11231
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11231&action=edit
Patch for use-after-free bug, from Assaf Gordon

In <https://debbugs.gnu.org/32592#14> Saito Takaaki reported that a friend
found a bug in GNU sed regex handling, and Assaf Gordon has found that this was
due to use-after-free relating to the back-references. Assaf has a fix, which
I'm attaching.

In that same thread, Jim Meyering noted <https://debbugs.gnu.org/32592#35> that
there was some seemingly-useless code immediately after Assaf's bug fix. I have
looked into this, and it turns out that this code does not properly report an
error when heap allocation fails; instead, it just trudges onward and does
goodness knows what. I'll attach a second patch for this nearby bug.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug regex/23609] regex backreference heap errors

glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=23609

--- Comment #2 from eggert at cs dot ucla.edu ---
Assaf Gordon writes in <https://debbugs.gnu.org/32592#41> that the
use-after-free bug was already reported as Bug#18040. The two bug reports
should be merged.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug regex/23609] regex backreference heap errors

glaubitz at physik dot fu-berlin.de
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=23609

--- Comment #1 from eggert at cs dot ucla.edu ---
Created attachment 11232
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11232&action=edit
Patch for heap-exhaustion bug

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug regex/23609] regex backreference heap errors

glaubitz at physik dot fu-berlin.de
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=23609

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug regex/23609] regex backreference heap errors

glaubitz at physik dot fu-berlin.de
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=23609

eggert at cs dot ucla.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #3 from eggert at cs dot ucla.edu ---
As I mentioned in Comment 2, this is the same bug as Bug#18040. Resolving it as
a duplicate.

*** This bug has been marked as a duplicate of bug 18040 ***

--
You are receiving this mail because:
You are on the CC list for the bug.