这是indexloc提供的服务,不要输入任何密码

GNU bug report logs - #34141
Stackoverflow triggered at lib/regexec.c:1948

Previous Next

Package: sed;

Reported by: Hongxu Chen <leftcopy.chx <at> gmail.com>

Date: Sun, 20 Jan 2019 05:59:01 UTC

Severity: normal

To reply to this bug, email your comments to 34141 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-sed <at> gnu.org:
bug#34141; Package sed. (Sun, 20 Jan 2019 05:59:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Hongxu Chen <leftcopy.chx <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-sed <at> gnu.org. (Sun, 20 Jan 2019 05:59:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hongxu Chen <leftcopy.chx <at> gmail.com>
To: bug-sed <at> gnu.org
Subject: Stackoverflow triggered at lib/regexec.c:1948
Date: Sun, 20 Jan 2019 13:58:01 +0800

[Message part 1 (text/plain, inline)]
Hi,

    Latest sed (4.7.4-f8503-dirty; and prior to this, e.g. 4.4) may trigger
a stack overflow error by executing the following command.

    echo 0 | ./sed '/\(\)\(\1\(\)\1\(\)\)*/c0'    # equivalently sed -f
c01.sed c01.in

    ASan reports like this:
AddressSanitizer:DEADLYSIGNAL



=================================================================



==26879==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea609bff8
(pc 0x0000005b0b76 bp 0x7ffea609c090 sp 0x7ffea609bf20 T0)


    #0 0x5b0b75 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18


    #1 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #2 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #3 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #4 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #5 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #6 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #7 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
...
    #247 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #248 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #249 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7






SUMMARY: AddressSanitizer: stack-overflow
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18 in
check_dst_limits_calc_pos_1

==26879==ABORTING

Best Regards,
Hongxu

[Message part 2 (text/html, inline)]
[c01.in (application/octet-stream, attachment)]
[c01.sed (application/octet-stream, attachment)]
[c01.asan (application/octet-stream, attachment)]
Information forwarded to bug-sed <at> gnu.org:
bug#34141; Package sed. (Sun, 20 Jan 2019 09:22:01 GMT) Full text and rfc822 format available.

Message #8 received at 34141 <at> debbugs.gnu.org (full text, mbox):

From: Assaf Gordon <assafgordon <at> gmail.com>
To: Hongxu Chen <leftcopy.chx <at> gmail.com>, 34141 <at> debbugs.gnu.org,
 "bug-gnulib <at> gnu.org List" <bug-gnulib <at> gnu.org>
Subject: Re: bug#34141: Stackoverflow triggered at lib/regexec.c:1948
Date: Sun, 20 Jan 2019 02:20:57 -0700

(forwarding to gnulib)

Hello,

Hongxu Chen reported a stack-overflow in regexec.
I suspect it is the same as the one reported here:
  https://lists.gnu.org/r/bug-gnulib/2018-09/msg00066.html

But just in case, the full report is below.

regards,
 - assaf

On 2019-01-19 10:58 p.m., Hongxu Chen wrote:
> Hi,
> 
>      Latest sed (4.7.4-f8503-dirty; and prior to this, e.g. 4.4) may trigger
> a stack overflow error by executing the following command.
> 
>      echo 0 | ./sed '/\(\)\(\1\(\)\1\(\)\)*/c0'    # equivalently sed -f
> c01.sed c01.in
> 
>      ASan reports like this:
> AddressSanitizer:DEADLYSIGNAL
> 
> 
> 
> =================================================================
> 
> 
> 
> ==26879==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea609bff8
> (pc 0x0000005b0b76 bp 0x7ffea609c090 sp 0x7ffea609bf20 T0)
> 
> 
>      #0 0x5b0b75 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18
> 
> 
>      #1 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #2 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #3 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #4 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #5 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #6 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #7 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> ...
>      #247 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #248 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
>      #249 0x5b0ed3 in check_dst_limits_calc_pos_1
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
> 
> 
> 
> 
> 
> 
> SUMMARY: AddressSanitizer: stack-overflow
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18 in
> check_dst_limits_calc_pos_1
> 
> ==26879==ABORTING
> 
> Best Regards,
> Hongxu
>
This bug report was last modified 6 years and 188 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.