GNU bug report logs -
#44538
grep -E might exhaust stack space
Previous Next
To reply to this bug, email your comments to 44538 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-grep <at> gnu.org
:
bug#44538
; Package
grep
.
(Mon, 09 Nov 2020 17:45:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
JIang Yuancheng <0599jiangyc <at> gmail.com>
:
New bug report received and forwarded. Copy sent to
bug-grep <at> gnu.org
.
(Mon, 09 Nov 2020 17:45:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
grep -E “.*{10,}{10,}{10,}{10,}{10,}” can exhaust stack space then stack overflow comes out. (Tested on latest version 3.6)
jyc <at> ubuntu18:~/GREP/grep-3.6/src$ ./grep -E ".*{10,}{10,}{10,}{10,}{10,}"
grep: stack overflow
Gdb information:
[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x20 (' ')
RCX: 0x555555799010 --> 0x705070701010700
RDX: 0x0
RSI: 0x8
RDI: 0x7ffff7b5dc40 --> 0x0
RBP: 0xffffffffffffffb0
RSP: 0x7fffff7fefa0
RIP: 0x7ffff780637e (<_int_malloc+62>: mov QWORD PTR [rsp+0x8],rsi)
R8 : 0x68b1d
R9 : 0x0
R10: 0x555555799010 --> 0x705070701010700
R11: 0x0
R12: 0x7ffff4d228f8 --> 0x0
R13: 0x3458e8
R14: 0x0
R15: 0x55555579e460 --> 0x7ffff545e010 --> 0x2e ('.')
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x7ffff7806373 <_int_malloc+51>: test al,al
0x7ffff7806375 <_int_malloc+53>: jne 0x7ffff7806a58 <_int_malloc+1816>
0x7ffff780637b <_int_malloc+59>: test rdi,rdi
=> 0x7ffff780637e <_int_malloc+62>: mov QWORD PTR [rsp+0x8],rsi
0x7ffff7806383 <_int_malloc+67>: mov r14,rdi
0x7ffff7806386 <_int_malloc+70>: je 0x7ffff7806a38 <_int_malloc+1784>
0x7ffff780638c <_int_malloc+76>: mov r15d,ebx
0x7ffff780638f <_int_malloc+79>: shr r15d,0x4
[------------------------------------stack-------------------------------------]
Invalid $SP address: 0x7fffff7fefa0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff780637e in _int_malloc (av=av <at> entry=0x7ffff7b5dc40 <main_arena>, bytes=bytes <at> entry=0x8)
at malloc.c:3557
3557 malloc.c: No such file or directory.
ASAN:
=================================================================
==12861==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9c8afc8 (pc 0x7f9f6989dd2e bp 0x7fffe9c8b060 sp 0x7fffe9c8afd0 T0)
#0 0x7f9f6989dd2d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
#1 0x7f9f69954b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
#2 0x555aa36928ec in re_node_set_alloc /home/jyc/GREP/grep-3.6/lib/regex_internal.c:973
#3 0x555aa369f8cf in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1700
#4 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#5 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#6 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
…
#248 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#249 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
#250 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
SUMMARY: AddressSanitizer: stack-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
==12861==ABORTING
Thanks,
Yuancheng
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-grep <at> gnu.org
:
bug#44538
; Package
grep
.
(Sat, 28 Aug 2021 01:27:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 44538 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 11/9/20 9:34 AM, JIang Yuancheng wrote:
> grep -E “.*{10,}{10,}{10,}{10,}{10,}” can exhaust stack space then stack overflow comes out. (Tested on latest version 3.6)
This is a longstanding issue with the regex matcher. I installed the
attached patch to document the issue better. Fortunately, the problem is
mostly limited to contrived examples.
[0001-doc-document-interval-expression-limitations.patch (text/x-patch, attachment)]
Severity set to 'wishlist' from 'normal'
Request was from
Paul Eggert <eggert <at> cs.ucla.edu>
to
control <at> debbugs.gnu.org
.
(Sat, 28 Aug 2021 01:29:01 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 26 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.