[pcre-dev] [Bug 843] PCRE library segfaults on random input

Top Page
Delete this message
Author: Mark
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 843] PCRE library segfaults on random input
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=843

Mark <markghayden@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|7.6                         |7.8





--- Comment #2 from Mark <markghayden@???> 2009-04-21 20:14:41 ---
(1) I haven't tried 7.9. Actually, I looks as though I was incorrect on the
version. I'm using 7.8-2 (Debian testing).

(2) It doesn't look like a stack problem to me from the gdb stacktrace below or
the valgrind output of the test program.

I hope the small test program is helpful for you.

best, Mark



Current directory is ~/spool/
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) run

Program received signal SIGSEGV, Segmentation fault.
pcreposix_regexec (preg=0x7fffb94b1220, string=0x4009a4 "5(]", nmatch=0,
pmatch=0x0, eflags=0) at pcreposix.c:273
273     pcreposix.c: No such file or directory.
        in pcreposix.c
(gdb) bt
#0  pcreposix_regexec (preg=0x7fffb94b1220, string=0x4009a4 "5(]", nmatch=0,
pmatch=0x0, eflags=0) at pcreposix.c:273
#1  0x0000000000400821 in test1 (regexp_s=0x4009a8
"Pp\\,-`],6QdE=%(bbjg8=g5DZao4D8^fM'I/>#Pw]XSjiFI@(?+a2l#t*1(HDA",
match_s=0x4009a4 "5(]") at regexp.c:29
#2  0x0000000000400887 in main () at regexp.c:49
(gdb) 



nfs2% valgrind ./regexp
==19601== Memcheck, a memory error detector.
==19601== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==19601== Using LibVEX rev 1884, a library for dynamic binary translation.
==19601== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==19601== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation
framework.
==19601== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==19601== For more details, rerun with: -v
==19601== 
==19601== Invalid read of size 4
==19601==    at 0x4E27ACF: pcreposix_regexec (pcreposix.c:273)
==19601==    by 0x400820: test1 (regexp.c:29)
==19601==    by 0x400886: main (regexp.c:49)
==19601==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==19601== 
==19601== Process terminating with default action of signal 11 (SIGSEGV)
==19601==  Access not within mapped region at address 0x8
==19601==    at 0x4E27ACF: pcreposix_regexec (pcreposix.c:273)
==19601==    by 0x400820: test1 (regexp.c:29)
==19601==    by 0x400886: main (regexp.c:49)
==19601==  If you believe this happened as a result of a stack overflow in your
==19601==  program's main thread (unlikely but possible), you can try to
increase
==19601==  the size of the main thread stack using the --main-stacksize= flag.
==19601==  The main thread stack size used in this run was 8720384.
==19601== 
==19601== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==19601== malloc/free: in use at exit: 0 bytes in 0 blocks.
==19601== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==19601== For counts of detected errors, rerun with: -v
==19601== All heap blocks were freed -- no leaks are possible.
Segmentation fault



--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email