public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "daniel.kruegler at googlemail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/61543] static_cast<void *>(static_cast<int>(enum_value)) doesn't get an error
Date: Tue, 24 Jun 2014 19:22:00 -0000 [thread overview]
Message-ID: <bug-61543-4-FdQj3F2X1U@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-61543-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61543
--- Comment #3 from Daniel Krügler <daniel.kruegler at googlemail dot com> ---
(In reply to Vaughn Cato from comment #2)
> I'm not sure it is related to bug 49171.
I agree and withdraw my previous comparison. I didn't notice that the result of
the conversion is not used within a context that would require a constant
expression.
>From gcc-bugs-return-454831-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Tue Jun 24 19:37:46 2014
Return-Path: <gcc-bugs-return-454831-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 30229 invoked by alias); 24 Jun 2014 19:37:46 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 30206 invoked by uid 48); 24 Jun 2014 19:37:42 -0000
From: "max at cert dot cx" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/61582] C11 regex memory corruption
Date: Tue, 24 Jun 2014 19:37:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libstdc++
X-Bugzilla-Version: unknown
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: max at cert dot cx
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-61582-4-YzeZfmE39m@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-61582-4@http.gcc.gnu.org/bugzilla/>
References: <bug-61582-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-06/txt/msg01913.txt.bz2
Content-length: 5173
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582
--- Comment #2 from Maksymilian A <max at cert dot cx> ---
Sorry for mistake.
Could you check this again ?
cx@cx:~/REstd11/kozak5$ ~/gcc49/bin/g++ -v
Using built-in specs.
COLLECT_GCC=/home/cx/gcc49/bin/g++
COLLECT_LTO_WRAPPER=/home/cx/gcc49/libexec/gcc/x86_64-unknown-linux-gnu/4.9.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /home/cx/gcc49/source/gcc-4.9.0/configure --disable-multilib
--prefix=/home/cx/gcc49
Thread model: posix
gcc version 4.9.0 (GCC)
cx@cx:~/REstd11/kozak5$ cat c11re.c
#include <iostream>
#include <string>
#include <regex>
using namespace std;
int main (int argc, char *argv[])
{
if (std::regex_match ("GNUj", std::regex(argv[1]) ))
std::cout << "ELO\n";
return 0;
}
cx@cx:~/REstd11/kozak5$ ~/gcc49/bin/g++ -o c11re c11re.c -std=c++11
cx@cx:~/REstd11/kozak5$ ./c11re '((x|'
terminate called after throwing an instance of 'std::regex_error'
what(): regex_error
Przerwane (core dumped)
cx@cx:~/REstd11/kozak5$ ./c11re '((.*)()?*{100})'
Naruszenie ochrony pamięci (core dumped)
cx@cx:~/REstd11/kozak5$
(gdb) r '((.*)()?*{100})'
Starting program: /home/cx/REstd11/kozak5/./c11re '((.*)()?*{100})'
Program received signal SIGSEGV, Segmentation fault.
0x0000000000402f15 in std::_Bit_reference::operator bool() const
()
(gdb) x/i $rip
=> 0x402f15 <_ZNKSt14_Bit_referencecvbEv+15>:
mov (%rax),%rdx
(gdb) i r
rax 0x200000000063a128 2305843009220223272
rbx 0xffffffffffffffff -1
rcx 0x200000000063a128 2305843009220223272
rdx 0x8000000000000000 -9223372036854775808
rsi 0x200000000063a128 2305843009220223272
rdi 0x7fffffffd350 140737488343888
rbp 0x7fffffffd310 0x7fffffffd310
rsp 0x7fffffffd310 0x7fffffffd310
r8 0x2 2
r9 0x20 32
r10 0x3 3
r11 0x7ffff75b5798 140737343346584
r12 0x402880 4204672
r13 0x7fffffffe260 140737488347744
r14 0x0 0
r15 0x0 0
=> 0x402f15 <_ZNKSt14_Bit_referencecvbEv+15>:
rip 0x402f15 0x402f15 <std::_Bit_reference::operator bool()
const+15>
...
#0 0x0000000000402f15 in std::_Bit_reference::operator bool() const ()
#1 0x000000000040a1bc in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#2 0x000000000040a275 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#3 0x000000000040a493 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#4 0x000000000040a28f in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#5 0x000000000040a3a5 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#6 0x000000000040a3a5 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits---Type <return>
to continue, or q <return> to quit---
<char>, false>::_M_dfs<true>(long) ()
#7 0x000000000040a3a5 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#8 0x0000000000407ee0 in bool std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_main<true>() ()
#9 0x0000000000406172 in std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_match() ()
#10 0x0000000000404cf5 in bool std::__detail::__regex_algo_impl<char const*,
std::allocator<std::sub_match<char const*> >, char, std::regex_traits<char>,
(std::__detail::_RegexExecutorPolicy)0, true>(char const*, char const*,
std::match_results<char const*, std::allocator<std::sub_match<char const*> >
>&, std::basic_regex<char, std::regex_traits<char> > const&,
std::regex_constants::match_flag_type) ()
#11 0x000000000040449e in bool std::regex_match<char const*,
std::allocator<std::sub_match<char const*> >, char, std::regex_traits<c---Type
<return> to continue, or q <return> to quit---
har> >(char const*, char const*, std::match_results<char const*,
std::allocator<std::sub_match<char const*> > >&, std::basic_regex<char,
std::regex_traits<char> > const&, std::regex_constants::match_flag_type) ()
#12 0x000000000040405c in bool std::regex_match<char const*, char,
std::regex_traits<char> >(char const*, char const*, std::basic_regex<char,
std::regex_traits<char> > const&, std::regex_constants::match_flag_type) ()
#13 0x0000000000403d4c in bool std::regex_match<char, std::regex_traits<char>
>(char const*, std::basic_regex<char, std::regex_traits<char> > const&,
std::regex_constants::match_flag_type) ()
#14 0x0000000000402a5f in main ()
>From gcc-bugs-return-454832-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Tue Jun 24 19:44:41 2014
Return-Path: <gcc-bugs-return-454832-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 2636 invoked by alias); 24 Jun 2014 19:44:41 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 2616 invoked by uid 48); 24 Jun 2014 19:44:38 -0000
From: "max at cert dot cx" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/61601] New: C11 regex resource exhaustion
Date: Tue, 24 Jun 2014 19:44:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c++
X-Bugzilla-Version: 4.9.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: max at cert dot cx
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-61601-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-06/txt/msg01914.txt.bz2
Content-length: 1503
https://gcc.gnu.org/bugzilla/show_bug.cgi?ida601
Bug ID: 61601
Summary: C11 regex resource exhaustion
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: max at cert dot cx
cx@cx:~/REstd11/kozak5$ ~/gcc49/bin/g++ -v
Using built-in specs.
COLLECT_GCC=/home/cx/gcc49/bin/g++
COLLECT_LTO_WRAPPER=/home/cx/gcc49/libexec/gcc/x86_64-unknown-linux-gnu/4.9.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /home/cx/gcc49/source/gcc-4.9.0/configure --disable-multilib
--prefix=/home/cx/gcc49
Thread model: posix
gcc version 4.9.0 (GCC)
cx@cx:~/REstd11/kozak5$ ~/gcc49/bin/g++ -o regr regr.cpp
-std=c++11cx@cx:~/REstd11/kozak5$ cat ./regr.cpp
#include <regex>
using namespace std;
int main (int argc, char *argv[])
{
string input;
regex r(argv[1]);
return 0;
}
Memory Resource Exhaustion
cx@cx:~/REstd11/kozak5$ ./regr
'((.*)$1{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100}{100})'
expected: error_complexity
CPU Resource Exhaustion
cx@cx:~/REstd11/kozak5$ ./regr '((.*)((.*){10}(.*{2444444444,1})'
# ps -aux
cx 13836 99.9 5.8 666828 442248 pts/3 R+ cze23 577:46 ./regr
((.*)((.*){10}(.*{2444444444,1})
expected: error_space
BR,
Maksymilian Arciemowicz
next prev parent reply other threads:[~2014-06-24 19:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-18 1:50 [Bug c++/61543] New: " vcato1701 at yahoo dot com
2014-06-24 18:37 ` [Bug c++/61543] " daniel.kruegler at googlemail dot com
2014-06-24 19:20 ` vcato1701 at yahoo dot com
2014-06-24 19:22 ` daniel.kruegler at googlemail dot com [this message]
2021-08-05 3:27 ` pinskia at gcc dot gnu.org
2021-08-05 15:33 ` redi at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-61543-4-FdQj3F2X1U@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).