public inbox for glibc-bugs-regex@sourceware.org
help / color / mirror / Atom feed
* [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
@ 2005-02-18 4:55 starfire01 at astrofrontiers dot com
2005-02-18 21:09 ` [Bug regex/751] " starfire01 at astrofrontiers dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: starfire01 at astrofrontiers dot com @ 2005-02-18 4:55 UTC (permalink / raw)
To: glibc-bugs-regex
Linux Version: RHEL4, FC3
When calling regcomp() with a pattern containing the beginning of line anchor
character, e.g. "^MatchThis", recomp() is successful if the standard malloc
library is used and fails when a replacement malloc library (e.g. mmalloc from
gdb) is used.
Debug output shows that regcomp makes a call to malloc with a zero byte size
request, yet the standard malloc() returns a pointer to memory anyway, thereby
allowing the call to complete. However, the replacement library returns a NULL
upon a 0 byte size request which causes the call to core dump.
Code snippet:
printf( "Calling regcomp\n" );
if ( regcomp( &preg, "^Testpat", REG_NOSUB | REG_EXTENDED ) == 0 )
{
printf( "Successfully compiled pattern\n" );
regfree( &preg );
}
else
{
printf( "Failed to compile pattern\n" );
}
Debug output:
Calling regcomp
==> MALLOC 0x84f4008 256
==> REALLOC 0x84f4110 (nil) 140
==> MALLOC 0x84f41a0 72
==> MALLOC 0x84f41f0 192
==> MALLOC 0x84f42b8 1004
==> MALLOC 0x84f46a8 36
==> MALLOC 0x84f46d0 36
==> MALLOC 0x84f46f8 108
==> MALLOC 0x84f4768 108
==> MALLOC 0x84f47d8 108
==> MALLOC 0x84f4848 4
==> MALLOC 0x84f4858 8
==> REALLOC 0x84f4868 0x84f41a0 144
==> REALLOC 0x84f41a0 0x84f46a8 72
==> REALLOC 0x84f4900 0x84f46d0 72
==> REALLOC 0x84f4950 0x84f46f8 216
==> REALLOC 0x84f4a30 0x84f4768 216
==> REALLOC 0x84f46f8 0x84f47d8 216
==> MALLOC 0x84f47d8 4
==> MALLOC 0x84f47e8 4
==> MALLOC 0x84f47f8 4
==> MALLOC 0x84f4808 4
==> MALLOC 0x84f4818 4
==> MALLOC 0x84f4828 4
==> MALLOC 0x84f4838 4
==> MALLOC 0x84f4b10 4
==> MALLOC 0x84f4b20 4
==> REALLOC 0x84f4b30 (nil) 8
==> REALLOC 0x84f4b40 (nil) 8
==> REALLOC 0x84f4b50 (nil) 8
==> REALLOC 0x84f4b60 (nil) 8
==> REALLOC 0x84f4b70 (nil) 8
==> REALLOC 0x84f4b80 (nil) 8
==> REALLOC 0x84f4b90 (nil) 8
==> REALLOC 0x84f4ba0 (nil) 8
==> REALLOC 0x84f4bb0 (nil) 8
==> REALLOC 0x84f4bc0 (nil) 8
==> MALLOC 0x84f4bd0 8
==> MALLOC 0x84f4be0 52
==> MALLOC 0x84f4c18 8
==> MALLOC 0x84f4c28 12
==> MALLOC 0x84f4c38 8
==> MALLOC 0x84f4c48 0 *** NOTE 0 size call - fail point of
replacement library
==> REALLOC 0x84f4c58 (nil) 8
==> MALLOC 0x84f4c68 52
==> MALLOC 0x84f4ca0 8
==> MALLOC 0x84f4cb0 12
==> MALLOC 0x84f4cc0 8
==> MALLOC 0x84f4cd0 0 *** NOTE 0 size call
==> REALLOC 0x84f4ce0 (nil) 8
==> MALLOC 0x84f4cf0 52
==> MALLOC 0x84f4d28 8
==> MALLOC 0x84f4d38 12
==> MALLOC 0x84f4d48 8
==> MALLOC 0x84f4d58 8
==> REALLOC 0x84f4d68 (nil) 8
==> MALLOC 0x84f4d78 52
==> MALLOC 0x84f4db0 8
==> MALLOC 0x84f4dc0 12
==> MALLOC 0x84f4dd0 8
==> MALLOC 0x84f4de0 8
==> REALLOC 0x84f4df0 (nil) 8
==> FREE 0x84f4bd0
==> FREE 0x84f42b8
==> FREE 0x84f4900
==> FREE (nil)
==> FREE (nil)
Successfully compiled pattern
==> FREE 0x84f41a0
==> FREE 0x84f4858
==> FREE 0x84f4b30
==> FREE 0x84f4848
==> FREE 0x84f47e8
==> FREE 0x84f4b50
==> FREE (nil)
==> FREE 0x84f47f8
==> FREE 0x84f4b60
==> FREE (nil)
==> FREE 0x84f4808
==> FREE 0x84f4b70
==> FREE (nil)
==> FREE 0x84f4818
==> FREE 0x84f4b80
==> FREE (nil)
==> FREE 0x84f4828
==> FREE 0x84f4b90
==> FREE (nil)
==> FREE 0x84f4838
==> FREE 0x84f4ba0
==> FREE (nil)
==> FREE 0x84f4b10
==> FREE 0x84f4bb0
==> FREE (nil)
==> FREE 0x84f4b20
==> FREE 0x84f4bc0
==> FREE (nil)
==> FREE 0x84f47d8
==> FREE 0x84f4b40
==> FREE (nil)
==> FREE 0x84f4950
==> FREE 0x84f4a30
==> FREE 0x84f46f8
==> FREE 0x84f4868
==> FREE (nil)
==> FREE 0x84f4de0
==> FREE (nil)
==> FREE 0x84f4dd0
==> FREE 0x84f4dc0
==> FREE 0x84f4db0
==> FREE (nil)
==> FREE 0x84f4d78
==> FREE 0x84f4df0
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE 0x84f4c48
==> FREE (nil)
==> FREE 0x84f4c38
==> FREE 0x84f4c28
==> FREE 0x84f4c18
==> FREE (nil)
==> FREE 0x84f4be0
==> FREE 0x84f4c58
==> FREE 0x84f4cd0
==> FREE (nil)
==> FREE 0x84f4cc0
==> FREE 0x84f4cb0
==> FREE 0x84f4ca0
==> FREE (nil)
==> FREE 0x84f4c68
==> FREE 0x84f4ce0
==> FREE 0x84f4d58
==> FREE (nil)
==> FREE 0x84f4d48
==> FREE 0x84f4d38
==> FREE 0x84f4d28
==> FREE (nil)
==> FREE 0x84f4cf0
==> FREE 0x84f4d68
==> FREE (nil)
==> FREE (nil)
==> FREE 0x84f41f0
==> FREE (nil)
==> FREE (nil)
==> FREE 0x84f4110
==> FREE 0x84f4008
==> FREE (nil)
The standard malloc appears to be forgiving in the case of a zero byte request
that masks the regcomp call.
I apologize if this is all expected behavior, however, it did impact my system
when using a malloc that returned NULL upon a 0 byte request.
--
Summary: regcomp calls malloc with 0 byte request size when
pattern begins with BOL anchor '^'
Product: glibc
Version: 2.3.4
Status: NEW
Severity: normal
Priority: P2
Component: regex
AssignedTo: gotom at debian dot or dot jp
ReportedBy: starfire01 at astrofrontiers dot com
CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=751
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/751] regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
2005-02-18 4:55 [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' starfire01 at astrofrontiers dot com
@ 2005-02-18 21:09 ` starfire01 at astrofrontiers dot com
2005-09-27 1:02 ` drepper at redhat dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: starfire01 at astrofrontiers dot com @ 2005-02-18 21:09 UTC (permalink / raw)
To: glibc-bugs-regex
------- Additional Comments From starfire01 at astrofrontiers dot com 2005-02-18 21:09 -------
Additional comment:
A correction, recomp actually returns a REG_ESPACE error and does not core dump
as previously mentioned. The application did core dump at a later time due to
the failed call.
--
http://sources.redhat.com/bugzilla/show_bug.cgi?id=751
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/751] regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
2005-02-18 4:55 [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' starfire01 at astrofrontiers dot com
2005-02-18 21:09 ` [Bug regex/751] " starfire01 at astrofrontiers dot com
@ 2005-09-27 1:02 ` drepper at redhat dot com
2005-09-27 1:55 ` starfire01 at astrofrontiers dot com
2005-09-27 6:53 ` aj at suse dot de
3 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2005-09-27 1:02 UTC (permalink / raw)
To: glibc-bugs-regex
------- Additional Comments From drepper at redhat dot com 2005-09-27 01:01 -------
regcomp does not return an error for the code you showed for me. And your
second comment is confusing. So, what is the deal? I see no error and am
inclined to just close the bug.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |WAITING
http://sourceware.org/bugzilla/show_bug.cgi?id=751
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/751] regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
2005-02-18 4:55 [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' starfire01 at astrofrontiers dot com
2005-02-18 21:09 ` [Bug regex/751] " starfire01 at astrofrontiers dot com
2005-09-27 1:02 ` drepper at redhat dot com
@ 2005-09-27 1:55 ` starfire01 at astrofrontiers dot com
2005-09-27 6:53 ` aj at suse dot de
3 siblings, 0 replies; 5+ messages in thread
From: starfire01 at astrofrontiers dot com @ 2005-09-27 1:55 UTC (permalink / raw)
To: glibc-bugs-regex
------- Additional Comments From starfire01 at astrofrontiers dot com 2005-09-27 01:55 -------
Subject: Re: regcomp calls malloc with 0 byte request size
when pattern begins with BOL anchor '^'
It's been over seven months since the submission, so I have no comment
as to why it cannot be reproduced other than the fact that changes have
been made to avoid the problem. Close the bug report if you see fit. I
was just trying to chip in.
Bruce
(Starfire-1)
On Tue, 2005-09-27 at 01:01 +0000, drepper at redhat dot com wrote:
> ------- Additional Comments From drepper at redhat dot com 2005-09-27 01:01 -------
> regcomp does not return an error for the code you showed for me. And your
> second comment is confusing. So, what is the deal? I see no error and am
> inclined to just close the bug.
>
--
http://sourceware.org/bugzilla/show_bug.cgi?id=751
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/751] regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
2005-02-18 4:55 [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' starfire01 at astrofrontiers dot com
` (2 preceding siblings ...)
2005-09-27 1:55 ` starfire01 at astrofrontiers dot com
@ 2005-09-27 6:53 ` aj at suse dot de
3 siblings, 0 replies; 5+ messages in thread
From: aj at suse dot de @ 2005-09-27 6:53 UTC (permalink / raw)
To: glibc-bugs-regex
------- Additional Comments From aj at suse dot de 2005-09-27 06:53 -------
Ok, let's resolve the bug as worksforme...
--
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |RESOLVED
Resolution| |WORKSFORME
http://sourceware.org/bugzilla/show_bug.cgi?id=751
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-09-27 6:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-02-18 4:55 [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' starfire01 at astrofrontiers dot com
2005-02-18 21:09 ` [Bug regex/751] " starfire01 at astrofrontiers dot com
2005-09-27 1:02 ` drepper at redhat dot com
2005-09-27 1:55 ` starfire01 at astrofrontiers dot com
2005-09-27 6:53 ` aj at suse dot de
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).