From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23726 invoked by alias); 18 Feb 2005 04:55:44 -0000 Mailing-List: contact glibc-bugs-regex-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sources.redhat.com Received: (qmail 23198 invoked by uid 48); 18 Feb 2005 04:55:27 -0000 Date: Fri, 18 Feb 2005 04:55:00 -0000 From: "starfire01 at astrofrontiers dot com" To: glibc-bugs-regex@sources.redhat.com Message-ID: <20050218045523.751.starfire01@astrofrontiers.com> Reply-To: sourceware-bugzilla@sources.redhat.com Subject: [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' X-Bugzilla-Reason: CC X-SW-Source: 2005-02/txt/msg00003.txt.bz2 List-Id: Linux Version: RHEL4, FC3 When calling regcomp() with a pattern containing the beginning of line anchor character, e.g. "^MatchThis", recomp() is successful if the standard malloc library is used and fails when a replacement malloc library (e.g. mmalloc from gdb) is used. Debug output shows that regcomp makes a call to malloc with a zero byte size request, yet the standard malloc() returns a pointer to memory anyway, thereby allowing the call to complete. However, the replacement library returns a NULL upon a 0 byte size request which causes the call to core dump. Code snippet: printf( "Calling regcomp\n" ); if ( regcomp( &preg, "^Testpat", REG_NOSUB | REG_EXTENDED ) == 0 ) { printf( "Successfully compiled pattern\n" ); regfree( &preg ); } else { printf( "Failed to compile pattern\n" ); } Debug output: Calling regcomp ==> MALLOC 0x84f4008 256 ==> REALLOC 0x84f4110 (nil) 140 ==> MALLOC 0x84f41a0 72 ==> MALLOC 0x84f41f0 192 ==> MALLOC 0x84f42b8 1004 ==> MALLOC 0x84f46a8 36 ==> MALLOC 0x84f46d0 36 ==> MALLOC 0x84f46f8 108 ==> MALLOC 0x84f4768 108 ==> MALLOC 0x84f47d8 108 ==> MALLOC 0x84f4848 4 ==> MALLOC 0x84f4858 8 ==> REALLOC 0x84f4868 0x84f41a0 144 ==> REALLOC 0x84f41a0 0x84f46a8 72 ==> REALLOC 0x84f4900 0x84f46d0 72 ==> REALLOC 0x84f4950 0x84f46f8 216 ==> REALLOC 0x84f4a30 0x84f4768 216 ==> REALLOC 0x84f46f8 0x84f47d8 216 ==> MALLOC 0x84f47d8 4 ==> MALLOC 0x84f47e8 4 ==> MALLOC 0x84f47f8 4 ==> MALLOC 0x84f4808 4 ==> MALLOC 0x84f4818 4 ==> MALLOC 0x84f4828 4 ==> MALLOC 0x84f4838 4 ==> MALLOC 0x84f4b10 4 ==> MALLOC 0x84f4b20 4 ==> REALLOC 0x84f4b30 (nil) 8 ==> REALLOC 0x84f4b40 (nil) 8 ==> REALLOC 0x84f4b50 (nil) 8 ==> REALLOC 0x84f4b60 (nil) 8 ==> REALLOC 0x84f4b70 (nil) 8 ==> REALLOC 0x84f4b80 (nil) 8 ==> REALLOC 0x84f4b90 (nil) 8 ==> REALLOC 0x84f4ba0 (nil) 8 ==> REALLOC 0x84f4bb0 (nil) 8 ==> REALLOC 0x84f4bc0 (nil) 8 ==> MALLOC 0x84f4bd0 8 ==> MALLOC 0x84f4be0 52 ==> MALLOC 0x84f4c18 8 ==> MALLOC 0x84f4c28 12 ==> MALLOC 0x84f4c38 8 ==> MALLOC 0x84f4c48 0 *** NOTE 0 size call - fail point of replacement library ==> REALLOC 0x84f4c58 (nil) 8 ==> MALLOC 0x84f4c68 52 ==> MALLOC 0x84f4ca0 8 ==> MALLOC 0x84f4cb0 12 ==> MALLOC 0x84f4cc0 8 ==> MALLOC 0x84f4cd0 0 *** NOTE 0 size call ==> REALLOC 0x84f4ce0 (nil) 8 ==> MALLOC 0x84f4cf0 52 ==> MALLOC 0x84f4d28 8 ==> MALLOC 0x84f4d38 12 ==> MALLOC 0x84f4d48 8 ==> MALLOC 0x84f4d58 8 ==> REALLOC 0x84f4d68 (nil) 8 ==> MALLOC 0x84f4d78 52 ==> MALLOC 0x84f4db0 8 ==> MALLOC 0x84f4dc0 12 ==> MALLOC 0x84f4dd0 8 ==> MALLOC 0x84f4de0 8 ==> REALLOC 0x84f4df0 (nil) 8 ==> FREE 0x84f4bd0 ==> FREE 0x84f42b8 ==> FREE 0x84f4900 ==> FREE (nil) ==> FREE (nil) Successfully compiled pattern ==> FREE 0x84f41a0 ==> FREE 0x84f4858 ==> FREE 0x84f4b30 ==> FREE 0x84f4848 ==> FREE 0x84f47e8 ==> FREE 0x84f4b50 ==> FREE (nil) ==> FREE 0x84f47f8 ==> FREE 0x84f4b60 ==> FREE (nil) ==> FREE 0x84f4808 ==> FREE 0x84f4b70 ==> FREE (nil) ==> FREE 0x84f4818 ==> FREE 0x84f4b80 ==> FREE (nil) ==> FREE 0x84f4828 ==> FREE 0x84f4b90 ==> FREE (nil) ==> FREE 0x84f4838 ==> FREE 0x84f4ba0 ==> FREE (nil) ==> FREE 0x84f4b10 ==> FREE 0x84f4bb0 ==> FREE (nil) ==> FREE 0x84f4b20 ==> FREE 0x84f4bc0 ==> FREE (nil) ==> FREE 0x84f47d8 ==> FREE 0x84f4b40 ==> FREE (nil) ==> FREE 0x84f4950 ==> FREE 0x84f4a30 ==> FREE 0x84f46f8 ==> FREE 0x84f4868 ==> FREE (nil) ==> FREE 0x84f4de0 ==> FREE (nil) ==> FREE 0x84f4dd0 ==> FREE 0x84f4dc0 ==> FREE 0x84f4db0 ==> FREE (nil) ==> FREE 0x84f4d78 ==> FREE 0x84f4df0 ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE (nil) ==> FREE 0x84f4c48 ==> FREE (nil) ==> FREE 0x84f4c38 ==> FREE 0x84f4c28 ==> FREE 0x84f4c18 ==> FREE (nil) ==> FREE 0x84f4be0 ==> FREE 0x84f4c58 ==> FREE 0x84f4cd0 ==> FREE (nil) ==> FREE 0x84f4cc0 ==> FREE 0x84f4cb0 ==> FREE 0x84f4ca0 ==> FREE (nil) ==> FREE 0x84f4c68 ==> FREE 0x84f4ce0 ==> FREE 0x84f4d58 ==> FREE (nil) ==> FREE 0x84f4d48 ==> FREE 0x84f4d38 ==> FREE 0x84f4d28 ==> FREE (nil) ==> FREE 0x84f4cf0 ==> FREE 0x84f4d68 ==> FREE (nil) ==> FREE (nil) ==> FREE 0x84f41f0 ==> FREE (nil) ==> FREE (nil) ==> FREE 0x84f4110 ==> FREE 0x84f4008 ==> FREE (nil) The standard malloc appears to be forgiving in the case of a zero byte request that masks the regcomp call. I apologize if this is all expected behavior, however, it did impact my system when using a malloc that returned NULL upon a 0 byte request. -- Summary: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^' Product: glibc Version: 2.3.4 Status: NEW Severity: normal Priority: P2 Component: regex AssignedTo: gotom at debian dot or dot jp ReportedBy: starfire01 at astrofrontiers dot com CC: glibc-bugs-regex at sources dot redhat dot com,glibc- bugs at sources dot redhat dot com http://sources.redhat.com/bugzilla/show_bug.cgi?id=751 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.