From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28828 invoked by alias); 11 Mar 2011 05:13:37 -0000 Received: (qmail 28816 invoked by uid 22791); 11 Mar 2011 05:13:35 -0000 X-SWARE-Spam-Status: No, hits=-51.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TW_EG X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 11 Mar 2011 05:13:31 +0000 From: "vapier at gentoo dot org" To: glibc-bugs-regex@sources.redhat.com Subject: [Bug regex/12567] New: regexec leaks mem when used multiple times X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vapier at gentoo dot org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Fri, 11 Mar 2011 05:13:00 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org X-SW-Source: 2011-03/txt/msg00000.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=12567 Summary: regexec leaks mem when used multiple times Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: regex AssignedTo: drepper.fsp@gmail.com ReportedBy: vapier@gentoo.org Created attachment 5291 --> http://sourceware.org/bugzilla/attachment.cgi?id=5291 problem.c from Luis Fernando Schultz Xavier da Silveira: The function regexec leaks memory if the same regex_t structure is fed to multiple inputs. The leak is so dramatic it appears to be at least linear in the amount of text fed. Given a regular expression of size m and a text of size n, regcomp is supposed to run in O(m), regexec in O(mn) and regfree in O(m). Even if the implementation chooses to adopt another strategy with different time complexities, this is still a bug because the calls to regexec should be independent. Accumulation of memory between calls is surely a bug. I will attach an example program. The regex accepts any string with at least 499 characters such that the 498-th last one (the 0-th being the last one) is 'a'. This regex is compiled and is run against successive random strings of length 1024. The cflags is REG_NOSUB and the eflags is 0. The regular expression is prefixed with '^' and suffixed with '$'. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.