public inbox for glibc-bugs-regex@sourceware.org
help / color / mirror / Atom feed
From: "konstantin.s.serebryany at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs-regex@sourceware.org
Subject: [Bug regex/18037] New: infinite recursion (stack overflow) in regexec.c (sift_states_bkref->sift_states_backward->update_cur_sifted_state)
Date: Thu, 26 Feb 2015 19:14:00 -0000 [thread overview]
Message-ID: <bug-18037-132@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=18037
Bug ID: 18037
Summary: infinite recursion (stack overflow) in regexec.c
(sift_states_bkref->sift_states_backward->update_cur_s
ifted_state)
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: regex
Assignee: unassigned at sourceware dot org
Reporter: konstantin.s.serebryany at gmail dot com
CC: drepper.fsp at gmail dot com
#include <regex.h>
int main() {
regex_t r;
if (!regcomp(&r, "()\\1++", REG_EXTENDED))
regexec(&r, "foo.*bar", 0, 0, 0);
}
gcc -g re1.c && ./a.out
#0 0x00007ffff7aeb1ec in re_acquire_state (err=err@entry=0x7fffff7ff0e0,
dfa=dfa@entry=0x602120, nodes=nodes@entry=0x7fffff7ff190) at
regex_internal.c:1480
#1 0x00007ffff7aed91d in add_epsilon_src_nodes (candidates=0x602b38,
dest_nodes=0x7fffff7ff190, dfa=0x602120) at regexec.c:1825
#2 update_cur_sifted_state (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff290, str_idx=str_idx@entry=0,
dest_nodes=dest_nodes@entry=0x7fffff7ff190) at regexec.c:1789
#3 0x00007ffff7aee428 in sift_states_backward (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff290) at regexec.c:1614
#4 0x00007ffff7aedd69 in sift_states_bkref (candidates=0x602b38, str_idx=0,
sctx=<optimized out>, mctx=0x7fffffffdb50) at regexec.c:2199
#5 update_cur_sifted_state (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff440, str_idx=str_idx@entry=0,
dest_nodes=dest_nodes@entry=0x7fffff7ff340) at regexec.c:1810
#6 0x00007ffff7aee428 in sift_states_backward (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff440) at regexec.c:1614
#7 0x00007ffff7aedd69 in sift_states_bkref (candidates=0x602b38, str_idx=0,
sctx=<optimized out>, mctx=0x7fffffffdb50) at regexec.c:2199
...
Reproduces on 2.19 and trunk.
I am not sure if this bug is too interesting by itself,
but my fuzzer hits it instantly and does not let me find anything more
exciting. (Same fuzzer as in bug 18032 and bug 18036)
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2015-02-26 19:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-26 19:14 konstantin.s.serebryany at gmail dot com [this message]
2015-03-02 10:38 ` [Bug regex/18037] " fweimer at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-18037-132@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs-regex@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).