public inbox for glibc-bugs-regex@sourceware.org
help / color / mirror / Atom feed
* [Bug regex/18037] New: infinite recursion (stack overflow) in regexec.c (sift_states_bkref->sift_states_backward->update_cur_sifted_state)
@ 2015-02-26 19:14 konstantin.s.serebryany at gmail dot com
2015-03-02 10:38 ` [Bug regex/18037] " fweimer at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: konstantin.s.serebryany at gmail dot com @ 2015-02-26 19:14 UTC (permalink / raw)
To: glibc-bugs-regex
https://sourceware.org/bugzilla/show_bug.cgi?id=18037
Bug ID: 18037
Summary: infinite recursion (stack overflow) in regexec.c
(sift_states_bkref->sift_states_backward->update_cur_s
ifted_state)
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: regex
Assignee: unassigned at sourceware dot org
Reporter: konstantin.s.serebryany at gmail dot com
CC: drepper.fsp at gmail dot com
#include <regex.h>
int main() {
regex_t r;
if (!regcomp(&r, "()\\1++", REG_EXTENDED))
regexec(&r, "foo.*bar", 0, 0, 0);
}
gcc -g re1.c && ./a.out
#0 0x00007ffff7aeb1ec in re_acquire_state (err=err@entry=0x7fffff7ff0e0,
dfa=dfa@entry=0x602120, nodes=nodes@entry=0x7fffff7ff190) at
regex_internal.c:1480
#1 0x00007ffff7aed91d in add_epsilon_src_nodes (candidates=0x602b38,
dest_nodes=0x7fffff7ff190, dfa=0x602120) at regexec.c:1825
#2 update_cur_sifted_state (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff290, str_idx=str_idx@entry=0,
dest_nodes=dest_nodes@entry=0x7fffff7ff190) at regexec.c:1789
#3 0x00007ffff7aee428 in sift_states_backward (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff290) at regexec.c:1614
#4 0x00007ffff7aedd69 in sift_states_bkref (candidates=0x602b38, str_idx=0,
sctx=<optimized out>, mctx=0x7fffffffdb50) at regexec.c:2199
#5 update_cur_sifted_state (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff440, str_idx=str_idx@entry=0,
dest_nodes=dest_nodes@entry=0x7fffff7ff340) at regexec.c:1810
#6 0x00007ffff7aee428 in sift_states_backward (mctx=mctx@entry=0x7fffffffdb50,
sctx=sctx@entry=0x7fffff7ff440) at regexec.c:1614
#7 0x00007ffff7aedd69 in sift_states_bkref (candidates=0x602b38, str_idx=0,
sctx=<optimized out>, mctx=0x7fffffffdb50) at regexec.c:2199
...
Reproduces on 2.19 and trunk.
I am not sure if this bug is too interesting by itself,
but my fuzzer hits it instantly and does not let me find anything more
exciting. (Same fuzzer as in bug 18032 and bug 18036)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug regex/18037] infinite recursion (stack overflow) in regexec.c (sift_states_bkref->sift_states_backward->update_cur_sifted_state)
2015-02-26 19:14 [Bug regex/18037] New: infinite recursion (stack overflow) in regexec.c (sift_states_bkref->sift_states_backward->update_cur_sifted_state) konstantin.s.serebryany at gmail dot com
@ 2015-03-02 10:38 ` fweimer at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: fweimer at redhat dot com @ 2015-03-02 10:38 UTC (permalink / raw)
To: glibc-bugs-regex
https://sourceware.org/bugzilla/show_bug.cgi?id=18037
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-03-02 10:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-26 19:14 [Bug regex/18037] New: infinite recursion (stack overflow) in regexec.c (sift_states_bkref->sift_states_backward->update_cur_sifted_state) konstantin.s.serebryany at gmail dot com
2015-03-02 10:38 ` [Bug regex/18037] " fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).