https://sourceware.org/bugzilla/show_bug.cgi?id=24114 eggert at cs dot ucla.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Component|libc |regex -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-871-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Thu Jan 31 03:20:08 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 44460 invoked by alias); 31 Jan 2019 03:20:07 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 44385 invoked by uid 48); 31 Jan 2019 03:20:03 -0000 From: "eggert at cs dot ucla.edu" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/11053] Wrong results with backreferences Date: Thu, 31 Jan 2019 03:20:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.11 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bonzini at gnu dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-01/txt/msg00001.txt.bz2 Content-length: 268 https://sourceware.org/bugzilla/show_bug.cgi?id=11053 --- Comment #8 from eggert at cs dot ucla.edu --- Another test case for this bug can be found here: https://debbugs.gnu.org/34238 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-872-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Thu Jan 31 17:20:08 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 112062 invoked by alias); 31 Jan 2019 17:17:41 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 79823 invoked by uid 55); 31 Jan 2019 17:13:54 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/23578] Invalid memory access if regex pattern contains NUL byte Date: Thu, 31 Jan 2019 17:17:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.28 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: 2.29 X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-01/txt/msg00002.txt.bz2 Content-length: 42312 https://sourceware.org/bugzilla/show_bug.cgi?id=23578 --- Comment #6 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The annotated tag, glibc-2.29 has been created at e7c9e41bb2407b0150997b382b49a5f3bb579bf9 (tag) tagging 56c86f5dd516284558e106d04b92875d5b623b7a (commit) replaces glibc-2.28.9000 tagged by Siddhesh Poyarekar on Thu Jan 31 22:24:07 2019 +0530 - Log ----------------------------------------------------------------- The GNU C Library ================= The GNU C Library version 2.29 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.29 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.29 ==================== * The getcpu wrapper function has been added, which returns the currently used CPU and NUMA node. This function is Linux-specific. * A new convenience target has been added for distribution maintainers to build and install all locales as directories with files. The new target is run by issuing the following command in your build tree: 'make localedata/install-locale-files', with an optional DESTDIR to set the install root if you wish to install into a non-default configured location. * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf. * The reallocarray function is now declared under _DEFAULT_SOURCE, not just for _GNU_SOURCE, to match BSD environments. * For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel indicates that it will abort the transaction prior to entering the kernel (PPC_FEATURE2_HTM_NOSC on hwcap2). On older kernels the transaction is suspended, and this caused some undefined side-effects issues by aborting transactions manually. Glibc avoided it by abort transactions manually on each syscall, but it lead to performance issues on newer kernels where the HTM state is saved and restore lazily (the state being saved even when the process actually does not use HTM). * The functions posix_spawn_file_actions_addchdir_np and posix_spawn_file_actions_addfchdir_np have been added, enabling posix_spawn and posix_spawnp to run the new process in a different directory. These functions are GNU extensions. The function posix_spawn_file_actions_addchdir_np is similar to the Solaris function of the same name. * The popen and system do not run atfork handlers anymore (BZ#17490). Although it is a possible POSIX violation, the POSIX rationale in pthread_atfork documentation regarding atfork handlers is to handle inconsistent mutex state after a fork call in a multi-threaded process. In both popen and system there is no direct access to user-defined mutexes. * Support for the C-SKY ABIV2 running on Linux has been added. This port requires at least binutils-2.32, gcc-9.0, and linux-4.20. Two ABIs are supported: - C-SKY ABIV2 soft-float little-endian - C-SKY ABIV2 hard-float little-endian * strftime's default formatting of a locale's alternative year (%Ey) has been changed to zero-pad the year to a minimum of two digits, like "%y". This improves the display of Japanese era years during the first nine years of a new era, and is expected to be harmless for all other locales (only Japanese locales regularly have alternative year numbers less than 10). Zero-padding can be overridden with the '_' or '-' flags (which are GNU extensions). * As a GNU extension, the '_' and '-' flags can now be applied to "%EY" to control how the year number is formatted; they have the same effect that they would on "%Ey". Deprecated and removed features, and other changes affecting compatibility: * The glibc.tune tunable namespace has been renamed to glibc.cpu and the tunable glibc.tune.cpu has been renamed to glibc.cpu.name. * The type of the pr_uid and pr_gid members of struct elf_prpsinfo, defined in , has been corrected to match the type actually used by the Linux kernel. This affects the size and layout of that structure on MicroBlaze, MIPS (n64 ABI only), Nios II and RISC-V. * For the MIPS n32 ABI, the type of the pr_sigpend and pr_sighold members of struct elf_prstatus, and the pr_flag member of struct elf_prpsinfo, defined in , has been corrected to match the type actually used by the Linux kernel. This affects the size and layout of those structures. * An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]' meant to scan a string and allocate space for it with malloc, is now restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE defined. This extension conflicts with C99's use of '%a' to scan a hexadecimal floating-point number, which is now available to programs compiled as C99 or C++11 or higher, regardless of _GNU_SOURCE. POSIX.1-2008 includes the feature of allocating a buffer for string input with malloc, using the modifier letter 'm' instead. Programs using '%as', '%aS', or '%a[...]' with the old GNU meaning should change to '%ms', '%mS', or '%m[...]' respectively. Programs that wish to use the C99 '%a' no longer need to avoid _GNU_SOURCE. GCC's -Wformat warnings can detect most uses of this extension, as long as all functions that call vscanf, vfscanf, or vsscanf are annotated with __attribute__ ((format (scanf, ...))). Changes to build and runtime requirements: * Python 3.4 or later is required to build the GNU C Library. * On most architectures, GCC 5 or later is required to build the GNU C Library. (On powerpc64le, GCC 6.2 or later is still required, as before.) Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. Security related changes: CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. CVE-2019-6488: On x32, the size_t parameter may be passed in the lower 32 bits of a 64-bit register with with non-zero upper 32 bit. When it happened, accessing the 32-bit size_t value as the full 64-bit register in the assembly string/memory functions would cause a buffer overflow. Reported by H.J. Lu. CVE-2016-10739: The getaddrinfo function could successfully parse IPv4 addresses with arbitrary trailing characters, potentially leading to data or command injection issues in applications. Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.29 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Albert ARIBAUD (3ADEV) Alexandra Hájková Andreas K. Hüttel Andreas Schwab Anton Youdkevitch Arjun Shankar Assaf Gordon Aurelien Jarno Carlos O'Donell Charles-Antoine Couret DJ Delorie Darius Rad David S. Miller Dmitry V. Levin Florian Weimer Fredrik Noring Gabriel F. T. Gomes H.J. Lu Ilya Leoshkevich Ilya Yu. Malakhov Istvan Kurucsai Jim Wilson Joseph Myers Justus Winter Kemi Wang Leonardo Sandoval Mao Han Martin Jansa Martin Kuchta Martin Sebor Mingli Yu Moritz Eckert PanderMusubi Paul Clarke Paul Eggert Paul Pluzhnikov Pochang Chen Rafael Avila de Espindola Rafael Ávila de Espíndola Rafal Luzynski Rajalakshmi Srinivasaraghavan Rogerio Alves Samuel Thibault Sergi Almacellas Abellana Siddhesh Poyarekar Stefan Liebler Steve Ellcey Szabolcs Nagy TAMUKI Shoichi Tobias Klauser Tulio Magno Quites Machado Filho Uroš Bizjak Wilco Dijkstra Zack Weinberg Zong Li -----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJcUyg2AAoJEHnEPfvxzyGHauAIAJmbTi6IHhY18D0NwFH002a/ Z/4L4jTd9/I8kaR+qYMGDi1tO+cTWtxO3jdlIU7/1VRdnL1h+HnlYTJlc64DVP9t 3W4lhSJRbK8HWlV0emmNHnBCgV6SxOMaMPN286WKLDTYI3OrOs16qkKneDqhWEoG BS1rvxdkd27hOds3CY4xsgCFgeyo/aS+sqV2nMNdcpGBb1ZLNET3O3AkP155BwOF utMl2xbQ5Ue17mOrw1TiOUJqvvf6FhNHFLT1dgBmgAVP+sXhjgL00co4sHh5xu5x vJ1ju3KgzIYtxbiAIUTppia/nRFX4K8z+VL7f4aDeUm6cxuikECcpCVgH7if4gc= =Fcnu -----END PGP SIGNATURE----- Adhemerval Zanella (43): powerpc: Only enable TLE with PPC_FEATURE2_HTM_NOSC Use libsupport for tst-spawn.c Fix ifunc support with DT_TEXTREL segments (BZ#20480) Fix misreported errno on preadv2/pwritev2 (BZ#23579) libio: Flush stream at freopen (BZ#21037) Fix build from commit 0b727ed x86: Fix Haswell strong flags (BZ#23709) Fix tst-preadvwritev2 build failure on HURD posix: Add internal symbols for posix_spawn interface support: Fix printf format for TEST_COMPARE_STRING posix: Use posix_spawn on popen posix: Use posix_spawn on system Fix ChangeLog date from previous commit posix: Fix segfault in maybe_script_execute m68k: Fix sigaction kernel definition (BZ #23960) alpha: Use Linux generic sigaction implementation hppa: Remove kernel_sigaction.h ia64: Remove kernel_sigaction.h s390: Use generic kernel_sigaction.h Fix BZ number for 43a45c2d82 Replace check_mul_overflow_size_t with __builtin_mul_overflow termios: Define TIOCSER_TEMT with __USE_MISC (BZ#17783) termios: Consolidate struct termios termios: Consolidate termios c_cc symbolic constants termios: Consolidate Input Modes definitions. termios: Consolidate Output Modes definitions termios: Consolidate Baud Rate Selection definitions (BZ#23783) termios: Consolidate control mode definitions termios: Consolidate local mode definitions termios: Consolidate tcflow symbolic constants termios: Remove Linux _IOT_termios termios: Add powerpc termios-misc termios: Consolidate termios.h posix: Clear close-on-exec for posix_spawn adddup2 (BZ#23640) nptl: Remove tst-cancel-wrappers test and related macros nptl: Fix testcases for new pthread cancellation mechanism x86_64: Remove wrong THREAD_ATOMIC_* macros i386: Remove bogus THREAD_ATOMIC_* macros nptl: Cleanup cancellation macros posix: Fix tst-spawn.c issue from commit 805334b26c elf: Fix LD_AUDIT for modules with invalid version (BZ#24122) hurd: Fix libsupport xsigstack build [elf] Revert 8e889c5da3 (BZ#24122) Albert ARIBAUD (3ADEV) (12): Y2038: provide size of default time_t for target architecture Fix date typo in ChangeLog Y2038: Add 64-bit time for all architectures Y2038: make __tz_convert compatible with 64-bit-time Y2038: add function __localtime64 Fix __TIMERSIZE and @theglibcadj typos Y2038: add function __localtime64_r Y2038: add function __gmtime64 Y2038: add function __gmtime64_r Y2038: add function __ctime64 Y2038: add function __ctime64_r Y2038: make __difftime compatible with 64-bit time Alexandra Hájková (1): Add an additional test to resolv/tst-resolv-network.c Andreas K. Hüttel (1): resolv: IDNA tests: AAAA (28) is valid, no fallthrough to default Andreas Schwab (16): RISC-V: Don't use ps_get_thread_area in libthread_db (bug 23402) Don't build libnsl for new ABIs Remove leading space from testrun.sh Add missing unwind information to ld.so on powerpc32 (bug 23707) Fix stack overflow in tst-setcontext9 (bug 23717) Don't reduce test timeout to less than default Don't use PSEUDO_END for non-PSEUDO function Add more checks for valid ld.so.cache file (bug 18093) RISC-V: properly terminate call chain (bug 23125) libanl: properly cleanup if first helper thread creation failed (bug 22927) RISC-V: don't assume PI mutexes and robust futexes before 4.20 (bug 23864) Move *-le.abilist to le/*.abilist Remove support for abilist-pattern Reindent nptl/pthread_rwlock_common.c Fix rwlock stall with PREFER_WRITER_NONRECURSIVE_NP (bug 23861) nscd: avoid assertion failure during persistent db check Anton Youdkevitch (1): aarch64: optimized memcpy implementation for thunderx2 Arjun Shankar (3): Clean up iconv/gconv_int.h for unnecessary declarations Remove unnecessary locking when reading iconv configuration [BZ #22062] Unconditionally call __gconv_get_path when reading iconv configuration Assaf Gordon (1): regex: fix heap-use-after-free error Aurelien Jarno (4): Update Alpha libm-test-ulps ARM: fix kernel assisted atomics with GCC 8 (bug 24034) en_US: define date_fmt (bug 24046) Only build libm with -fno-math-errno (bug 24024) Carlos O'Donell (11): Add version.h, and NEWS update to ChangeLog. Add convenience target 'install-locale-files'. Fix ChangeLog date. Update be translations. Update be translations. Update translations for be. Fix test failure with -DNDEBUG. Fix tst-setcontext9 for optimized small stacks. abilist.awk: Treat .tdata like .tbss and reject unknown combinations. Add --no-hard-links option to localedef (bug 23923) x86: Add Hygon Dhyana support. Charles-Antoine Couret (1): argp: do not call _IO_fwide() if _LIBC is not defined DJ Delorie (10): RISC-V: Fix rounding save/restore bug. Regen RISC-V rvd ULPs Improve ChangeLog message. Add test-in-container infrastructure. Fix IA64 links-dso-program link. links-dso-program: Fix build-programs=no build case. malloc: tcache double free check test-container: add "su" command to run test as root, add unshare hints malloc: Add another test for tcache double free check. test-container: move postclean outside of namespace changes Darius Rad (1): RISC-V: Update nofpu ULPs David S. Miller (2): Regenerate sparc ulps. Add VDSO support to sparc. Dmitry V. Levin (1): Fix a few typos in comments Florian Weimer (61): Linux: Rewrite __old_getdents64 [BZ #23497] mbstowcs: Remove outdated comment error, error_at_line: Add missing va_end calls nscd: Deallocate existing user names in file parser nss_files: Fix file stream leak in aliases lookup [BZ #23521] error, warn, warnx: Use __fxprintf for wide printing [BZ #23519] Fix attribution of previous change in ChangeLog Makeconfig (ASFLAGS): Always append required assembler flags Add --with-nonshared-cflags option to configure math: Regenerate s390 ulps malloc: Add ChangeLog for accidentally committed change __readlink_chk: Assume HAVE_INLINED_SYSCALLS __readlink_chk: Remove micro-optimization Makeconfig: Do not sort and deduplicate +cflags [BZ # 17248] Avoid running some tests if the file system does not support holes nscd: Fix use-after-free in addgetnetgrentX [BZ #23520] test-container: EPERM from unshare is UNSUPPORTED regex: Add test tst-regcomp-truncated [BZ #23578] reallocarray: Declare under _DEFAULT_SOURCE misc: New test misc/tst-gethostid resource: Update struct rusage comments [BZ #23689] time/tst-mktime2: Improve test error reporting conform: XFAIL siginfo_t si_band test on sparc64 stdlib/test-bz22786: Avoid spurious test failures using alias mappings stdlib/tst-strtod-overflow: Switch to support_blob_repeat support_blob_repeat: Call mkstemp directory for the backing file stdlib/test-bz22786: Avoid memory leaks in the test itself support/test-container.c: Include support/shell-container.c: Use support_copy_file_range posix: New function posix_spawn_file_actions_addchdir_np [BZ #17405] support: Implement TEST_COMPARE_STRING malloc: Convert the unlink macro to the unlink_chunk function malloc: Use current (C11-style) atomics for fastbin access support: Print timestamps in timeout handler malloc: tcache: Validate tc_idx before checking for double-frees [BZ #23907] CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] support: Implement support_quote_string support_quote_string: Do not use str parameter name support: Add signal support to support_capture_subprocess_check posix: Do not include testcases.h, ptestcases.h in source tree scripts/abilist.awk: Handle special _end symbol for Hurd support: Close original descriptors in support_capture_subprocess support: Implement to track file descriptors inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927] posix: New function posix_spawn_file_actions_addfchdir_np [BZ #17405] compat getdents64: Use correct offset for retry [BZ #23972] timespec_get (posix): Fix copyright header manual: Document thread/task IDs for Linux support: Do not require overflow builtin in support/blob_repeat.c localedata: Remove executable bit from localedata/locales/bi_VU [BZ #23995] locale: Rewrite locale/gen-translit.pl in Python malloc: Always call memcpy in _int_realloc [BZ #24027] nptl/tst-audit-threads: Switch to intl: Do not return NULL on asprintf failure in gettext [BZ #24018] Fix ChangeLog entry Linux: Improve handling of resource limits in misc/tst-ttyname manual: Use @code{errno} instead of @var{errno} [BZ #24063] malloc: Revert fastbins to old-style atomics resolv: Reformat inet_addr, inet_aton to GNU style resolv: Do not send queries for non-host-names in nss_dns [BZ #24112] CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018] Fredrik Noring (1): MIPS: Use `.set mips2' to emulate LL/SC for the R5900 too Gabriel F. T. Gomes (11): Fix typo in the documentation of gcvt Add tests for argp_error and argp_failure with floating-point parameters Add test for warn, warnx, vwarn, and vwarnx with floating-point parameters Add tests with floating-point arguments for err* and verr* functions Use TEST_COMPARE_STRING in recently added test Convert tst-efgcvt to the new test framework Prepare vfscanf to use __strtof128_internal Remove redirection of _IO_vfprintf Add *-ldbl.h headers to include/bits Add tests for the long double version of ecvt and fcvt Set behavior of sprintf-like functions with overlapping source and destination H.J. Lu (34): x86: Rename get_common_indeces to get_common_indices x86: Cleanup cpu-features-offsets.sym x86: Don't include in assembly codes x86: Move STATE_SAVE_OFFSET/STATE_SAVE_MASK to sysdep.h test-container: Use xcopy_file_range for cross-device copy [BZ #23597] i386: Use ENTRY and END in start.S [BZ #23606] i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716] x86: Use RTM intrinsics in pthread mutex lock elision x86: Use _rdtsc intrinsic for HP_TIMING_NOW x86: Don't include x86: Support RDTSCP for benchtests Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509] x86/CET: Add a re-exec test with legacy bitmap _dl_exception_create_format: Support %x/%lx/%zx elf/dl-exception.c: Include <_itoa.h> for _itoa prototype x86: Extend CPUID support in struct cpu_features Add getcpu Don't use __typeof__ (getcpu) x86: Merge i386/x86_64 atomic-machine.h manual/examples: Remove redundant "if not" x86-64: Vectorize sincosf_poly and update s_sincosf-fma.c Regenerate sysdeps/x86_64/fpu/libm-test-ulps x86-64: Remove s_sincosf-sse2.S riscv: Use __has_include__ to include [BZ #24022] soft-fp: Properly check _FP_W_TYPE_SIZE [BZ #24066] Disable lazy binding on tests for minimal signal handler x86-64 memchr/wmemchr: Properly handle the length parameter [BZ# 24097] x86-64 memcmp/wmemcmp: Properly handle the length parameter [BZ# 24097] x86-64 memcpy: Properly handle the length parameter [BZ# 24097] x86-64 memrchr: Properly handle the length parameter [BZ# 24097] x86-64 memset/wmemset: Properly handle the length parameter [BZ# 24097] x86-64 strncmp family: Properly handle the length parameter [BZ# 24097] x86-64 strncpy: Properly handle the length parameter [BZ# 24097] x86-64 strnlen/wcsnlen: Properly handle the length parameter [BZ# 24097] Ilya Leoshkevich (12): S390: Use symbolic offsets for stack variables in 32-bit _dl_runtime_resolve S390: Use symbolic offsets for stack variables in 32-bit _dl_runtime_profile S390: Use symbolic offsets for stack variables in 64-bit _dl_runtime_resolve S390: Use symbolic offsets for stack variables in 64-bit _dl_runtime_profile S390: Do not clobber R0 in 32-bit _dl_runtime_resolve S390: Do not clobber R0 in 32-bit _dl_runtime_profile S390: Do not clobber R0 in 64-bit _dl_runtime_resolve S390: Do not clobber R0 in 64-bit _dl_runtime_profile S390: Test that lazy binding does not clobber R0 Move __fentry__ version definition to sysdeps/{i386,x86_64} S390: Implement 64-bit __fentry__ S390: Fix unwind in 32-bit _mcount Ilya Yu. Malakhov (1): signal: Use correct type for si_band in siginfo_t [BZ #23562] Istvan Kurucsai (3): malloc: Additional checks for unsorted bin integrity I. malloc: Add more integrity checks to mremap_chunk. malloc: Check the alignment of mmapped chunks before unmapping. Jim Wilson (1): RISC-V: Update LP64D libm-test-ulps. Joseph Myers (123): Move SNAN_TESTS_TYPE_CAST out of math-tests.h. Move SNAN_TESTS_PRESERVE_PAYLOAD out of math-tests.h. Fix math/test-misc.c for undefined fenv.h macros. Do not define various fenv.h macros for MIPS soft-float (bug 23479). Consistently terminate libm-test-*.inc TEST lines with commas. Move comment from libm-test-nextdown.inc to libm-test-nexttoward.inc. Replace gen-libm-test.pl with gen-libm-test.py. Move SNAN_TESTS_* out of math-tests.h. Use Linux 4.18 in build-many-glibcs.py. Update install.texi documentation of uses of Perl and Python. Update syscall-names.list for Linux 4.18. Add NT_VMCOREDD, AT_MINSIGSTKSZ from Linux 4.18 to elf.h. Update struct signalfd_siginfo from Linux 4.18. Update netinet/tcp.h from Linux 4.18. Move ROUNDING_TESTS_* out of math-tests.h. Don't redefine ROUNDING_TESTS_* in math/test-*-vlen*.h. Move EXCEPTION_TESTS_* out of math-tests.h Move EXCEPTION_ENABLE_SUPPORTED out of math-tests.h. Update netinet/udp.h from Linux 4.18. Move EXCEPTION_SET_FORCES_TRAP out of math-tests.h. Split fenv_private.h out of math_private.h more consistently. Make gen-libm-test.py treat plus_oflow and minus_oflow as non-finite. Replace conform/list-header-symbols.pl with a Python script. Do not include fenv_private.h in math_private.h. Move fenv.h soft-float inlines from fenv_private.h to include/fenv.h. Move float128 inlines from sysdeps/generic/math_private.h to include/math.h. Remove alpha math_private.h. Add build-many-glibcs.py --enable-obsolete-* configs. Add build-many-glibcs.py support for building more GCC libraries. Remove x86_64 math_private.h asms. Include most of elf/ modules-names in modules-names-tests. Use floor functions not __floor functions in glibc libm. Use rint functions not __rint functions in glibc libm. Fix sys/procfs.h pr_uid, pr_gid type (bug 23649). Fix MIPS n32 pr_sigpend, pr_sighold, pr_flag type (bug 23656). Update siginfo constants from Linux kernel (bug 21286). Use ceil functions not __ceil functions in glibc libm. Fix ldbl-128ibm ceill, floorl inlining of ceil, floor. Unify many bits/mman.h headers. Invert sense of list of i686-class processors in sysdeps/x86/cpu-features.h. Use trunc functions not __trunc functions in glibc libm. Unify some sys/procfs.h headers. Unify more sys/procfs.h headers. Complete sys/procfs.h unification. Share MAP_* flags between more architectures. Use round functions not __round functions in glibc libm. Use copysign functions not __copysign functions in glibc libm. Remove unnecessary math_private.h includes. Move MREMAP_* to bits/mman-shared.h. Add more fma tests. Fix libnldbl_nonshared.a references to internal libm symbols (bug 23735). Use bits/mman-linux.h for hppa. Use common bits/msq.h for more architectures. Use common bits/sem.h for more architectures. Use common bits/shm.h for more architectures. Use single bits/msq.h for all architectures. Use single bits/sem.h for all architectures. Move SHMLBA to its own header. Use single bits/shm.h for all architectures. Do not allow divide-by-zero exception for pow(+/- 0, -Inf). Handle surrogate pairs in c16rtomb (bug 23794, DR#488, C2X). Stop c32rtomb and mbrtoc32 aliasing wcrtomb and mbrtowc (bug 23793). Use Linux 4.19 in build-many-glibcs.py. Update kernel version in syscall-names.list to 4.19. Use gen-libm-test.py to generate ulps table for manual. Add new ELF note types from Linux 4.19 to elf.h. Add IN_MASK_CREATE from Linux 4.19 to sys/inotify.h. Remove pre-Python-3.4 compatibility from build-many-glibcs.py. Patch to require Python 3.4 or later to build glibc. Use tempfile.TemporaryDirectory in conform/glibcconform.py. Convert linknamespace tests from Perl to Python. Update and correct SPARC configuration for supported socket syscalls (bug 23848). Disable -Wformat-overflow= warnings for some printf tests. Avoid printf ("%s", NULL) in posix/bug-regex22.c. Correct SH kernel-features.h undefines (bug 23862). Fix __ASSUME_MLOCK2 for ARM, MicroBlaze (bug 23867). Remove __ASSUME_SOCKETCALL. Replace conformtest.pl with conformtest.py. Update conform/Makefile mkdir commands. Remove redundant macro definitions from ia64 sfp-machine.h. Fix i686 build with GCC 9. Fix armv7 build with GCC 9. Fix sparc64 build with GCC 9. Add hidden_tls_def macros, fix powerpc-soft build with GCC 9. Fix mips build with GCC 9. Use unique identifiers in conformtest. Separate conformtest subtest generation and execution. Combine more conformtest tests into single execution of the compiler. Fix Arm __ASSUME_COPY_FILE_RANGE (bug 23915). Touch more glibc source files in build-many-glibcs.py. Fix Hurd build with read-only source directory. Do not copy glibc sources in build-many-glibcs.py. Replace gen-as-const.awk by gen-as-const.py. Make gen-as-const.py handle '--' consistently with awk script. Stop test-in-container trying to run other-OS binaries. Update miscellaneous files from upstream sources. Update timezone code from tzcode 2018g. Move tst-signal-numbers to Python. Use gen-as-const.py to process .pysym files. Remove x86 mathinline.h hypot inline. Do not clobber sp in _hurd_stack_setup. Remove x86 mathinline.h asinh, acosh, atanh inlines. Add test that MAP_* constants agree with kernel. Do not clobber r12 for ia64 syscalls. Remove __ASSUME_ST_INO_64_BIT. Remove x86 mathinline.h sinh, cosh, tanh inlines. Remove x86 mathinline.h. Require GCC 5 or later to build glibc (bug 23993). Update longlong.h. Update nios2, sparc32 localplt.data for difftime changes (bug 24023). Use Linux 4.20 in build-many-glibcs.py. Update timezone code from tzcode 2018i. Update copyright dates with scripts/update-copyrights. Update copyright dates not handled by scripts/update-copyrights. Update miscellaneous files from upstream sources. Update syscall-names.list for Linux 4.20. Add HWCAP_SSBS from Linux 4.20 to AArch64 bits/hwcap.h. Add PACKET_IGNORE_OUTGOING from Linux 4.20 to netpacket/packet.h. Add IPV6_MULTICAST_ALL from Linux 4.20 to bits/in.h. Update MIPS libm-test-ulps. Update Linux kernel version in tst-mman-consts.py. Update powerpc-nofpu libm-test-ulps. Use binutils 2.32 branch in build-many-glibcs.py. Justus Winter (1): hurd: Handle "pid" magical lookup retry Kemi Wang (1): Mutex: Add pthread mutex tunables Leonardo Sandoval (5): benchtests: Set float type on --threshold argument benchtests: keep comparing even if function timings do not match benchtests: include --stats parameter benchtests: send non-consumable data to stderr x86-64: Optimize strcat/strncat, strcpy/strncpy and stpcpy/stpncpy with AVX2 Mao Han (4): Update config.guess and config.sub to current versions. C-SKY: Add dynamic relocations to elf.h Add statx conditionals for wordsize-32 *xstat.c Add C-SKY port Martin Jansa (2): sysdeps/ieee754/soft-fp: ignore maybe-uninitialized with -O [BZ #19444] sysdeps/ieee754: prevent maybe-uninitialized errors with -O [BZ #19444] Martin Kuchta (1): pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538] Martin Sebor (1): Add support for GCC 9 attribute copy. Mingli Yu (1): Linux gethostid: Check for NULL value from gethostbyname_r [BZ #23679] Moritz Eckert (1): malloc: Mitigate null-byte overflow attacks PanderMusubi (1): bs_BA: Fix a small typo in comment (bug 24011). Paul Clarke (1): powerpc: Fix tiny bug in strncmp.c Paul Eggert (21): regex: fix memory leak in Gnulib regex: Gnulib unibyte RRI uses bytes not chars regex: port Gnulib code to z/OS POSIX environment regex: fix uninitialized memory access Fix tzfile low-memory assertion failure Simplify tzfile fstat failure code Merge mktime, timegm from upstream Gnulib Fix mktime localtime offset confusion mktime fix for Gnulib + coreutils regex: __builtin_expect → __glibc_unlikely regex: simplify by using intprops.h mktime: fix EOVERFLOW bug mktime: new test for mktime failure mktime: simplify offset guess mktime: make more room for overflow mktime: fix bug with Y2038 DST transition mktime: fix non-EOVERFLOW errno handling mktime: DEBUG_MKTIME cleanup regex: fix storage-exhaustion error regex: simplify Gnulib port regex: improve Gnulib port to AIX Paul Pluzhnikov (4): Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test. [BZ #20271] Add newlines in __libc_fatal calls. stdlib: assert on NULL function pointer in atexit etc. [BZ #20544] Fix potential stack overflow [BZ #23490] Pochang Chen (1): malloc: Verify size of top chunk. Rafael Avila de Espindola (1): Simplify an #if #else #endif Rafael Ávila de Espíndola (6): Enable VDSO on x86_64 statically linked programs [BZ #19767] Enable VDSO on powerpc statically linked programs (bug 19767) Enable VDSO for static linking on aarch64 Enable VDSO on i386 statically linked programs Enable VDSO for static linking on arm Enable VDSO for static linking on mips Rafal Luzynski (12): ChangeLog: Fix an obvious typo. en_IN: Set the correct date format for "%x" (bug 17426). Indian and similar locales: Set the correct date format (bug 17426). Italian and Swiss locales: Use the correct separators (bug 10797). it_CH/it_IT locales: Correct some LC_TIME formats (bug 10425). kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209). kl_GL: Update the month names and date formats (bug 23740). NEWS: Fix a minor typo ("incosistent" -> "inconsistent"). NEWS: Fix another typo ("multithread..." -> "multi-threaded..."). sq_AL: Use the correct date and time formats (bug 10496, 23724). Multiple locales: Use the correct 12-hour time formats (bug 10496). ChangeLog: Fix an obvious typo in the previous commit. Rajalakshmi Srinivasaraghavan (3): powerpc: Rearrange little endian specific files powerpc: Remove powerpc specific sinf and cosf optimization Speedup first memmem match Rogerio Alves (2): powerpc: Fix VSCR position in ucontext (bug 24088) powerpc: fix tst-ucontext-ppc64-vscr test for POWER 5/6. Samuel Thibault (36): hurd: Add missing symbols for proper libc_get/setspecific hurd: Avoid PLTs for __pthread_get/setspecific hurd: XFAIL absence of C11 threads implementation hurd: set interrupt timeout to 1 minute hurd: Return EIO on non-responding interrupted servers hurd: Fix race between calling RPC and handling a signal hurd: Fix cancellation just before RPC call hurd: Fix race between calling RPC and handling a signal hurd: return EIEIO instead of EIO hurd: Document how to translate EIEIO error message hurd: Fix build Merge branch 'master' of git://sourceware.org/git/glibc hurd: Fix errno* generation Merge branch 'master' into errno hurd: Add pci RPC stubs hurd: Support msync hurd: Fix last-minute refactoring Hurd: Implement chdir support in posix_spawn Hurd: Fix ulinks in fd table reallocation Hurd: export _hurd_port_move hurd: Document dtable_cloexec size convention. hurd: Fix spawni's user_link reallocation hurd: Fix build with GCC 9 hurd: Fix F_*LK* fcntl with __USE_FILE_OFFSET64 hurd: Support lockf at offset 0 with size 0 or 1. hurd: Fix returning value for fcntl(F_*LK*) htl: Fix comparing attr with default values Fix test-as-const-jmp_buf-ssp.c generation on gnu-i386 hurd: Implement support for posix_spawn_file_actions_addfchdir_np hurd: Fix linknamespace of spawni hurd: Fix 64bit fcntl lock implementation hurd: advertise *_setpshared as not supported hurd: Check at_flags passed to faccessat hurd: Support AT_EMPTY_PATH hurd: Fix initial sigaltstack state hurd: Fix initial sigaltstack state Sergi Almacellas Abellana (1): Currency symbol should not preceed amount for [BZ #23791] Siddhesh Poyarekar (14): Rename the glibc.tune namespace to glibc.cpu Add ChangeLog for the last commit [benchtests] Fix compare_strings.py for python2 benchtests: Clean up the alloc_bufs [aarch64] Fix value of MIN_PAGE_SIZE for testing [benchtests] Add mandatory attributes to workload tests [benchtests] Add workload test properties to schema [aarch64] Add an ASIMD variant of strlen for falkor Print strlen benchmark output in json Reallocate buffers for every run in strlen Update libc.pot Update translations Prepare for 2.29 release Tag 2.29 release Stefan Liebler (63): Test stdlib/test-bz22786 exits now with unsupported if malloc fails. Fix segfault in maybe_script_execute. S390: Regenerate ULPs. Adjust name of ld.so in test-container.c. Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275] S390: Regenerate ULPs. Add missing libnss_testX.so requirement for tst-nss-test3. S390: Add configure check to detect z10 as mininum architecture level set. S390: Use hwcap instead of dl_hwcap in ifunc-resolvers. S390: Unify 31/64bit memset. S390: Refactor memset ifunc handling. S390: Implement bzero with memset. S390: Unify 31/64bit memcmp. S390: Refactor memcmp ifunc handling. S390: Unify 31/64bit memcpy. S390: Refactor memcpy/mempcpy ifunc handling. S390: Remove s390 specific implementation of bcopy. S390: Use memcpy for forward cases in memmove. S390: Add configure check to detect z13 as mininum architecture level set. S390: Add z13 memmove ifunc variant. S390: Add z13 strstr ifunc variant. S390: Add z13 memmem ifunc variant. S390: Refactor strlen ifunc handling. S390: Refactor strnlen ifunc handling. S390: Refactor strcpy ifunc handling. S390: Refactor stpcpy ifunc handling. S390: Refactor strncpy ifunc handling. S390: Refactor stpncpy ifunc handling. S390: Refactor strcat ifunc handling. S390: Refactor strncat ifunc handling. S390: Refactor strcmp ifunc handling. S390: Refactor strncmp ifunc handling. S390: Refactor strchr ifunc handling. S390: Refactor strchrnul ifunc handling. S390: Refactor strrchr ifunc handling. S390: Refactor strspn ifunc handling. S390: Refactor strpbrk ifunc handling. S390: Refactor strcspn ifunc handling. S390: Refactor memchr ifunc handling. S390: Refactor rawmemchr ifunc handling. S390: Refactor memccpy ifunc handling. S390: Refactor memrchr ifunc handling. S390: Refactor wcslen ifunc handling. S390: Refactor wcsnlen ifunc handling. S390: Refactor wcscpy ifunc handling. S390: Refactor wcpcpy ifunc handling. S390: Refactor wcsncpy ifunc handling. S390: Refactor wcpncpy ifunc handling. S390: Refactor wcscat ifunc handling. S390: Refactor wcsncat ifunc handling. S390: Refactor wcscmp ifunc handling. S390: Refactor wcsncmp ifunc handling. S390: Refactor wcschr ifunc handling. S390: Refactor wcschrnul ifunc handling. S390: Refactor wcsrchr ifunc handling. S390: Refactor wcsspn ifunc handling. S390: Refactor wcspbrk ifunc handling. S390: Refactor wcscspn ifunc handling. S390: Refactor wmemchr ifunc handling. S390: Refactor wmemset ifunc handling. S390: Refactor wmemcmp ifunc handling. S390: Refactor gconv_simple ifunc handling. S390: Cleanup ifunc-resolve.h. Steve Ellcey (1): Remove extra space at end of line. Szabolcs Nagy (17): Clean up converttoint handling and document the semantics Add new exp and exp2 implementations Missed ChangeLog Add new log implementation Add new log2 implementation Add new pow implementation Fix the documentation comment of checkint in powf Increase timeout of libio/tst-readline Increase timeout of nss/tst-nss-files-hosts-multi i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822] Remove the error handling wrapper from exp and exp2 Remove the error handling wrapper from log Remove the error handling wrapper from log2 Remove the error handling wrapper from pow Fix powf overflow handling in non-nearest rounding mode [BZ #23961] AArch64: Update dl-procinfo.c with new HWCAP Fix the manual for old texinfo TAMUKI Shoichi (4): strftime: Consequently use the "L_" macro with character literals manual: Fix the wording to "alternative" rather than "alternate" strftime: Set the default width of "%Ey" to 2 [BZ #23758] strftime: Pass the additional flags from "%EY" to "%Ey" [BZ #24096] Tobias Klauser (1): Add PF_XDP, AF_XDP and SOL_XDP from Linux 4.18 to bits/socket.h. Tulio Magno Quites Machado Filho (4): Fix _dl_profile_fixup data-dependency issue (Bug 23690) powerpc: Add missing CFI register information (bug #23614) Print cache size and geometry auxv types on LD_SHOW_AUXV=1 Add XFAIL_ROUNDING_IBM128_LIBGCC to more fma() tests Uroš Bizjak (1): alpha: Fix __remqu corrupting $f3 register Wilco Dijkstra (13): Simplify and speedup strstr/strcasestr first match Improve performance of sincosf Improve performance of sinf and cosf Fix spaces in x86_64 ULP file Use generic sinf/cosf in lgammaf_r Speedup tanf range reduction Update NEWS for sinf improvements Remove unused math files Fix strstr bug with huge needles (bug 23637) [AArch64] Adjust writeback in non-zero memset Refactor string benchtests Improve bench-strlen [AArch64] Add ifunc support for Ares Zack Weinberg (11): [manual] Job control is no longer optional. Use STRFMON_LDBL_IS_DBL instead of __ldbl_is_dbl. Add __vfscanf_internal and __vfwscanf_internal with flags arguments. Use SCANF_ISOC99_A instead of _IO_FLAGS2_SCANF_STD. Use SCANF_LDBL_IS_DBL instead of __ldbl_is_dbl. Add __v*printf_internal with flags arguments Add __vsyslog_internal, with same flags as __v*printf_internal. Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319) Use PRINTF_LDBL_IS_DBL instead of __ldbl_is_dbl. Use C99-compliant scanf under _GNU_SOURCE with modern compilers. Tests for minimal signal handler functionality in MINSIGSTKSZ space. Zong Li (3): elf: Fix the ld flags not be applied to tst-execstack-mod.so soft-fp: Use temporary variable in FP_FRAC_SUB_3/FP_FRAC_SUB_4 soft-fp: Add implementation for 128 bit self-contained ----------------------------------------------------------------------- -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-873-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Thu Jan 31 21:19:46 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 8819 invoked by alias); 31 Jan 2019 21:19:45 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 8686 invoked by uid 55); 31 Jan 2019 21:19:33 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Thu, 31 Jan 2019 21:19:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-01/txt/msg00003.txt.bz2 Content-length: 1471 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 --- Comment #1 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 583dd860d5b833037175247230a328f0050dbfe9 (commit) from 2bac7daa58da1a313bd452369b0508b31e146637 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=583dd860d5b833037175247230a328f0050dbfe9 commit 583dd860d5b833037175247230a328f0050dbfe9 Author: Paul Eggert Date: Mon Jan 21 11:08:13 2019 -0800 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 10 +++++++++- posix/regexec.c | 6 ++++-- 2 files changed, 13 insertions(+), 3 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-874-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Thu Jan 31 21:21:16 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 16114 invoked by alias); 31 Jan 2019 21:21:16 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 15903 invoked by uid 48); 31 Jan 2019 21:21:03 -0000 From: "eggert at cs dot ucla.edu" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Thu, 31 Jan 2019 21:21:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status version resolution target_milestone Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-01/txt/msg00004.txt.bz2 Content-length: 641 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 eggert at cs dot ucla.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Version|2.30 |2.29 Resolution|--- |FIXED Target Milestone|--- |2.30 --- Comment #2 from eggert at cs dot ucla.edu --- I installed the patch and am marking this bug as fixed in 2.30. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-875-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Feb 11 11:37:16 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 3821 invoked by alias); 11 Feb 2019 11:37:16 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 3773 invoked by uid 48); 11 Feb 2019 11:37:12 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Mon, 11 Feb 2019 11:37:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00000.txt.bz2 Content-length: 397 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-876-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 10:23:26 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 118305 invoked by alias); 26 Feb 2019 10:23:25 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 115888 invoked by uid 48); 26 Feb 2019 10:23:21 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] SIGPIPE Date: Tue, 26 Feb 2019 10:23:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc component flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00001.txt.bz2 Content-length: 3034 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |drepper.fsp at gmail dot com, | |fweimer at redhat dot com Component|build |regex Flags| |security- --- Comment #1 from Florian Weimer --- The SIGPIPE is spurious and comes from the wrong process. The null byte warning is immaterial as well. This also reproduces the issue: grep -E "$(printf '(|)(\\1\\1)*')" It looks like an infinite recursion in check_dst_limits_calc_pos_1: #0 0x00007f7559c776ad in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=5, bkref_idx=bkref_idx@entry=0) at regexec.c:1906 #1 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=6, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 #2 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=5, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 #3 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=6, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 #4 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=5, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 #5 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=6, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 #6 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=5, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 #7 0x00007f7559c7781a in check_dst_limits_calc_pos_1 ( mctx=mctx@entry=0x7ffee83d11f0, boundaries=boundaries@entry=3, subexp_idx=subexp_idx@entry=0, from_node=6, bkref_idx=bkref_idx@entry=0) at regexec.c:1949 Line numbers are as of commit 34a5a1460e9c05d6035bfbde327ab6d45f78958b. Not flagging as a security vulnerability because this needs a crafted pattern. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-877-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 10:36:52 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 105024 invoked by alias); 26 Feb 2019 10:36:52 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 104844 invoked by uid 48); 26 Feb 2019 10:36:48 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 Date: Tue, 26 Feb 2019 10:36:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00002.txt.bz2 Content-length: 528 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|SIGPIPE |regexec: Infinite recursion | |in | |check_dst_limits_calc_pos_1 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-878-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 10:46:57 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 103400 invoked by alias); 26 Feb 2019 10:46:56 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 100973 invoked by uid 48); 26 Feb 2019 10:46:53 -0000 From: "mishra.dhiraj95 at gmail dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 Date: Tue, 26 Feb 2019 10:46:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mishra.dhiraj95 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00003.txt.bz2 Content-length: 1800 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 --- Comment #2 from Dhiraj --- grep -E "$(printf '(|)(\\1\\1)*')" ==10544== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==10544== ==10544== Process terminating with default action of signal 11 (SIGSEGV) ==10544== Access not within mapped region at address 0x1FFE801FF8 ==10544== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==10544== at 0x539FC7C: check_dst_limits_calc_pos_1 (regexec.c:1882) ==10544== If you believe this happened as a result of a stack ==10544== overflow in your program's main thread (unlikely but ==10544== possible), you can try to increase the size of the ==10544== main thread stack using the --main-stacksize= flag. ==10544== The main thread stack size used in this run was 8388608. ==10544== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==10544== ==10544== Process terminating with default action of signal 11 (SIGSEGV) ==10544== Access not within mapped region at address 0x1FFE801FE8 ==10544== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==10544== at 0x4A2A650: _vgnU_freeres (vg_preloaded.c:59) ==10544== If you believe this happened as a result of a stack ==10544== overflow in your program's main thread (unlikely but ==10544== possible), you can try to increase the size of the ==10544== main thread stack using the --main-stacksize= flag. ==10544== The main thread stack size used in this run was 8388608. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-879-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 11:01:55 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 4899 invoked by alias); 26 Feb 2019 11:01:55 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 4461 invoked by uid 48); 26 Feb 2019 11:01:47 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 (CVE-2018-20796) Date: Tue, 26 Feb 2019 11:01:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: short_desc alias flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00004.txt.bz2 Content-length: 897 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|regexec: Infinite recursion |regexec: Infinite recursion |in |in |check_dst_limits_calc_pos_1 |check_dst_limits_calc_pos_1 | |(CVE-2018-20796) Alias| |CVE-2018-20796 Flags|security- |security+ --- Comment #3 from Florian Weimer --- A CVE identifier has apparently been assigned to this bug even if it is clearly not a security vulnerability. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-880-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 11:04:27 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 11093 invoked by alias); 26 Feb 2019 11:04:26 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 10657 invoked by uid 48); 26 Feb 2019 11:04:20 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 (CVE-2018-20796) Date: Tue, 26 Feb 2019 11:04:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00005.txt.bz2 Content-length: 269 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 --- Comment #4 from Florian Weimer --- Reference: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-881-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 11:18:43 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 82872 invoked by alias); 26 Feb 2019 11:18:43 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 80447 invoked by uid 48); 26 Feb 2019 11:18:39 -0000 From: "mishra.dhiraj95 at gmail dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 (CVE-2018-20796) Date: Tue, 26 Feb 2019 11:18:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mishra.dhiraj95 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00006.txt.bz2 Content-length: 464 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 --- Comment #5 from Dhiraj --- Florian, please correct me if i am wrong. Reference: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 The above issue was found in SED with different testcase. However the bug which i submitted is different, so why we are referring to CVE-2018-20796 ? -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-882-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Feb 26 11:49:44 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 51165 invoked by alias); 26 Feb 2019 11:49:43 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 50977 invoked by uid 48); 26 Feb 2019 11:49:40 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 Date: Tue, 26 Feb 2019 11:49:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: short_desc alias flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-02/txt/msg00007.txt.bz2 Content-length: 1116 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|regexec: Infinite recursion |regexec: Infinite recursion |in |in |check_dst_limits_calc_pos_1 |check_dst_limits_calc_pos_1 |(CVE-2018-20796) | Alias|CVE-2018-20796 | Flags|security+ |security- --- Comment #6 from Florian Weimer --- (In reply to Dhiraj from comment #5) > Florian, please correct me if i am wrong. > > Reference: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 > > The above issue was found in SED with different testcase. However the bug > which i submitted is different, so why we are referring to CVE-2018-20796 ? Sorry, you are right, the bugs are different. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-883-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Fri Mar 01 02:28:12 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 50443 invoked by alias); 1 Mar 2019 02:28:11 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 49675 invoked by uid 48); 1 Mar 2019 02:27:55 -0000 From: "vapier at gentoo dot org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/18986] ERE '0|()0|\1|0' causes regexec undefined behavior Date: Fri, 01 Mar 2019 02:28:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.22 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vapier at gentoo dot org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: adhemerval.zanella at linaro dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: alias Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00000.txt.bz2 Content-length: 384 https://sourceware.org/bugzilla/show_bug.cgi?id=18986 Mike Frysinger changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2009-5155 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-884-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Fri Mar 01 10:39:15 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 65908 invoked by alias); 1 Mar 2019 10:39:14 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 62482 invoked by uid 48); 1 Mar 2019 10:39:11 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/18986] ERE '0|()0|\1|0' causes regexec undefined behavior Date: Fri, 01 Mar 2019 10:39:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.22 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: adhemerval.zanella at linaro dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00001.txt.bz2 Content-length: 397 https://sourceware.org/bugzilla/show_bug.cgi?id=18986 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-885-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Mar 05 10:29:50 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 2823 invoked by alias); 5 Mar 2019 10:29:49 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 2759 invoked by uid 48); 5 Mar 2019 10:29:46 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 Date: Tue, 05 Mar 2019 10:29:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00002.txt.bz2 Content-length: 229 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 --- Comment #7 from Andreas Schwab --- In which way do they differ? -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-886-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Mar 05 10:33:48 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 21195 invoked by alias); 5 Mar 2019 10:33:47 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 21122 invoked by uid 48); 5 Mar 2019 10:33:43 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Tue, 05 Mar 2019 10:33:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: alias Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00003.txt.bz2 Content-length: 381 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 Andreas Schwab changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2019-9169 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-887-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Mar 05 10:46:04 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 7802 invoked by alias); 5 Mar 2019 10:46:03 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 5730 invoked by uid 48); 5 Mar 2019 10:46:00 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/18986] ERE '0|()0|\1|0' causes regexec undefined behavior Date: Tue, 05 Mar 2019 10:46:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.22 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: adhemerval.zanella at linaro dot org X-Bugzilla-Target-Milestone: 2.28 X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: target_milestone Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00004.txt.bz2 Content-length: 372 https://sourceware.org/bugzilla/show_bug.cgi?id=18986 Andreas Schwab changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.28 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-889-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sat Mar 09 00:32:11 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 51772 invoked by alias); 9 Mar 2019 00:32:10 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 51709 invoked by uid 48); 9 Mar 2019 00:32:07 -0000 From: "skvadrik at gmail dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24316] regexec() violates POSIX longest match rule Date: Sat, 09 Mar 2019 00:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: skvadrik at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00006.txt.bz2 Content-length: 408 https://sourceware.org/bugzilla/show_bug.cgi?id=24316 skvadrik at gmail dot com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |skvadrik at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-888-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sat Mar 09 00:32:02 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 51381 invoked by alias); 9 Mar 2019 00:32:01 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 51233 invoked by uid 48); 9 Mar 2019 00:31:57 -0000 From: "skvadrik at gmail dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24316] New: regexec() violates POSIX longest match rule Date: Sat, 09 Mar 2019 00:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: skvadrik at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00005.txt.bz2 Content-length: 2803 https://sourceware.org/bugzilla/show_bug.cgi?id=24316 Bug ID: 24316 Summary: regexec() violates POSIX longest match rule Product: glibc Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: regex Assignee: unassigned at sourceware dot org Reporter: skvadrik at gmail dot com CC: drepper.fsp at gmail dot com Target Milestone: --- Created attachment 11665 --> https://sourceware.org/bugzilla/attachment.cgi?id=11665&action=edit regexec_bug.c Hi! Not sure if this is a long-known issue, so reporting just in case. Glibc implementation of regexec() violates POSIX longest match rule: http://pubs.opengroup.org/onlinepubs/7908799/xbd/re.html Consistent with the whole match being the longest of the leftmost matches, each subpattern, from left to right, matches the longest possible string. For example, consider RE (a|ab)(bc|c) and string abc: first submatch group should match (ab), and second group should match (c). However, glibc match is different, as demonstrated by the following program (regexec_bug.c): #include #include #include #include static void test(const char *pattern, const char *string) { regex_t regex; int nmatch = 0, e = 0; regmatch_t *pmatch = 0; e = regcomp(®ex, pattern, REG_EXTENDED); if (e != 0) { fprintf(stderr, "regcomp failed for RE %s\n", pattern); goto end; } nmatch = regex.re_nsub + 1; pmatch = malloc(sizeof(regmatch_t) * nmatch); e = regexec(®ex, string, nmatch, pmatch, 0); if (e != 0) { fprintf(stderr, "regexec failed for RE %s\n", pattern); goto end; } fprintf(stderr, "\nRE %s:\n", pattern); for (int i = 0; i < nmatch; ++i) { const regoff_t x = pmatch[i].rm_so, y = pmatch[i].rm_eo; if (x != -1) { fprintf(stderr, "%d: %.*s\n", i, y - x, string + x); } } end: free(pmatch); regfree(®ex); } int main(void) { test("^(a|ab)(bc|c)$", "abc"); test("^(ab|a)(bc|c)$", "abc"); test("^(a|aa)*$", "aa"); test("^(aa|a)*$", "aa"); return 0; } $ gcc regexec_bug.c -Wall -O2 -g -oregexec_bug Actual result: $ ./regexec_bug RE ^(a|ab)(bc|c)$: 0: abc 1: a 2: bc RE ^(ab|a)(bc|c)$: 0: abc 1: ab 2: c RE ^(a|aa)*$: 0: aa 1: a RE ^(aa|a)*$: 0: aa 1: aa Expected result: $ ./regexec_bug RE ^(a|ab)(bc|c)$: 0: abc 1: ab 2: c RE ^(ab|a)(bc|c)$: 0: abc 1: ab 2: c RE ^(a|aa)*$: 0: aa 1: aa RE ^(aa|a)*$: 0: aa 1: aa Exact glibc version: glibc-2.29.9000-118-g86bdd49d93 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-890-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sat Mar 09 10:49:06 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 117415 invoked by alias); 9 Mar 2019 10:48:49 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 117098 invoked by uid 48); 9 Mar 2019 10:48:43 -0000 From: "skvadrik at gmail dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24316] regexec() violates POSIX longest match rule Date: Sat, 09 Mar 2019 10:48:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: skvadrik at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00007.txt.bz2 Content-length: 591 https://sourceware.org/bugzilla/show_bug.cgi?id=24316 --- Comment #1 from skvadrik at gmail dot com --- Also, is there any formal description of regcomp()/regexec() implementation, other than the source code itself? I can try to reverse-engineer it from the source code, but it would be helpful to understand the original author's design. Commit 3b0bdc723579a7c6df2cace0115a6ca0977d73f9 points to Isamu Hasegawa , but that email address no longer exists. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-891-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Mar 13 06:30:56 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 95289 invoked by alias); 13 Mar 2019 06:30:56 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 95170 invoked by uid 48); 13 Mar 2019 06:30:53 -0000 From: "petersen at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/23393] Handle [a-z] and [A-Z] in consistent portable fashion regardless of locale. Date: Wed, 13 Mar 2019 06:30:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.28 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: petersen at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: carlos at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00008.txt.bz2 Content-length: 398 https://sourceware.org/bugzilla/show_bug.cgi?id=23393 Jens Petersen changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |petersen at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-892-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sat Mar 16 22:25:24 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 26776 invoked by alias); 16 Mar 2019 22:25:24 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 26605 invoked by uid 55); 16 Mar 2019 22:25:21 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Sat, 16 Mar 2019 22:25:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00009.txt.bz2 Content-length: 1284 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 --- Comment #3 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 (commit) from 066ae81ec9b1a5bb8f8b93f4defb089f7b315833 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 Author: Aurelien Jarno Date: Sat Mar 16 22:59:56 2019 +0100 Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + NEWS | 4 ++++ 2 files changed, 5 insertions(+), 0 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-893-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sat Mar 16 22:32:47 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 49496 invoked by alias); 16 Mar 2019 22:32:47 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 49405 invoked by uid 55); 16 Mar 2019 22:32:43 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Sat, 16 Mar 2019 22:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00010.txt.bz2 Content-length: 2016 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 --- Comment #4 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.29/master has been updated via 10dd17da710fd32aaf1f2187544d80064b8c4ee0 (commit) via 4d0b1b0f61bfba034e9e76a1d76acc59c975238f (commit) from bc6f839fb4066be83272c735e662850af2595777 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10dd17da710fd32aaf1f2187544d80064b8c4ee0 commit 10dd17da710fd32aaf1f2187544d80064b8c4ee0 Author: Aurelien Jarno Date: Sat Mar 16 22:59:56 2019 +0100 Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] (cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d0b1b0f61bfba034e9e76a1d76acc59c975238f commit 4d0b1b0f61bfba034e9e76a1d76acc59c975238f Author: Paul Eggert Date: Mon Jan 21 11:08:13 2019 -0800 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. (cherry picked from commit 583dd860d5b833037175247230a328f0050dbfe9) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 9 +++++++++ NEWS | 4 ++++ posix/regexec.c | 6 ++++-- 3 files changed, 17 insertions(+), 2 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-894-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sun Mar 17 08:44:54 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 93862 invoked by alias); 17 Mar 2019 08:44:54 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 93807 invoked by uid 55); 17 Mar 2019 08:44:51 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Sun, 17 Mar 2019 08:44:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00011.txt.bz2 Content-length: 2016 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 --- Comment #5 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.28/master has been updated via 54e725e39d0190227b9bf975a7c3f80e8a81365a (commit) via 2aee101ff6075dd97a99982a1ba29e21ec25c52f (commit) from 4bf5ab3196bd27e48d87d4a1cd91efd39772e026 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54e725e39d0190227b9bf975a7c3f80e8a81365a commit 54e725e39d0190227b9bf975a7c3f80e8a81365a Author: Aurelien Jarno Date: Sat Mar 16 22:59:56 2019 +0100 Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] (cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2aee101ff6075dd97a99982a1ba29e21ec25c52f commit 2aee101ff6075dd97a99982a1ba29e21ec25c52f Author: Paul Eggert Date: Mon Jan 21 11:08:13 2019 -0800 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. (cherry picked from commit 583dd860d5b833037175247230a328f0050dbfe9) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 9 +++++++++ NEWS | 4 ++++ posix/regexec.c | 6 ++++-- 3 files changed, 17 insertions(+), 2 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-895-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Thu Mar 21 08:26:42 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 41184 invoked by alias); 21 Mar 2019 08:26:41 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 41116 invoked by uid 48); 21 Mar 2019 08:26:38 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24269] regexec: Infinite recursion in check_dst_limits_calc_pos_1 Date: Thu, 21 Mar 2019 08:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: alias Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-03/txt/msg00012.txt.bz2 Content-length: 382 https://sourceware.org/bugzilla/show_bug.cgi?id=24269 Andreas Schwab changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2018-20796 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-896-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Apr 01 10:35:03 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 33525 invoked by alias); 1 Apr 2019 10:35:03 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 33266 invoked by uid 48); 1 Apr 2019 10:34:59 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/13637] incorrect match in multi-byte (non-UTF8) string Date: Mon, 01 Apr 2019 10:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.15 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00000.txt.bz2 Content-length: 456 https://sourceware.org/bugzilla/show_bug.cgi?id=13637 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security- -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-897-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Apr 02 16:00:36 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 49640 invoked by alias); 2 Apr 2019 16:00:36 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 42210 invoked by uid 48); 2 Apr 2019 16:00:25 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24114] regexec buffer read overrun in "grep -i '\(\(\)*.\)*\(\)\(\)\1'" Date: Tue, 02 Apr 2019 16:00:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.30 X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00001.txt.bz2 Content-length: 595 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |security+ --- Comment #6 from Florian Weimer --- Flagging as security+ due to CVE assignment. Since this bug needs a crafted pattern to trigger, it would not normally qualify as a security bug. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-898-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Apr 10 09:59:54 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 118326 invoked by alias); 10 Apr 2019 09:59:53 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 118289 invoked by uid 48); 10 Apr 2019 09:59:50 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/611] regex with a long character sequence requires huge stack space Date: Wed, 10 Apr 2019 09:59:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: bonzini at gnu dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00002.txt.bz2 Content-length: 598 https://sourceware.org/bugzilla/show_bug.cgi?id=611 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security- --- Comment #8 from Florian Weimer --- Flagging as security- because this occurs when compiling a crafted pattern. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-899-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Apr 10 10:02:55 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 122033 invoked by alias); 10 Apr 2019 10:02:55 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 121730 invoked by uid 48); 10 Apr 2019 10:02:48 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/1178] posix regex tests timeout on PII 180MHz Date: Wed, 10 Apr 2019 10:02:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.3.4 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: INVALID X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: gotom at debian dot or.jp X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc alias flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00003.txt.bz2 Content-length: 505 https://sourceware.org/bugzilla/show_bug.cgi?id=1178 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Alias|timout-regex-tests | Flags| |security- -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-900-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Apr 10 10:06:41 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 118029 invoked by alias); 10 Apr 2019 10:06:40 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 112953 invoked by uid 48); 10 Apr 2019 10:06:37 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/1149] character class with range doesn't match half-width kana in SJIS locale Date: Wed, 10 Apr 2019 10:06:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: WONTFIX X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: gotom at debian dot or.jp X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00004.txt.bz2 Content-length: 396 https://sourceware.org/bugzilla/show_bug.cgi?id=1149 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-901-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Apr 10 12:27:39 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 19101 invoked by alias); 10 Apr 2019 12:27:38 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 18998 invoked by uid 48); 10 Apr 2019 12:27:35 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/52] Repeated and nested subexpressions (reproducible in most other engines) Date: Wed, 10 Apr 2019 12:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: minor X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: gotom at debian dot or.jp X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00005.txt.bz2 Content-length: 453 https://sourceware.org/bugzilla/show_bug.cgi?id=52 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security- -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-902-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Apr 10 12:35:26 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 33686 invoked by alias); 10 Apr 2019 12:35:18 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 33630 invoked by uid 48); 10 Apr 2019 12:35:15 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/8] Quadratic behavior on regex with * at the beginning Date: Wed, 10 Apr 2019 12:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bonzini at gnu dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: cc flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-04/txt/msg00006.txt.bz2 Content-length: 452 https://sourceware.org/bugzilla/show_bug.cgi?id=8 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security+ -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-903-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Jun 05 08:30:41 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 108033 invoked by alias); 5 Jun 2019 08:30:39 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 107876 invoked by uid 89); 5 Jun 2019 08:30:26 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=0.8 required=5.0 testsYES_50,HTML_MESSAGE autolearn=ham version=3.3.1 spammy=H*UA:102, H*M:sk:2019060, water, H*r:SMTPD32 X-HELO: medical.yhctech.com Received: from Unknown (HELO medical.yhctech.com) (219.144.255.21) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with SMTP; Wed, 05 Jun 2019 08:30:22 +0000 Received: from PV-X00189185[127.0.0.1] by PV-X00189185[127.0.0.1] (SMTPD32); Wed, 5 Jun 2019 16:30:17 +0800 MIME-Version: 1.0 Date: Wed, 05 Jun 2019 08:30:00 -0000 From: "Sales26@medical.yhctech.com" Subject: Re: Sophora Flavescens Extract Matrine & Oxyhmatrine To: glibc-bugs-regex@sourceware.org Reply-To: jiayoubareal@163.com Message-ID: <2019060005163000160888@medical.yhctech.com> In-Reply-To: <2019060005163000160888@medical.yhctech.com> Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: Base64 X-SW-Source: 2019-06/txt/msg00000.txt.bz2 Content-length: 2237 SGkgZGVhciBmcmllbmQsDQpOaWNlIGRheSB0byB5b3UuDQpXZSBhcmUgYSBm YWN0b3J5IG9mIFNvcGhvcmEgRmxhdmVzY2VucyBFeHRyYWN0LCBnbGFkIHRv IGtub3cgeW91Lg0KS2luZGx5IHNlZSB3aGljaCBwdXJpdHkgbWVldCB5b3Vy IG1hcmtldCBhbmQgZm9yIGhvdyBtYW55IHF1YW50aXR5Pw0KU28gdGhhdCB3 ZSBjYW4gYmFjayB5b3UgYmVzdCBvZmZlciB3aXRoIENPQSBhdCBvbmNlLg0K UHJvZHVjdCBOYW1lOiBTb3Bob3JhIEZsYXZlc2NlbnMgRXh0cmFjdCANCkFj dGl2ZSBJbmdyZWRpZW50czogTWF0cmluZSAmIE94eWhtYXRyaW5lDQpTcGVj aWZpY2F0aW9uOiDiiaUgMC41JSwgNSUsIDEwJSwgMjAlLCA5MCUsIDk4JQ0K VGVzdCBNZXRob2Q6IEhQTEMNCkFwcGVhcmFuY2U6IEJyb3duIHRvIFdoaXRl IExpcXVpZCBvciBQb3dkZXINClNvbHViaWxpdHk6IE1hdHJpbmUgaXMgc29s dWJsZSBpbiB3YXRlciwgYmVuemVuZSwgY2hsb3JvZm9ybSwgbWV0aGFub2ws IGV0aGFub2wgYW5kIHNsaWdodGx5IHNvbHVibGUgaW4gcGV0cm9sZXVtIGV0 aGVyDQpBcHBsaWNhdGlvbnM6DQogICAgICAgIDEuIEJpb2xvZ2ljYWwgcGVz dGljaWRlOiBNYXRyaW5lIGlzIGEgbmF0dXJhbCBwbGFudCAtIGRlcml2ZWQg cGVzdGljaWRlIHdpdGggbG93IHRveGljaXR5IHRvIGh1bWFucyBhbmQgbGl2 ZXN0b2NrLkl0IGhhcyBvYnZpb3VzIGNvbnRyb2wgZWZmZWN0IG9uIHNsaW1l IHdvcm0sIGdyZWVuIHZlZ2V0YWJsZSBpbnNlY3QsIGFwaGlkIGFuZCBzdGFy c2NyZWFtLiAgICAgICAgMi4gQW50aWJhY3RlcmlhbCBnZWw6IFNvcGhvcmEg ZmxhdmVzY2VudGlzIGx5ZSBzb2x1dGlvbiBoYXMgc2hvd24gaW5oaWJpdG9y eSBlZmZlY3Qgb24gZXNjaGVyaWNoaWEgY29saSBhbmQgc3RhcGh5bG9jb2Nj dXMgYXVyZXVzLiBJdCBoYXMgYW50aWJhY3RlcmlhbCBhbmQgYW50aS1pbmZs YW1tYXRvcnkgZWZmZWN0IGluIGFudGliYWN0ZXJpYWwgZ2VsIGFuZCBpcyBv ZnRlbiB1c2VkIGluIGd5bmVjb2xvZ2ljYWwgY2hyb25pYyBpbmZsYW1tYXRp b24gc3VjaCBhcyBtb2xkIGluZmVjdGlvbi4gICAgICAgIDMuIGNvc21ldGlj czogTWF0cmluZSBoYXMgdGhlIGZ1bmN0aW9uIG9mIGNsZWFyaW5nIGhlYXQg YW5kIGRyeW5lc3MgYW5kIGRhbXBuZXNzIGFuZCBhbnRpLWluZmxhbW1hdG9y eSwgc28gaXQgY2FuIGtpbGwgdGhlIGluc2VjdCBib3JuIGZyb20gZGFtcG5l c3MgYW5kIGhlYXQuIEl0IGNhbiBiZSB1c2VkIGFzIGFudGliYWN0ZXJpYWwg YWdlbnQsIGFudGktaW5mbGFtbWF0b3J5IGFnZW50IGFuZCBhY25lIHJlbW92 aW5nIHByb2R1Y3QgaW4gZGFpbHkgY2hlbWljYWwgcHJvZHVjdHMuDQpBbnkg b3RoZXIgcXVlc3Rpb24sIGZyZWUgdG8gYXNrLg0KV2FpdGluZyBmb3IgeW91 ciBwcm9tcHQgcmVzcG9uZC4NClRoYW5rcyAmIEJlc3QgUmVnYXJkcyANCkFs aWNlIExlZSAoU2FsZXMgRGlyZWN0b3IpIA0KKFVTRkRBICYgS0ZEQSBBcHBy b3ZlZCkgDQpFLW1haWwgLyBTa3lwZTogc2FsZXNAeWhlcmJhbC5jb20gDQpN b2JpbGU6ICs4Ni0xODA5MjU5MTMyOCANClFROiAzNDcxOTg2MTkyIA0KQWRk LjogTm8uIDM0IFNvdXRoIEZlbmdodWkgUm9hZCwgWGknYW4gQ2l0eSA3MTAw NzUsIFNoYWFueGkgUHJvdmluY2UsIENoaW5hLg0K >From glibc-bugs-regex-return-904-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Jul 23 19:20:53 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 8598 invoked by alias); 23 Jul 2019 19:20:53 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 8560 invoked by uid 48); 23 Jul 2019 19:20:50 -0000 From: "eggert at cs dot ucla.edu" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24844] New: regex bad pointer / leakage if malloc fails Date: Tue, 23 Jul 2019 19:20:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-07/txt/msg00000.txt.bz2 Content-length: 962 https://sourceware.org/bugzilla/show_bug.cgi?id=24844 Bug ID: 24844 Summary: regex bad pointer / leakage if malloc fails Product: glibc Version: 2.29 Status: NEW Severity: normal Priority: P2 Component: regex Assignee: unassigned at sourceware dot org Reporter: eggert at cs dot ucla.edu CC: drepper.fsp at gmail dot com Target Milestone: --- Created attachment 11919 --> https://sourceware.org/bugzilla/attachment.cgi?id=11919&action=edit Patch for bad pointer / leak in regex_internal.c regex_internal.c mistreats malloc failures in a couple of places. In one, it dereferences the resulting NULL pointer; in the other, it leaks another block of memory when an malloc fails. The latter problem was found by Coverity. Proposed patch attached. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-905-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Tue Jul 23 19:29:27 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 17303 invoked by alias); 23 Jul 2019 19:29:27 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 17271 invoked by uid 48); 23 Jul 2019 19:29:24 -0000 From: "carlos at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24844] regex bad pointer / leakage if malloc fails Date: Tue, 23 Jul 2019 19:29:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: carlos at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-07/txt/msg00001.txt.bz2 Content-length: 929 https://sourceware.org/bugzilla/show_bug.cgi?id=24844 Carlos O'Donell changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos at redhat dot com --- Comment #1 from Carlos O'Donell --- (In reply to eggert from comment #0) > Created attachment 11919 [details] > Patch for bad pointer / leak in regex_internal.c > > regex_internal.c mistreats malloc failures in a couple of places. In one, it > dereferences the resulting NULL pointer; in the other, it leaks another > block of memory when an malloc fails. The latter problem was found by > Coverity. Proposed patch attached. Please post to libc-alpha if you think this should be fixed for 2.30. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-906-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Thu Aug 15 21:37:01 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 88253 invoked by alias); 15 Aug 2019 21:37:00 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 88205 invoked by uid 48); 15 Aug 2019 21:36:56 -0000 From: "aurelien at aurel32 dot net" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/23393] Handle [a-z] and [A-Z] in consistent portable fashion regardless of locale. Date: Thu, 15 Aug 2019 21:37:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.28 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: aurelien at aurel32 dot net X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: carlos at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-08/txt/msg00000.txt.bz2 Content-length: 1044 https://sourceware.org/bugzilla/show_bug.cgi?id=23393 Aurelien Jarno changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aurelien at aurel32 dot net --- Comment #40 from Aurelien Jarno --- (In reply to Carlos O'Donell from comment #35) > As a temprary measure I have committed the deinterleaving of upper and lower > cases in iso14651_t1_common for glibc 2.28 to fix the surprises caused to > en_US.UTF-8 users who do not want to have [a-z] match A-Y. > > This fixes the regression for 2.28, but doesn't fix this issue. There is a user report [1] that shows that the cyrillic ranges are also affected by the iso14651_t1_common update. The deinterleaving changes only fix the latin ranges. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926906 -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-907-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Aug 19 14:27:26 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 51428 invoked by alias); 19 Aug 2019 14:27:26 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 51178 invoked by uid 48); 19 Aug 2019 14:27:21 -0000 From: "carlos at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/23393] Handle [a-z] and [A-Z] in consistent portable fashion regardless of locale. Date: Mon, 19 Aug 2019 14:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.28 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: carlos at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: carlos at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-08/txt/msg00001.txt.bz2 Content-length: 1986 https://sourceware.org/bugzilla/show_bug.cgi?id=23393 --- Comment #41 from Carlos O'Donell --- (In reply to Aurelien Jarno from comment #40) > (In reply to Carlos O'Donell from comment #35) > > As a temprary measure I have committed the deinterleaving of upper and lower > > cases in iso14651_t1_common for glibc 2.28 to fix the surprises caused to > > en_US.UTF-8 users who do not want to have [a-z] match A-Y. > > > > This fixes the regression for 2.28, but doesn't fix this issue. > > There is a user report [1] that shows that the cyrillic ranges are also > affected by the iso14651_t1_common update. The deinterleaving changes only > fix the latin ranges. > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926906 This user is expecting the range to be made up of collation ordering, and that expectation is not valid. The range in any non-POSIX/C locale is undefined. Therefore the bug you reference is not a bug, but it's still difficult for users to use ranges without problems, and that makes them relatively useless and we'd like to fix that. The plan is to fix this with rational ranges that use UTF-8 code-point ordering for all ranges. The deinterleaving for LATIN is consciously to fix only the ASCII ranges and fix POSIC/C ranges. All other ranges are undefined. If we deinterlace non-LATIN ranges we'd have to duplicate all the data into the individual locales and list them in collation order (so collation order matches collation element ordering). Such a change would be quite drastic, and still not solve the problem of having collation changes change range expressions. It also wouldn't solve the broader problem that everyone still expects [a-z] to work all the time (code-point ordering). I would close your debian bug as an unsupported configuration for ranges, but point out that we are trying to make this better. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-908-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Aug 21 18:05:24 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 126586 invoked by alias); 21 Aug 2019 18:05:24 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 126492 invoked by uid 48); 21 Aug 2019 18:05:20 -0000 From: "eggert at cs dot ucla.edu" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/24844] regex bad pointer / leakage if malloc fails Date: Wed, 21 Aug 2019 18:05:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.31 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution target_milestone Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-08/txt/msg00002.txt.bz2 Content-length: 576 https://sourceware.org/bugzilla/show_bug.cgi?id=24844 eggert at cs dot ucla.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.31 --- Comment #2 from eggert at cs dot ucla.edu --- I installed the patch and am closing the bug report. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-909-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Wed Oct 30 09:32:05 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 41469 invoked by alias); 30 Oct 2019 09:32:04 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 39725 invoked by uid 48); 30 Oct 2019 09:32:00 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/25149] New: Array bounds violation in proceed_next_node Date: Wed, 30 Oct 2019 09:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-10/txt/msg00000.txt.bz2 Content-length: 1071 https://sourceware.org/bugzilla/show_bug.cgi?id=25149 Bug ID: 25149 Summary: Array bounds violation in proceed_next_node Product: glibc Version: 2.30 Status: NEW Severity: normal Priority: P2 Component: regex Assignee: unassigned at sourceware dot org Reporter: schwab@linux-m68k.org CC: drepper.fsp at gmail dot com Target Milestone: --- If the regex has more subexpressions than the number of elements allocated in the regmatch_t array passed to regexec then proceed_next_node may access the regmatch_t array outside its bounds. #include int main (void) { regex_t rx; regmatch_t rm[4]; int err; err = regcomp (&rx, "^(.?)(.?)(.?)(.?)(.?)(.?)(.?)(.?)(.?).?\\9\\8\\7\\6\\5\\4\\3\\2\\1$", REG_EXTENDED); if (err == REG_NOERROR) err = regexec (&rx, "1234", sizeof (rm) / sizeof (rm[0]), rm, 0); return err != REG_NOMATCH; } -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-910-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Nov 11 10:08:28 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 116531 invoked by alias); 11 Nov 2019 10:08:28 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 116224 invoked by uid 48); 11 Nov 2019 10:08:21 -0000 From: "fweimer at redhat dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/25149] Array bounds violation in proceed_next_node Date: Mon, 11 Nov 2019 10:08:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-11/txt/msg00000.txt.bz2 Content-length: 397 https://sourceware.org/bugzilla/show_bug.cgi?id=25149 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-912-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Nov 11 11:27:17 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 85947 invoked by alias); 11 Nov 2019 11:27:17 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 85821 invoked by uid 55); 11 Nov 2019 11:27:13 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/25149] Array bounds violation in proceed_next_node Date: Mon, 11 Nov 2019 11:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-11/txt/msg00002.txt.bz2 Content-length: 916 https://sourceware.org/bugzilla/show_bug.cgi?id=25149 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Andreas Schwab : https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc141ea78ee3d87c67b18488827fe2d89c9343e7 commit fc141ea78ee3d87c67b18488827fe2d89c9343e7 Author: Andreas Schwab Date: Wed Oct 30 10:38:36 2019 +0100 Fix array bounds violation in regex matcher (bug 25149) If the regex has more subexpressions than the number of elements allocated in the regmatch_t array passed to regexec then proceed_next_node may access the regmatch_t array outside its bounds. No testcase added because even without this bug it would then crash in pop_fail_stack which is bug 11053. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-911-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Nov 11 11:27:17 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 85937 invoked by alias); 11 Nov 2019 11:27:17 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 85823 invoked by uid 55); 11 Nov 2019 11:27:13 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/11053] Wrong results with backreferences Date: Mon, 11 Nov 2019 11:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.11 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bonzini at gnu dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-11/txt/msg00001.txt.bz2 Content-length: 916 https://sourceware.org/bugzilla/show_bug.cgi?id=11053 --- Comment #9 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Andreas Schwab : https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc141ea78ee3d87c67b18488827fe2d89c9343e7 commit fc141ea78ee3d87c67b18488827fe2d89c9343e7 Author: Andreas Schwab Date: Wed Oct 30 10:38:36 2019 +0100 Fix array bounds violation in regex matcher (bug 25149) If the regex has more subexpressions than the number of elements allocated in the regmatch_t array passed to regexec then proceed_next_node may access the regmatch_t array outside its bounds. No testcase added because even without this bug it would then crash in pop_fail_stack which is bug 11053. -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-915-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Nov 11 11:49:50 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 120921 invoked by alias); 11 Nov 2019 11:49:50 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 120582 invoked by uid 48); 11 Nov 2019 11:49:46 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/11053] Wrong results with backreferences Date: Mon, 11 Nov 2019 11:49:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.11 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bonzini at gnu dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: dependson Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-11/txt/msg00004.txt.bz2 Content-length: 504 https://sourceware.org/bugzilla/show_bug.cgi?id=11053 Andreas Schwab changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |25149 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=25149 [Bug 25149] Array bounds violation in proceed_next_node -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-914-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Nov 11 11:49:50 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 120811 invoked by alias); 11 Nov 2019 11:49:49 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 120549 invoked by uid 48); 11 Nov 2019 11:49:45 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/11053] Wrong results with backreferences Date: Mon, 11 Nov 2019 11:49:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: dep_changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.11 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bonzini at gnu dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-11/txt/msg00005.txt.bz2 Content-length: 555 https://sourceware.org/bugzilla/show_bug.cgi?id=11053 Bug 11053 depends on bug 25149, which changed state. Bug 25149 Summary: Array bounds violation in proceed_next_node https://sourceware.org/bugzilla/show_bug.cgi?id=25149 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-913-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Mon Nov 11 11:49:49 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 120637 invoked by alias); 11 Nov 2019 11:49:49 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 120527 invoked by uid 48); 11 Nov 2019 11:49:45 -0000 From: "schwab@linux-m68k.org" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/25149] Array bounds violation in proceed_next_node Date: Mon, 11 Nov 2019 11:49:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schwab@linux-m68k.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.31 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status blocked resolution target_milestone Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-11/txt/msg00003.txt.bz2 Content-length: 740 https://sourceware.org/bugzilla/show_bug.cgi?id=25149 Andreas Schwab changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Blocks| |11053 Resolution|--- |FIXED Target Milestone|--- |2.31 --- Comment #2 from Andreas Schwab --- Fixed in 2.31. Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=11053 [Bug 11053] Wrong results with backreferences -- You are receiving this mail because: You are on the CC list for the bug. >From glibc-bugs-regex-return-916-listarch-glibc-bugs-regex=sources.redhat.com@sourceware.org Sun Dec 29 20:35:08 2019 Return-Path: Delivered-To: listarch-glibc-bugs-regex@sources.redhat.com Received: (qmail 118812 invoked by alias); 29 Dec 2019 20:35:07 -0000 Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org Delivered-To: mailing list glibc-bugs-regex@sourceware.org Received: (qmail 118766 invoked by uid 48); 29 Dec 2019 20:35:03 -0000 From: "eggert at cs dot ucla.edu" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/25322] New: regex mishandles back-references inside interval expressions Date: Sun, 29 Dec 2019 20:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-12/txt/msg00000.txt.bz2 Content-length: 1251 https://sourceware.org/bugzilla/show_bug.cgi?id=25322 Bug ID: 25322 Summary: regex mishandles back-references inside interval expressions Product: glibc Version: 2.30 Status: NEW Severity: normal Priority: P2 Component: regex Assignee: unassigned at sourceware dot org Reporter: eggert at cs dot ucla.edu CC: drepper.fsp at gmail dot com Target Milestone: --- Created attachment 12153 --> https://sourceware.org/bugzilla/attachment.cgi?id=12153&action=edit C program illustrating bug with back-references inside intervals The glibc regular expression code mishandles regular expressions such as: .*((.)\2){2}$ as it does not backtrack enough to find a match that satisfies the back-references when they are used twice. To reproduce the problem, compile and run the attached file backrefbug.c. It will exit with status 2, whereas the correct exit status is 0. This bug was originally reported against GNU 'grep' here: https://bugs.gnu.org/26864 and you can find more test cases by reading that bug report. -- You are receiving this mail because: You are on the CC list for the bug.