From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E81EA386F44C; Thu, 7 May 2020 06:07:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E81EA386F44C From: "steve98 at gmail dot com" To: glibc-bugs-regex@sourceware.org Subject: [Bug regex/25934] re_token_t.mb_partial used before initialization Date: Thu, 07 May 2020 06:07:36 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.27 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: steve98 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs-regex@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs-regex mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 May 2020 06:07:37 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D25934 --- Comment #1 from Steven Li --- OK, I managed to create a simple problem to recreate this problem (on Ubuntu 18.04, using 2.27). The code is super simple: $ cat a.c #include #include #include int main() { char * pattern =3D "^[ab]*(c)$"; // any simpler, the problem goes away int flags =3D REG_ICASE; // has to be there for problem to appear setlocale(LC_CTYPE, ""); // without this, there is no problem regex_t regex; regcomp(®ex, pattern, flags); } The interesting thing is with the 1st 3 lines of code, each of them is a necessary condition for the problem. Compiling the code is easy enough: $ rm a.out; gcc a.c Running the code under Valgrind yields really interesting/disturbing result (with my home directory name masked out in the messages): $ valgrind --track-origins=3Dyes --leak-check=3Dyes ./a.out =3D=3D12322=3D=3D Memcheck, a memory error detector =3D=3D12322=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward = et al. =3D=3D12322=3D=3D Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyr= ight info =3D=3D12322=3D=3D Command: ./a.out =3D=3D12322=3D=3D =3D=3D12322=3D=3D Conditional jump or move depends on uninitialised value(s) =3D=3D12322=3D=3D at 0x4F2D13D: re_compile_fastmap_iter.isra.26 (regcomp= .c:328) =3D=3D12322=3D=3D by 0x4F3D3D0: __re_compile_fastmap (regcomp.c:280) =3D=3D12322=3D=3D by 0x4F3D3D0: regcomp (regcomp.c:509) =3D=3D12322=3D=3D by 0x108749: main (in [...]/a.out) =3D=3D12322=3D=3D Uninitialised value was created by a heap allocation =3D=3D12322=3D=3D at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D12322=3D=3D by 0x4F2DD6A: create_token_tree.isra.14.constprop.39 (regcomp.c:3749) =3D=3D12322=3D=3D by 0x4F35885: parse_expression (regcomp.c:2356) =3D=3D12322=3D=3D by 0x4F364CB: parse_branch (regcomp.c:2183) =3D=3D12322=3D=3D by 0x4F3668B: parse_reg_exp (regcomp.c:2138) =3D=3D12322=3D=3D by 0x4F36D7C: parse (regcomp.c:2107) =3D=3D12322=3D=3D by 0x4F36D7C: re_compile_internal (regcomp.c:788) =3D=3D12322=3D=3D by 0x4F3D331: regcomp (regcomp.c:498) =3D=3D12322=3D=3D by 0x108749: main (in [...]/a.out) =3D=3D12322=3D=3D =3D=3D12322=3D=3D Conditional jump or move depends on uninitialised value(s) =3D=3D12322=3D=3D at 0x4F2D13D: re_compile_fastmap_iter.isra.26 (regcomp= .c:328) =3D=3D12322=3D=3D by 0x4F3D3F0: __re_compile_fastmap (regcomp.c:282) =3D=3D12322=3D=3D by 0x4F3D3F0: regcomp (regcomp.c:509) =3D=3D12322=3D=3D by 0x108749: main (in /home/stevel/workspace/TDengine/= a.out) =3D=3D12322=3D=3D Uninitialised value was created by a heap allocation =3D=3D12322=3D=3D at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D12322=3D=3D by 0x4F2DD6A: create_token_tree.isra.14.constprop.39 (regcomp.c:3749) =3D=3D12322=3D=3D by 0x4F35885: parse_expression (regcomp.c:2356) =3D=3D12322=3D=3D by 0x4F364CB: parse_branch (regcomp.c:2183) =3D=3D12322=3D=3D by 0x4F3668B: parse_reg_exp (regcomp.c:2138) =3D=3D12322=3D=3D by 0x4F36D7C: parse (regcomp.c:2107) =3D=3D12322=3D=3D by 0x4F36D7C: re_compile_internal (regcomp.c:788) =3D=3D12322=3D=3D by 0x4F3D331: regcomp (regcomp.c:498) =3D=3D12322=3D=3D by 0x108749: main (in [...]/a.out) =3D=3D12322=3D=3D =3D=3D12322=3D=3D =3D=3D12322=3D=3D HEAP SUMMARY: =3D=3D12322=3D=3D in use at exit: 2,680 bytes in 48 blocks =3D=3D12322=3D=3D total heap usage: 82 allocs, 34 frees, 9,003 bytes allo= cated =3D=3D12322=3D=3D =3D=3D12322=3D=3D 256 bytes in 1 blocks are definitely lost in loss record = 35 of 39 =3D=3D12322=3D=3D at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D12322=3D=3D by 0x4F3D2C9: regcomp (regcomp.c:479) =3D=3D12322=3D=3D by 0x108749: main (in [...]/a.out) =3D=3D12322=3D=3D =3D=3D12322=3D=3D 2,424 (224 direct, 2,200 indirect) bytes in 1 blocks are = definitely lost in loss record 39 of 39 =3D=3D12322=3D=3D at 0x4C2FA3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D12322=3D=3D by 0x4C31D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D12322=3D=3D by 0x4F37CDB: re_compile_internal (regcomp.c:749) =3D=3D12322=3D=3D by 0x4F3D331: regcomp (regcomp.c:498) =3D=3D12322=3D=3D by 0x108749: main (in [...]/a.out) =3D=3D12322=3D=3D =3D=3D12322=3D=3D LEAK SUMMARY: =3D=3D12322=3D=3D definitely lost: 480 bytes in 2 blocks =3D=3D12322=3D=3D indirectly lost: 2,200 bytes in 46 blocks =3D=3D12322=3D=3D possibly lost: 0 bytes in 0 blocks =3D=3D12322=3D=3D still reachable: 0 bytes in 0 blocks =3D=3D12322=3D=3D suppressed: 0 bytes in 0 blocks =3D=3D12322=3D=3D =3D=3D12322=3D=3D For counts of detected and suppressed errors, rerun with:= -v =3D=3D12322=3D=3D ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 fr= om 0) --=20 You are receiving this mail because: You are on the CC list for the bug.=