public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
@ 2010-10-11 15:47 ` drepper.fsp at gmail dot com
2010-10-11 21:46 ` ppluzhnikov at google dot com
` (5 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: drepper.fsp at gmail dot com @ 2010-10-11 15:47 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
Ulrich Drepper <drepper.fsp at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Ulrich Drepper <drepper.fsp at gmail dot com> 2010-10-11 15:47:22 UTC ---
Should be fixed in git.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
2010-10-11 15:47 ` [Bug libc/12078] regcomp with invalid expression leaks memory drepper.fsp at gmail dot com
@ 2010-10-11 21:46 ` ppluzhnikov at google dot com
2010-10-12 2:50 ` drepper.fsp at gmail dot com
` (4 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-11 21:46 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
--- Comment #4 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2010-10-11 21:46:51 UTC ---
Created attachment 5050
--> http://sourceware.org/bugzilla/attachment.cgi?id=5050
slightly modified form of posix/bug-regex31.c
Only the specific instance of the bug has been fixed, but regcomp() can still
leak arbitrary amount of memory :-(
I've modified the test case to allow REGEX to be specified on command line.
Here is what I see:
gcc -g /tmp/bug-regex31.c
valgrind --leak-check=yes ./a.out
...
==29536== in use at exit: 32 bytes in 1 blocks
...
(This is *before* the fix.)
gcc -g /tmp/bug-regex31.c -Wl,-rpath=.,--dynamic-linker=./ld.so && valgrind
--leak-check=yes ./a.out
...
==29829== in use at exit: 0 bytes in 0 blocks
(This is after the fix, so far so good.)
But:
gcc -g '-DREGEX="([0]([0])"' /tmp/bug-regex31.c
-Wl,-rpath=.,--dynamic-linker=./ld.so && valgrind --leak-check=yes ./a.out
==30196== definitely lost: 64 bytes in 2 blocks
gcc -g '-DREGEX="([0]([0])([0])"' /tmp/bug-regex31.c
-Wl,-rpath=.,--dynamic-linker=./ld.so && valgrind --leak-check=yes ./a.out
==30260== definitely lost: 96 bytes in 3 blocks
gcc -g '-DREGEX="([0]([0])([0])([0])"' /tmp/bug-regex31.c
-Wl,-rpath=.,--dynamic-linker=./ld.so && valgrind --leak-check=yes ./a.out
==30328== definitely lost: 128 bytes in 4 blocks
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
2010-10-11 15:47 ` [Bug libc/12078] regcomp with invalid expression leaks memory drepper.fsp at gmail dot com
2010-10-11 21:46 ` ppluzhnikov at google dot com
@ 2010-10-12 2:50 ` drepper.fsp at gmail dot com
2010-10-12 4:58 ` ppluzhnikov at google dot com
` (3 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: drepper.fsp at gmail dot com @ 2010-10-12 2:50 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
--- Comment #5 from Ulrich Drepper <drepper.fsp at gmail dot com> 2010-10-12 02:50:02 UTC ---
(In reply to comment #4)
> Only the specific instance of the bug has been fixed, but regcomp() can still
> leak arbitrary amount of memory :-(
Try the current git code.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
` (2 preceding siblings ...)
2010-10-12 2:50 ` drepper.fsp at gmail dot com
@ 2010-10-12 4:58 ` ppluzhnikov at google dot com
2010-10-12 5:04 ` ppluzhnikov at google dot com
` (2 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-12 4:58 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
Paul Pluzhnikov <ppluzhnikov at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #6 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2010-10-12 04:58:29 UTC ---
(In reply to comment #5)
> Try the current git code.
Thanks. This fixed all the patterns I had so far.
However, this pattern still leaks: "([0]([0]([0([0])".
Making a systematic/exhaustive search ...
The smallest pattern that causes a leak is 4-characters.
Here are all 4-character patterns that currently cause a leak:
[[][
[[](
[0][
[0](
[(][
[(](
[)][
[)](
[]][
[]](
All of the above leak 1 32-byte chunk, and there is a definite pattern to them,
so probably all are caused by the same bug:
==12334== 320 bytes in 10 blocks are definitely lost in loss record 1 of 1
==12334== at 0x4C24185: calloc
/tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:506
==12334== by 0x4EE61D8: parse_expression /glibc-git/posix/regcomp.c:3028
==12334== by 0x4EE7B80: parse_branch /glibc-git/posix/regcomp.c:2153
==12334== by 0x4EE7C9D: parse_reg_exp /glibc-git/posix/regcomp.c:2112
==12334== by 0x4EE80B0: re_compile_internal /glibc-git/posix/regcomp.c:2081
==12334== by 0x4EE9320: regcomp /glibc-git/posix/regcomp.c:500
==12334== by 0x400764: main /tmp/build-glibc-git/bug-regex31.c:23
Extending to all possible 5-character patterns, I see what appears to be two
new leaks (in addition to the one above):
==12555== 960 bytes in 30 blocks are definitely lost in loss record 2 of 3
==12555== at 0x4C24185: calloc
/tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:506
==12555== by 0x4EE61D8: parse_expression /glibc-git/posix/regcomp.c:3028
==12555== by 0x4EE7BBF: parse_branch /glibc-git/posix/regcomp.c:2160
==12555== by 0x4EE7C9D: parse_reg_exp /glibc-git/posix/regcomp.c:2112
==12555== by 0x4EE80B0: re_compile_internal /glibc-git/posix/regcomp.c:2081
==12555== by 0x4EE9320: regcomp /glibc-git/posix/regcomp.c:500
==12555== by 0x400764: main /tmp/build-glibc-git/bug-regex31.c:23
==12555==
==12555== 3,680 bytes in 115 blocks are definitely lost in loss record 3 of 3
==12555== at 0x4C24185: calloc
/tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:506
==12555== by 0x4EE61D8: parse_expression /glibc-git/posix/regcomp.c:3028
==12555== by 0x4EE7B80: parse_branch /glibc-git/posix/regcomp.c:2153
==12555== by 0x4EE7C9D: parse_reg_exp /glibc-git/posix/regcomp.c:2112
==12555== by 0x4EE80B0: re_compile_internal /glibc-git/posix/regcomp.c:2081
==12555== by 0x4EE9320: regcomp/glibc-git/posix/regcomp.c:500
==12555== by 0x400764: main /tmp/build-glibc-git/bug-regex31.c:23
For all 6-character patterns, I see 3 additional leaks.
I'll attach my pattern generator and modified bug-regex31.c shortly.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
` (3 preceding siblings ...)
2010-10-12 4:58 ` ppluzhnikov at google dot com
@ 2010-10-12 5:04 ` ppluzhnikov at google dot com
2010-10-12 5:06 ` ppluzhnikov at google dot com
2010-10-13 22:59 ` ppluzhnikov at google dot com
6 siblings, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-12 5:04 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
--- Comment #7 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2010-10-12 05:04:15 UTC ---
Created attachment 5051
--> http://sourceware.org/bugzilla/attachment.cgi?id=5051
slightly modified bug-regex31.c -- regfree on success
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
` (4 preceding siblings ...)
2010-10-12 5:04 ` ppluzhnikov at google dot com
@ 2010-10-12 5:06 ` ppluzhnikov at google dot com
2010-10-13 22:59 ` ppluzhnikov at google dot com
6 siblings, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-12 5:06 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
--- Comment #8 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2010-10-12 05:05:51 UTC ---
Created attachment 5052
--> http://sourceware.org/bugzilla/attachment.cgi?id=5052
pattern generator; run e.g. "perl gen.pl 4 | ./bug-regex31"
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
` (5 preceding siblings ...)
2010-10-12 5:06 ` ppluzhnikov at google dot com
@ 2010-10-13 22:59 ` ppluzhnikov at google dot com
6 siblings, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-13 22:59 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
Paul Pluzhnikov <ppluzhnikov at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |FIXED
--- Comment #9 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2010-10-13 22:59:11 UTC ---
The last commit:
http://repo.or.cz/w/glibc.git/commit/b833d51fbbf78b38c6ff68074c22d3fe3ddd0ce3
fixed all patterns up to 10 characters in length.
Using extended gen.pl which also emits '.', '?', '^', etc.
I found no leaks for all patterns up to 8 characters.
This is probably as good as one can hope for.
Thanks for fixing this!
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
2010-10-01 12:46 [Bug libc/12078] New: " ppluzhnikov at google dot com
2010-10-01 12:52 ` [Bug libc/12078] " ppluzhnikov at google dot com
@ 2010-10-01 14:58 ` ppluzhnikov at google dot com
1 sibling, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-01 14:58 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From ppluzhnikov at google dot com 2010-10-01 14:58 -------
Created an attachment (id=5026)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=5026&action=view)
what appears to be minimal test case
--
What |Removed |Added
----------------------------------------------------------------------------
Attachment #5023 is|0 |1
obsolete| |
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/12078] regcomp with invalid expression leaks memory
2010-10-01 12:46 [Bug libc/12078] New: " ppluzhnikov at google dot com
@ 2010-10-01 12:52 ` ppluzhnikov at google dot com
2010-10-01 14:58 ` ppluzhnikov at google dot com
1 sibling, 0 replies; 9+ messages in thread
From: ppluzhnikov at google dot com @ 2010-10-01 12:52 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From ppluzhnikov at google dot com 2010-10-01 12:51 -------
Created an attachment (id=5023)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=5023&action=view)
test case
--
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2010-10-13 22:59 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-12078-131@http.sourceware.org/bugzilla/>
2010-10-11 15:47 ` [Bug libc/12078] regcomp with invalid expression leaks memory drepper.fsp at gmail dot com
2010-10-11 21:46 ` ppluzhnikov at google dot com
2010-10-12 2:50 ` drepper.fsp at gmail dot com
2010-10-12 4:58 ` ppluzhnikov at google dot com
2010-10-12 5:04 ` ppluzhnikov at google dot com
2010-10-12 5:06 ` ppluzhnikov at google dot com
2010-10-13 22:59 ` ppluzhnikov at google dot com
2010-10-01 12:46 [Bug libc/12078] New: " ppluzhnikov at google dot com
2010-10-01 12:52 ` [Bug libc/12078] " ppluzhnikov at google dot com
2010-10-01 14:58 ` ppluzhnikov at google dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).