public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug regex/17069] New: leak in regcomp
@ 2014-06-19 5:53 konstantin.s.serebryany at gmail dot com
2014-06-19 14:46 ` [Bug regex/17069] " fweimer at redhat dot com
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: konstantin.s.serebryany at gmail dot com @ 2014-06-19 5:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Bug ID: 17069
Summary: leak in regcomp
Product: glibc
Version: 2.20
Status: NEW
Severity: normal
Priority: P2
Component: regex
Assignee: unassigned at sourceware dot org
Reporter: konstantin.s.serebryany at gmail dot com
CC: drepper.fsp at gmail dot com
regcomp has a memory leak. Present in ancient 2.15 and in fresh trunk.
clang -fsanitize=address -g ./r.c && ASAN_OPTIONS=fast_unwind_on_malloc=0
./a.out 1
==1371==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4943d9 in calloc
#1 0x7fa25a3e57c3 in parse_bracket_exp glibc-trunk/posix/regcomp.c:3045
#2 0x7fa25a3e57c3 in parse_expression glibc-trunk/posix/regcomp.c:2265
#3 0x7fa25a3e9181 in parse_branch glibc-trunk/posix/regcomp.c:2193
#4 0x7fa25a3e9408 in parse_reg_exp glibc-trunk/posix/regcomp.c:2145
#5 0x7fa25a3ea156 in parse glibc-trunk/posix/regcomp.c:2114
#6 0x7fa25a3ea156 in re_compile_internal glibc-trunk/posix/regcomp.c:794
#7 0x7fa25a3ece0f in __regcomp glibc-trunk/posix/regcomp.c:501
#8 0x4b2c6e in main r.c:8
Valgrind sees it too:
gcc -std=c99 -g ./r.c && valgrind --leak-check=full ./a.out 1
==1895== 32 bytes in 1 blocks are definitely lost in loss record 1 of 1
==1895== at 0x4C2B1B8: calloc (vg_replace_malloc.c:618)
==1895== by 0x4F145DE: parse_expression (regcomp.c:3057)
==1895== by 0x4F1246F: parse_branch (regcomp.c:2170)
==1895== by 0x4F127BD: parse_reg_exp (regcomp.c:2122)
==1895== by 0x4F12CBF: re_compile_internal (regcomp.c:2091)
==1895== by 0x4F16E7E: regcomp (regcomp.c:506)
==1895== by 0x4005E9: main (r.c:8)
Running this test with large number of iterations you can see the leak in 'top'
#include <regex.h>
#include <stdlib.h>
int main(int argc, char **argv) {
long n = argc == 2 ? atol(argv[1]) : 1;
for (long i = 0; i < n; i++) {
regex_t r;
regcomp(&r, "[^[][:alpha:][:up[^perword:]\\{-2(?<!27,}�\\p.o\n"
"]�����+)][:x[digit:]]\\P{^Gothic}{-109,}^{235}NNNN{214,}{-83}\\z\\w", 0);
regfree(&r);
}
}
Found with the help of regfuzz
--
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-23885-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Jun 19 06:25:12 2014
Return-Path: <glibc-bugs-return-23885-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 8325 invoked by alias); 19 Jun 2014 06:25:11 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 8284 invoked by uid 48); 19 Jun 2014 06:25:07 -0000
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug stdio/14254] __wur on scanf and related functions is wrong
Date: Thu, 19 Jun 2014 06:25:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: stdio
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fweimer at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields: flagtypes.name
Message-ID: <bug-14254-131-ziRa2PGQXV@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-14254-131@http.sourceware.org/bugzilla/>
References: <bug-14254-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-06/txt/msg01261.txt.bz2
Content-length: 378
https://sourceware.org/bugzilla/show_bug.cgi?id\x14254
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
@ 2014-06-19 14:46 ` fweimer at redhat dot com
2014-06-19 17:01 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2014-06-19 14:46 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
2014-06-19 14:46 ` [Bug regex/17069] " fweimer at redhat dot com
@ 2014-06-19 17:01 ` cvs-commit at gcc dot gnu.org
2014-06-19 20:35 ` schwab@linux-m68k.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-06-19 17:01 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 4d43ef1e7434d7d419afbcd754931cb0c794763c (commit)
from 51a7380b8968251a49a4c5b0bc7ed1af5b0512c6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d43ef1e7434d7d419afbcd754931cb0c794763c
commit 4d43ef1e7434d7d419afbcd754931cb0c794763c
Author: Andreas Schwab <schwab@linux-m68k.org>
Date: Thu Jun 19 15:38:03 2014 +0200
Fix memory leak in regexp compiler (BZ #17069)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 12 ++++++++++++
posix/Makefile | 12 +++++++++---
.../bench-timing-type.c => posix/bug-regex36.c | 12 +++++++-----
posix/regcomp.c | 13 ++++++++++---
4 files changed, 38 insertions(+), 11 deletions(-)
copy benchtests/bench-timing-type.c => posix/bug-regex36.c (82%)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
2014-06-19 14:46 ` [Bug regex/17069] " fweimer at redhat dot com
2014-06-19 17:01 ` cvs-commit at gcc dot gnu.org
@ 2014-06-19 20:35 ` schwab@linux-m68k.org
2014-06-20 4:08 ` konstantin.s.serebryany at gmail dot com
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: schwab@linux-m68k.org @ 2014-06-19 20:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |2.20
--- Comment #2 from Andreas Schwab <schwab@linux-m68k.org> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (2 preceding siblings ...)
2014-06-19 20:35 ` schwab@linux-m68k.org
@ 2014-06-20 4:08 ` konstantin.s.serebryany at gmail dot com
2014-06-20 4:09 ` konstantin.s.serebryany at gmail dot com
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: konstantin.s.serebryany at gmail dot com @ 2014-06-20 4:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
--- Comment #3 from Kostya Serebryany <konstantin.s.serebryany at gmail dot com> ---
Created attachment 7651
--> https://sourceware.org/bugzilla/attachment.cgi?id=7651&action=edit
larger pattern
The leak on original reproducer is gone,
however on a larger pattern (attached) a very similar looking
leak is still present:
Direct leak of 192 byte(s) in 6 object(s) allocated from:
#0 0x494a39 in calloc
/home/kcc/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:95
#1 0x7f3f2ed1c14b in parse_bracket_exp glibc-trunk/posix/regcomp.c:3052
#2 0x7f3f2ed1c14b in parse_expression glibc-trunk/posix/regcomp.c:2265
#3 0x7f3f2ed1d48f in parse_branch glibc-trunk/posix/regcomp.c:2193
#4 0x7f3f2ed1d57d in parse_reg_exp glibc-trunk/posix/regcomp.c:2145
#5 0x7f3f2ed1d9c8 in parse glibc-trunk/posix/regcomp.c:2114
#6 0x7f3f2ed1d9c8 in re_compile_internal glibc-trunk/posix/regcomp.c:794
#7 0x7f3f2ed1ec10 in __regcomp glibc-trunk/posix/regcomp.c:501
#8 0x4b3338 in main (/home/kcc/tmp/a.out+0x4b3338)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (3 preceding siblings ...)
2014-06-20 4:08 ` konstantin.s.serebryany at gmail dot com
@ 2014-06-20 4:09 ` konstantin.s.serebryany at gmail dot com
2014-06-20 4:41 ` konstantin.s.serebryany at gmail dot com
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: konstantin.s.serebryany at gmail dot com @ 2014-06-20 4:09 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Kostya Serebryany <konstantin.s.serebryany at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #4 from Kostya Serebryany <konstantin.s.serebryany at gmail dot com> ---
reopening this bug instead of creating a new one because the remaining leak
looks very similar to the initial one.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (4 preceding siblings ...)
2014-06-20 4:09 ` konstantin.s.serebryany at gmail dot com
@ 2014-06-20 4:41 ` konstantin.s.serebryany at gmail dot com
2014-06-20 12:04 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: konstantin.s.serebryany at gmail dot com @ 2014-06-20 4:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
--- Comment #5 from Kostya Serebryany <konstantin.s.serebryany at gmail dot com> ---
Created attachment 7652
--> https://sourceware.org/bugzilla/attachment.cgi?id=7652&action=edit
build_charclass_op_leak.c
One more similarly looking leak, only differs in top frame: build_charclass_op
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x494a39 in calloc
/home/kcc/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:95
#1 0x7f8e3bed09da in build_charclass_op glibc-trunk/posix/regcomp.c:3598
#2 0x7f8e3bed1e9e in parse_expression glibc-trunk/posix/regcomp.c:2393
#3 0x7f8e3bed348f in parse_branch glibc-trunk/posix/regcomp.c:2193
#4 0x7f8e3bed357d in parse_reg_exp glibc-trunk/posix/regcomp.c:2145
#5 0x7f8e3bed39c8 in parse glibc-trunk/posix/regcomp.c:2114
#6 0x7f8e3bed39c8 in re_compile_internal glibc-trunk/posix/regcomp.c:794
#7 0x7f8e3bed4c10 in __regcomp glibc-trunk/posix/regcomp.c:501
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (5 preceding siblings ...)
2014-06-20 4:41 ` konstantin.s.serebryany at gmail dot com
@ 2014-06-20 12:04 ` cvs-commit at gcc dot gnu.org
2014-06-20 12:06 ` schwab@linux-m68k.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-06-20 12:04 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via aa6ec754f3b4b1df81d186480c534b6486a1e6ee (commit)
from 7892406e3591be24e64c12dbf7aa8ef5352d0dbc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=aa6ec754f3b4b1df81d186480c534b6486a1e6ee
commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee
Author: Andreas Schwab <schwab@linux-m68k.org>
Date: Fri Jun 20 12:41:27 2014 +0200
Fix another memory leak in regexp compiler (BZ #17069)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
NEWS | 2 +-
posix/bug-regex36.c | 4 ++--
posix/regcomp.c | 6 +++++-
4 files changed, 15 insertions(+), 4 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (6 preceding siblings ...)
2014-06-20 12:04 ` cvs-commit at gcc dot gnu.org
@ 2014-06-20 12:06 ` schwab@linux-m68k.org
2014-06-20 12:28 ` konstantin.s.serebryany at gmail dot com
2015-02-18 14:31 ` fweimer at redhat dot com
9 siblings, 0 replies; 11+ messages in thread
From: schwab@linux-m68k.org @ 2014-06-20 12:06 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |FIXED
--- Comment #7 from Andreas Schwab <schwab@linux-m68k.org> ---
Hopefully fixed for real now.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (7 preceding siblings ...)
2014-06-20 12:06 ` schwab@linux-m68k.org
@ 2014-06-20 12:28 ` konstantin.s.serebryany at gmail dot com
2015-02-18 14:31 ` fweimer at redhat dot com
9 siblings, 0 replies; 11+ messages in thread
From: konstantin.s.serebryany at gmail dot com @ 2014-06-20 12:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
--- Comment #8 from Kostya Serebryany <konstantin.s.serebryany at gmail dot com> ---
a reasonable round of fuzzing (with cflags=0) has shown no new leaks. Thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug regex/17069] leak in regcomp
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
` (8 preceding siblings ...)
2014-06-20 12:28 ` konstantin.s.serebryany at gmail dot com
@ 2015-02-18 14:31 ` fweimer at redhat dot com
9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2015-02-18 14:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--- Comment #14 from Florian Weimer <fweimer at redhat dot com> ---
Patterns have to be trusted for various reasons, so we do not treat this as a
security bug: https://sourceware.org/glibc/wiki/Security%20Exceptions
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2015-02-18 14:31 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-19 5:53 [Bug regex/17069] New: leak in regcomp konstantin.s.serebryany at gmail dot com
2014-06-19 14:46 ` [Bug regex/17069] " fweimer at redhat dot com
2014-06-19 17:01 ` cvs-commit at gcc dot gnu.org
2014-06-19 20:35 ` schwab@linux-m68k.org
2014-06-20 4:08 ` konstantin.s.serebryany at gmail dot com
2014-06-20 4:09 ` konstantin.s.serebryany at gmail dot com
2014-06-20 4:41 ` konstantin.s.serebryany at gmail dot com
2014-06-20 12:04 ` cvs-commit at gcc dot gnu.org
2014-06-20 12:06 ` schwab@linux-m68k.org
2014-06-20 12:28 ` konstantin.s.serebryany at gmail dot com
2015-02-18 14:31 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).