public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug regex/17356] New: regex assertion violation with triple backreferences
@ 2014-09-07 23:47 eggert at gnu dot org
  2014-09-23  0:11 ` [Bug regex/17356] " eggert at gnu dot org
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: eggert at gnu dot org @ 2014-09-07 23:47 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17356

            Bug ID: 17356
           Summary: regex assertion violation with triple backreferences
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
          Assignee: unassigned at sourceware dot org
          Reporter: eggert at gnu dot org
                CC: drepper.fsp at gmail dot com
             Flags: security+

Created attachment 7772
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7772&action=edit
Test for triple backreference regex bug

The attached program, which is a strictly conforming use of the POSIX regular
expression matcher, has undefined behavior with glibc.  On Fedora 20 x86-64 it
simply dumps core; on Ubuntu 14.04 x86-64 it outputs "regexec.c:1386:
pop_fail_stack: Assertion `num >= 0' failed" and then dumps core.  It works
fine on Solaris and AIX.

I expect that this bug has been in all glibc versions since Isamu Hasegawa's
circa-2002 rewrite of the regex code, and that the bug is in glibc 2.20 too,
though I haven't tested this.

Fixing this bug will not be trivial, I'm afraid.  I have not succeeded in
tracking down Mr. Hasegawa.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug regex/17356] regex assertion violation with triple backreferences
  2014-09-07 23:47 [Bug regex/17356] New: regex assertion violation with triple backreferences eggert at gnu dot org
@ 2014-09-23  0:11 ` eggert at gnu dot org
  2014-09-23  7:55 ` fweimer at redhat dot com
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: eggert at gnu dot org @ 2014-09-23  0:11 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17356

--- Comment #1 from Paul Eggert <eggert at gnu dot org> ---
This appears to be a duplicate of Bug#11053 so I'll try to resolve it as a
duplicate.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug regex/17356] regex assertion violation with triple backreferences
  2014-09-07 23:47 [Bug regex/17356] New: regex assertion violation with triple backreferences eggert at gnu dot org
  2014-09-23  0:11 ` [Bug regex/17356] " eggert at gnu dot org
@ 2014-09-23  7:55 ` fweimer at redhat dot com
  2022-09-07  4:30 ` eggert at cs dot ucla.edu
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-09-23  7:55 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17356

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |fweimer at redhat dot com
         Resolution|---                         |DUPLICATE
              Flags|security+                   |security-

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Duplicate of bug 11053, per comment #1.

*** This bug has been marked as a duplicate of bug 11053 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug regex/17356] regex assertion violation with triple backreferences
  2014-09-07 23:47 [Bug regex/17356] New: regex assertion violation with triple backreferences eggert at gnu dot org
  2014-09-23  0:11 ` [Bug regex/17356] " eggert at gnu dot org
  2014-09-23  7:55 ` fweimer at redhat dot com
@ 2022-09-07  4:30 ` eggert at cs dot ucla.edu
  2022-09-08 12:36 ` vincent-srcware at vinc17 dot net
  2022-09-08 17:03 ` [Bug regex/17356] regex misbehavior " eggert at cs dot ucla.edu
  4 siblings, 0 replies; 6+ messages in thread
From: eggert at cs dot ucla.edu @ 2022-09-07  4:30 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17356

eggert at cs dot ucla.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |eggert at cs dot ucla.edu
         Resolution|DUPLICATE                   |---
             Status|RESOLVED                    |REOPENED

--- Comment #3 from eggert at cs dot ucla.edu ---
Apparently I was incorrect when I wrote that this was a duplicate of Bug#11053
as that other bug is fixed but this one is not.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug regex/17356] regex assertion violation with triple backreferences
  2014-09-07 23:47 [Bug regex/17356] New: regex assertion violation with triple backreferences eggert at gnu dot org
                   ` (2 preceding siblings ...)
  2022-09-07  4:30 ` eggert at cs dot ucla.edu
@ 2022-09-08 12:36 ` vincent-srcware at vinc17 dot net
  2022-09-08 17:03 ` [Bug regex/17356] regex misbehavior " eggert at cs dot ucla.edu
  4 siblings, 0 replies; 6+ messages in thread
From: vincent-srcware at vinc17 dot net @ 2022-09-08 12:36 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17356

Vincent Lefèvre <vincent-srcware at vinc17 dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vincent-srcware at vinc17 dot net

--- Comment #4 from Vincent Lefèvre <vincent-srcware at vinc17 dot net> ---
(In reply to eggert from comment #3)
> Apparently I was incorrect when I wrote that this was a duplicate of
> Bug#11053 as that other bug is fixed but this one is not.

More precisely, the assertion violation was Bug#11053, which is fixed in glibc
2.35, but the test now fails: it gives no matches, while there should be a
match, since the regexp matches the empty string.

Test with grep:

vinc17@gcc92:~$ echo 'a' | grep -E '(.{0,1})(.{0,1})\2\1'
a
vinc17@gcc92:~$ echo 'a' | grep -E '(.{0,1})(.{0,1})(.{0,1})\3\2\1'
vinc17@gcc92:~$ 

(with only 2 backreferences, this is OK, but not with 3).

The bug could be retitled.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [Bug regex/17356] regex misbehavior with triple backreferences
  2014-09-07 23:47 [Bug regex/17356] New: regex assertion violation with triple backreferences eggert at gnu dot org
                   ` (3 preceding siblings ...)
  2022-09-08 12:36 ` vincent-srcware at vinc17 dot net
@ 2022-09-08 17:03 ` eggert at cs dot ucla.edu
  4 siblings, 0 replies; 6+ messages in thread
From: eggert at cs dot ucla.edu @ 2022-09-08 17:03 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17356

eggert at cs dot ucla.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|regex assertion violation   |regex misbehavior with
                   |with triple backreferences  |triple backreferences

--- Comment #5 from eggert at cs dot ucla.edu ---
(In reply to Vincent Lefèvre from comment #4)

Thanks, I've retitled it from "regex assertion violation with triple
backreferences" to "regex misbehavior with triple backreferences".

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-09-08 17:03 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-07 23:47 [Bug regex/17356] New: regex assertion violation with triple backreferences eggert at gnu dot org
2014-09-23  0:11 ` [Bug regex/17356] " eggert at gnu dot org
2014-09-23  7:55 ` fweimer at redhat dot com
2022-09-07  4:30 ` eggert at cs dot ucla.edu
2022-09-08 12:36 ` vincent-srcware at vinc17 dot net
2022-09-08 17:03 ` [Bug regex/17356] regex misbehavior " eggert at cs dot ucla.edu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).