From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by sourceware.org (Postfix) with ESMTPS id 4B76C388E807 for ; Tue, 5 May 2020 09:14:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4B76C388E807 Received: by mail-wm1-x32f.google.com with SMTP id y24so1447611wma.4 for ; Tue, 05 May 2020 02:14:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0GUyYPck371GSwNzHatD2z9fATkyciTRZD+Zt87RDrQ=; b=AY92e0eRA61EjdTW63TpG/Djsd8mGLul19ldp/na9dH2c898YXonOHhp9ATYyebt+d V5a9eCTDvG9nKOsHB6nJiQXuYAT1WGfrPyhqvxzgEvtWicPHXtlYTyA8jQE+yoxvHmNs Y2A3ZmYeaCQ/y3DC/4skrsSWmW/Go/6yaTHdWtTdCUFyz8Jn0irc6Ly74PEneXxOAs5n gLCd99pESa++Wq6psXg/aOjg8rzBNg9nrruIv+TJuuP9kTlHP84kGI3La+c7tWNtaJGL Tkeh09aw6+uLde2ALTvu1b89T3N3n9qxZ7y2iT5f856H/6JRScFqL7oTA3D08saPyhbK 87hA== X-Gm-Message-State: AGi0PubB3bFvdnxwEfOMzkzBKlwoE8qFuzUa8Cc0x39+gyKA7Hp3oh7u wJsPb8WE7z+3rsxTHeX7wf1mam8SWGZ0mJckNYg7yzTi9sE= X-Google-Smtp-Source: APiQypKHB2mz7Nn+LIwKJUjAc4D1qs+XsSxwXUxw1K2rK9nyrgRe3g74u1sGiBJKzK2WLLbKBHaffnwK5oAG8GuxazU= X-Received: by 2002:a1c:7d4b:: with SMTP id y72mr2392364wmc.11.1588670081147; Tue, 05 May 2020 02:14:41 -0700 (PDT) MIME-Version: 1.0 From: Raluca-Petronela Florea Date: Tue, 5 May 2020 12:14:30 +0300 Message-ID: Subject: Glibc - CVE-2015-8985 help To: libc-alpha@sourceware.org, adhemerval.zanella@linaro.org, debian-glibc@lists.debian.org X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 May 2020 09:14:43 -0000 Hello, I'm working on fixing some GLIBC vulnerabilities and I have an issue regarding CVE-2015-8985 - Assertion failure in pop_fail_stack when executing a malformed regexp Although it seems to be fixed in glibc 2.28, I've encountered the following issue testing on a Ubuntu 19.10 virtual machine with glibc 2.30-0ubuntu.2.1 the following program: pop_fail_stack.c #include #include #include int main(int argc, char **argv) { int rc; regex_t preg; regmatch_t pmatch[2]; rc = regcomp(&preg, "()*)|\\1)*", REG_EXTENDED); assert(rc == 0); regexec(&preg, "", 2, pmatch, 0); regfree(&preg); return 0; } *pop_fail_stack: pop_fail_stack.c:12: main: Assertion `rc == 0' failed.* *Aborted (core dumped)* As describes the Debian bug (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392), the test program compiles an invalid regexp and then tries to match a string against it, triggers an assertion: *pop_fail_stack: regexec.c:1401: pop_fail_stack: Assertion `num >= 0' failed. Aborted* So, in my scenario, the test program does not even successfully compile the invalid regexp. Did anyone encounter this issue? Could you please help me with this? Thank you, Raluca