Hi, The following crashes tac on my machine (6.10 and 6.11): -- $ echo > x; tac -r x x Segmentation fault --
The crash occurs in re_copy_regs and the error has to do with the code assuming regs->num_regs is initialized when it is not, in conjunction with the regs_allocated parameter. This results in the final loop scribbling -1 over varying and often large amounts of memory. It looks to me like the problem is re_copy_regs assuming the state of the re_pattern_buffer and the re_registers are in sync, but this doesn't hold when tac makes multiple re_search calls with the registers on the stack. - Daniel _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils
