(forwarding to gnulib)
Hello,
Hongxu Chen reported a stack-overflow in regexec.
I suspect it is the same as the one reported here:
https://lists.gnu.org/r/bug-gnulib/2018-09/msg00066.html
But just in case, the full report is below.
regards,
- assaf
On 2019-01-19 10:58 p.m., Hongxu Chen wrote:
Hi,
Latest sed (4.7.4-f8503-dirty; and prior to this, e.g. 4.4) may trigger
a stack overflow error by executing the following command.
echo 0 | ./sed '/\(\)\(\1\(\)\1\(\)\)*/c0' # equivalently sed -f
c01.sed c01.in
ASan reports like this:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==26879==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea609bff8
(pc 0x0000005b0b76 bp 0x7ffea609c090 sp 0x7ffea609bf20 T0)
#0 0x5b0b75 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18
#1 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#2 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#3 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#4 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#5 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#6 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#7 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
...
#247 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#248 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
#249 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
SUMMARY: AddressSanitizer: stack-overflow
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18 in
check_dst_limits_calc_pos_1
==26879==ABORTING
Best Regards,
Hongxu
