bug#29666: Segfault at changing location

Sat, 16 Dec 2017 11:45:19 -0800 

On Tue, Dec 12, 2017 at 9:47 AM, Jim Meyering <j...@meyering.net> wrote:
> On Mon, Dec 11, 2017 at 12:44 PM, Jeremy Feusi <jer...@feusi.co> wrote:
...
> Thank you for the report.
>
> This has been an issue since about grep-2.6.1.
> It gave a proper diagnostic until 2.5.4:
>
>   $ grep-2.5.4/bin/grep -E -f <(printf %080000d 0|tr 0 '(')
>   grep-2.5.4/bin/grep: Unmatched ( or \(
>   [Exit 2]
>
> Starting in approximately 2.6.1 (I don't have 2.6.0 handy) it
> would fail like this:
>
>   $ grep-2.6.1/bin/grep -E -f <(printf %080000d 0|tr 0 '(')
>   Segmentation fault (core dumped)
>
> Using the latest with -P works fine:
>
>   $ grep -P -f <(printf %080000d 0|tr 0 '(')
>   grep: parentheses are too deeply nested
>   [Exit 2]
>
> Here's a nearly-complete patch to make grep diagnose the generic
> "stack overflow" problem:

I found the root cause and filed a glibc bug for that (link below).
Here are the updated commit log and NEWS entry:

    grep: diagnose stack overflow rather than segfaulting
    * bootstrap.conf (gnulib_modules): Add c-stack.
    * src/grep.c: Include "c-stack.h".
    (main): Call c_stack_action (NULL);
    * tests/stack-overflow: New file.
    * tests/Makefile.am (TESTS): Add name of new file.
    * NEWS (Improvements): Mention it.
    Interestingly, this bug does not afflict grep-2.5.4 or prior,
    so it appeared to have been introduced with grep-2.6.  However,
    the origin is in glibc's regexp compiler, and I tracked it to
    stack-aware parsing that was removed from glibc's regexp in 2002.
    However, grep-2.5.4 was released in 2009.  That version worked
    (and still works, now) because it included and (by default) used
    an old copy of glibc's regexp code.
    Jeremy Feusi reported the grep segfault in https://bugs.gnu.org/29666.
    I reported the glibc regexp bug in
    https://sourceware.org/bugzilla/show_bug.cgi?id=22620

** Improvements

  grep now diagnoses stack overflow.  Before grep-2.6, the included
  regexp code would detect it.  Since 2.6, grep defaulted to using
  glibc's regexp, which lost that capability.

Here's the pushed commit:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=51ef8adb2f7eeb073ba98be4f6baf56817e4d358

Reply via email to