bug#34238: Assertion `num >= 0' failed at regexec.c:1363

Hongxu Chen Mon, 28 Jan 2019 18:58:19 -0800

Hi,

    GNU grep 3.3.7-8df7 (and other versions such as 3.1) may trigger an
assertion failure by executing the following command.


    echo | grep -f regex.grep

Reading symbols from ./grep...done.
gdb$ run
Starting program: /home/hongxu/FOT/grep-asan/install/bin/grep -q -f
assert_regexec.c:1363.grep assert_regexec.c:1363.input
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
grep: ./regexec.c:1363: Idx pop_fail_stack(struct re_fail_stack_t *, Idx *,
Idx, regmatch_t *, re_node_set *): Assertion `num >= 0' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6bd1801 in __GI_abort () at abort.c:79
#2  0x00007ffff6bc139a in __assert_fail_base (fmt=0x7ffff6d487d8
"%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5f8d20
<.str.26> "num >= 0", file=file@entry=0x5f8a60 <.str.22> "./regexec.c",
line=line@entry=0x553, function=function@entry=0x5f8d60
<__PRETTY_FUNCTION__.pop_fail_stack> "Idx pop_fail_stack(struct
re_fail_stack_t *, Idx *, Idx, regmatch_t *, re_node_set *)") at assert.c:92
#3  0x00007ffff6bc1412 in __GI___assert_fail (assertion=0x5f8d20 <.str.26>
"num >= 0", file=0x5f8a60 <.str.22> "./regexec.c", line=0x553,
function=0x5f8d60 <__PRETTY_FUNCTION__.pop_fail_stack> "Idx
pop_fail_stack(struct re_fail_stack_t *, Idx *, Idx, regmatch_t *,
re_node_set *)") at assert.c:101
#4  0x00000000005d08f3 in pop_fail_stack (fs=0x7fffffffa3c0,
pidx=0x7fffffffa360, nregs=0x4, regs=0x606000000740,
eps_via_nodes=0x7fffffffa380) at ./regexec.c:1363
#5  0x00000000005b691b in set_regs (preg=0x60c000000380,
mctx=0x7fffffffa6a0, nmatch=0x4, pmatch=0x606000000740, fl_backtrack=0x1)
at ./regexec.c:1467
#6  0x0000000000588820 in re_search_internal (preg=0x60c000000380,
string=0x7fffffffb8d1 "\n", length=0x0, start=0x0, last_start=0x0,
stop=0x0, nmatch=0x4, pmatch=0x606000000740, eflags=0x0) at ./regexec.c:864
#7  0x0000000000589aa8 in re_search_stub (bufp=0x60c000000380,
string=0x7fffffffb8d1 "\n", length=0x0, start=0x0, range=0x0, stop=0x0,
regs=0x607000000430, ret_len=0x0) at ./regexec.c:425
#8  0x0000000000589e32 in rpl_re_search (bufp=0x60c000000380,
string=0x7fffffffb8d1 "\n", length=0x0, start=0x0, range=0x0,
regs=0x607000000430) at ./regexec.c:289
#9  0x00000000005160fe in EGexecute (vdc=0x607000000410, buf=0x7fffffffb8d1
"\n", size=0x1, match_size=0x7fffffffb8e0, start_ptr=0x0) at dfasearch.c:357
#10 0x000000000051abec in main (argc=0x5, argv=0x7fffffffbee8) at
grep.c:2894


    regex.grep is attached.

Best Regards,
Hongxu

regex.grep
Description: Binary data

bug#34238: Assertion `num >= 0' failed at regexec.c:1363

Reply via email to