Discussion:
[ast-developers] Matching in very short file triggers a valgrind hit with grep -S (shell pattern grep) in |_ast_regex()| ...
Roland Mainz
2013-06-17 16:10:38 UTC
Permalink
Hi!

----

The following testcase triggers a valgrind hit in ast-ksh.2013-06-11
on SuSE 12.3/AMD64/32bit build when the "grep" built does matching in
a very short (e.g. two bytes) file:
-- snip --
$ ~/vg/bin/valgrind ~/bin/ksh -c 'builtin grep ; grep -S "*foo*"
<(print "") ; true'
==10149== Memcheck, a memory error detector
==10149== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==10149== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==10149== Command: /home/test001/bin/ksh -c builtin\ grep\ ;\ grep\
-S\ "*foo*"\ \<(print\ "")\ ;\ true
[snip]
==10149== Use of uninitialised value of size 8
==10149== at 0x4F6B18: _ast_regrexec_20120528 (regrexec.c:75)
==10149== by 0x55F452: execute (grep.c:669)
==10149== by 0x56012B: grep (grep.c:985)
==10149== by 0x56049C: b_grep (grep.c:1077)
==10149== by 0x47BE51: sh_exec (xec.c:1357)
==10149== by 0x47EEB5: sh_exec (xec.c:2218)
==10149== by 0x40F474: exfile (main.c:599)
==10149== by 0x40E61B: sh_main (main.c:371)
==10149== by 0x40D750: main (pmain.c:45)
-- snip --

----

Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
Glenn Fowler
2013-06-18 05:58:39 UTC
Permalink
in src/lib/libast/regex/reg[nr]exec.c change

while ((index += skip[buf[index]]) < mid);

to

while (index < mid)
index += skip[buf[index]];
Post by Roland Mainz
Hi!
----
The following testcase triggers a valgrind hit in ast-ksh.2013-06-11
on SuSE 12.3/AMD64/32bit build when the "grep" built does matching in
-- snip --
$ ~/vg/bin/valgrind ~/bin/ksh -c 'builtin grep ; grep -S "*foo*"
<(print "") ; true'
==10149== Memcheck, a memory error detector
==10149== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==10149== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==10149== Command: /home/test001/bin/ksh -c builtin\ grep\ ;\ grep\
-S\ "*foo*"\ \<(print\ "")\ ;\ true
[snip]
==10149== Use of uninitialised value of size 8
==10149== at 0x4F6B18: _ast_regrexec_20120528 (regrexec.c:75)
==10149== by 0x55F452: execute (grep.c:669)
==10149== by 0x56012B: grep (grep.c:985)
==10149== by 0x56049C: b_grep (grep.c:1077)
==10149== by 0x47BE51: sh_exec (xec.c:1357)
==10149== by 0x47EEB5: sh_exec (xec.c:2218)
==10149== by 0x40F474: exfile (main.c:599)
==10149== by 0x40E61B: sh_main (main.c:371)
==10149== by 0x40D750: main (pmain.c:45)
-- snip --
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
Loading...