GNU bug report logs - #44538
grep -E might exhaust stack space

Previous Next

Package: grep;

Reported by: JIang Yuancheng <0599jiangyc <at> gmail.com>

Date: Mon, 9 Nov 2020 17:45:02 UTC

Severity: wishlist

To reply to this bug, email your comments to 44538 AT debbugs.gnu.org.

the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-grep <at> gnu.org:
bug#44538; Package grep. (2020年11月09日 17:45:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to JIang Yuancheng <0599jiangyc <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-grep <at> gnu.org. (2020年11月09日 17:45:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: JIang Yuancheng <0599jiangyc <at> gmail.com>
To: bug-grep <at> gnu.org
Cc: Kaihang Ji <kaihang <at> comp.nus.edu.sg>
Subject: grep -E might exhaust stack space
Date: 2020年11月10日 01:34:47 +0800

[Message part 1 (text/plain, inline)]
Hi,
grep -E ".*{10,}{10,}{10,}{10,}{10,}" can exhaust stack space then stack overflow comes out. (Tested on latest version 3.6)
jyc <at> ubuntu18:~/GREP/grep-3.6/src$ ./grep -E ".*{10,}{10,}{10,}{10,}{10,}" 
grep: stack overflow
Gdb information:
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x20 (' ')
RCX: 0x555555799010 --> 0x705070701010700 
RDX: 0x0 
RSI: 0x8 
RDI: 0x7ffff7b5dc40 --> 0x0 
RBP: 0xffffffffffffffb0 
RSP: 0x7fffff7fefa0 
RIP: 0x7ffff780637e (<_int_malloc+62>:	mov QWORD PTR [rsp+0x8],rsi)
R8 : 0x68b1d 
R9 : 0x0 
R10: 0x555555799010 --> 0x705070701010700 
R11: 0x0 
R12: 0x7ffff4d228f8 --> 0x0 
R13: 0x3458e8 
R14: 0x0 
R15: 0x55555579e460 --> 0x7ffff545e010 --> 0x2e ('.')
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
 0x7ffff7806373 <_int_malloc+51>:	test al,al
 0x7ffff7806375 <_int_malloc+53>:	jne 0x7ffff7806a58 <_int_malloc+1816>
 0x7ffff780637b <_int_malloc+59>:	test rdi,rdi
=> 0x7ffff780637e <_int_malloc+62>:	mov QWORD PTR [rsp+0x8],rsi
 0x7ffff7806383 <_int_malloc+67>:	mov r14,rdi
 0x7ffff7806386 <_int_malloc+70>:	je 0x7ffff7806a38 <_int_malloc+1784>
 0x7ffff780638c <_int_malloc+76>:	mov r15d,ebx
 0x7ffff780638f <_int_malloc+79>:	shr r15d,0x4
[------------------------------------stack-------------------------------------]
Invalid $SP address: 0x7fffff7fefa0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff780637e in _int_malloc (av=av <at> entry=0x7ffff7b5dc40 <main_arena>, bytes=bytes <at> entry=0x8)
 at malloc.c:3557
3557	malloc.c: No such file or directory.
ASAN:
=================================================================
==12861==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9c8afc8 (pc 0x7f9f6989dd2e bp 0x7fffe9c8b060 sp 0x7fffe9c8afd0 T0)
 #0 0x7f9f6989dd2d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
 #1 0x7f9f69954b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
 #2 0x555aa36928ec in re_node_set_alloc /home/jyc/GREP/grep-3.6/lib/regex_internal.c:973
 #3 0x555aa369f8cf in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1700
 #4 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
 #5 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
 #6 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
...
 #248 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
 #249 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
 #250 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
SUMMARY: AddressSanitizer: stack-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d) 
==12861==ABORTING
Thanks,
Yuancheng
[Message part 2 (text/html, inline)]
Information forwarded to bug-grep <at> gnu.org:
bug#44538; Package grep. (2021年8月28日 01:27:02 GMT) Full text and rfc822 format available.

Message #8 received at 44538 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: JIang Yuancheng <0599jiangyc <at> gmail.com>
Cc: 44538 <at> debbugs.gnu.org, Kaihang Ji <kaihang <at> comp.nus.edu.sg>
Subject: Re: bug#44538: grep -E might exhaust stack space
Date: 2021年8月27日 18:25:44 -0700

[Message part 1 (text/plain, inline)]
On 11/9/20 9:34 AM, JIang Yuancheng wrote:
> grep -E ".*{10,}{10,}{10,}{10,}{10,}" can exhaust stack space then stack overflow comes out. (Tested on latest version 3.6)
This is a longstanding issue with the regex matcher. I installed the 
attached patch to document the issue better. Fortunately, the problem is 
mostly limited to contrived examples.

[0001-doc-document-interval-expression-limitations.patch (text/x-patch, attachment)]
Severity set to 'wishlist' from 'normal' Request was from Paul Eggert <eggert <at> cs.ucla.edu> to control <at> debbugs.gnu.org. (2021年8月28日 01:29:01 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 131 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

AltStyle によって変換されたページ (->オリジナル) /