On Mon, Dec 11, 2017 at 12:44 PM, Jeremy Feusi <jeremy@feusi.co> wrote:
> Hi,
> I am working on a project for school in which I use afl to find bugs in
> software and I decided to fuzz grep. In doing so I discovered a
> segfault. When using gdb, the location of the segfault varies, which
> puzzles me and so I cannot include any further information.
> The command to obtain this bug is:
> grep -o -E -f <seg-file>
> where <seg-file> is the file attached.
>
> I am using grep 3.1 on arch linux.
> cheers
> Jeremy

Thank you for the report.

This has been an issue since about grep-2.6.1.
It gave a proper diagnostic until 2.5.4:

  $ grep-2.5.4/bin/grep -E -f <(printf %080000d 0|tr 0 '(')
  grep-2.5.4/bin/grep: Unmatched ( or \(
  [Exit 2]

Starting in approximately 2.6.1 (I don't have 2.6.0 handy) it
would fail like this:

  $ grep-2.6.1/bin/grep -E -f <(printf %080000d 0|tr 0 '(')
  Segmentation fault (core dumped)

Using the latest with -P works fine:

  $ grep -P -f <(printf %080000d 0|tr 0 '(')
  grep: parentheses are too deeply nested
  [Exit 2]

Here's a nearly-complete patch to make grep diagnose the generic
"stack overflow" problem: