Dear maintainer, running grep 3.4 with the attached inputs, cause an invalid read in pop_fail_stack. the bug is confirmed for grep 3.3.75-afc5 (git version). I used the following command line: grep -f ./crashing_inp ./la_divin.txt this is the output of valgrind: ==7468== Memcheck, a memory error detector ==7468== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==7468== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==7468== Command: ./src/build/bin/grep -f ./crashing_inp ./la_divin.txt ==7468== ==7468== Invalid read of size 8 ==7468== at 0x128629: pop_fail_stack.isra.0 (regexec.c:1350) ==7468== by 0x12A61C: set_regs (regexec.c:1451) ==7468== by 0x12C411: re_search_internal (regexec.c:849) ==7468== by 0x130FFD: re_search_stub (regexec.c:425) ==7468== by 0x1316C3: rpl_re_search (regexec.c:289) ==7468== by 0x10DF0C: EGexecute (dfasearch.c:476) ==7468== by 0x10C7C5: main (grep.c:2905) ==7468== Address 0x4b33460 is 16 bytes after a block of size 192 free'd ==7468== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==7468== by 0x12B86C: sift_states_backward (regexec.c:1606) ==7468== by 0x12CCFD: prune_impossible_nodes (regexec.c:943) ==7468== by 0x12CCFD: re_search_internal (regexec.c:813) ==7468== by 0x130FFD: re_search_stub (regexec.c:425) ==7468== by 0x1316C3: rpl_re_search (regexec.c:289) ==7468== by 0x10DF0C: EGexecute (dfasearch.c:476) ==7468== by 0x10C7C5: main (grep.c:2905) ==7468== Block was alloc'd at ==7468== at 0x483DFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==7468== by 0x125ACC: re_node_set_add_intersect (regex_internal.c:1064) ==7468== by 0x12D223: add_epsilon_src_nodes (regexec.c:1792) ==7468== by 0x12D223: update_cur_sifted_state (regexec.c:1739) ==7468== by 0x12B630: sift_states_backward (regexec.c:1570) ==7468== by 0x12CCFD: prune_impossible_nodes (regexec.c:943) ==7468== by 0x12CCFD: re_search_internal (regexec.c:813) ==7468== by 0x130FFD: re_search_stub (regexec.c:425) ==7468== by 0x1316C3: rpl_re_search (regexec.c:289) ==7468== by 0x10DF0C: EGexecute (dfasearch.c:476) ==7468== by 0x10C7C5: main (grep.c:2905) ==7468== ==7468== Invalid read of size 8 ==7468== at 0x12862F: memcpy (string_fortified.h:34) ==7468== by 0x12862F: pop_fail_stack.isra.0 (regexec.c:1351) ==7468== by 0x12A61C: set_regs (regexec.c:1451) ==7468== by 0x12C411: re_search_internal (regexec.c:849) ==7468== by 0x130FFD: re_search_stub (regexec.c:425) ==7468== by 0x1316C3: rpl_re_search (regexec.c:289) ==7468== by 0x10DF0C: EGexecute (dfasearch.c:476) ==7468== by 0x10C7C5: main (grep.c:2905) ==7468== Address 0x4b33470 is 32 bytes before a block of size 96 in arena "client" ==7468== ==7468== Invalid read of size 8 ==7468== at 0x4842A7C: memmove (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==7468== by 0x12863A: memcpy (string_fortified.h:34) ==7468== by 0x12863A: pop_fail_stack.isra.0 (regexec.c:1351) ==7468== by 0x12A61C: set_regs (regexec.c:1451) ==7468== by 0x12C411: re_search_internal (regexec.c:849) ==7468== by 0x130FFD: re_search_stub (regexec.c:425) ==7468== by 0x1316C3: rpl_re_search (regexec.c:289) ==7468== by 0x10DF0C: EGexecute (dfasearch.c:476) ==7468== by 0x10C7C5: main (grep.c:2905) ==7468== Address 0xa0 is not stack'd, malloc'd or (recently) free'd ==7468== grep: stack overflow ==7468== ==7468== HEAP SUMMARY: ==7468== in use at exit: 57,775 bytes in 369 blocks ==7468== total heap usage: 1,337 allocs, 968 frees, 169,874 bytes allocated ==7468== ==7468== LEAK SUMMARY: ==7468== definitely lost: 232 bytes in 1 blocks ==7468== indirectly lost: 736 bytes in 14 blocks ==7468== possibly lost: 128 bytes in 1 blocks ==7468== still reachable: 56,679 bytes in 353 blocks ==7468== suppressed: 0 bytes in 0 blocks ==7468== Rerun with --leak-check=full to see details of leaked memory ==7468== ==7468== For lists of detected and suppressed errors, rerun with: -s ==7468== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0) -- Regards, Luca Borzacchiello