GNU bug report logs -
#19061
[PATCH] dfa: building superset, access to unallocated memory
Previous Next
Reported by: Norihiro Tanaka <noritnk <at> kcn.ne.jp>
Date: Sat, 15 Nov 2014 09:13:01 UTC
Severity: normal
Tags: patch
Done: Jim Meyering <jim <at> meyering.net>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 19061 <at> debbugs.gnu.org (full text, mbox):
On Sat, Nov 15, 2014 at 1:11 AM, Norihiro Tanaka <noritnk <at> kcn.ne.jp> wrote:
> If original DFA does not have any CSETs, no memory allocated for CSET.
> Even then DFA try to copy CSET from original DFA to the superset. As
> a result, it is caused to access to unallocated memory. We have no test
> case so that it is very difficult that we always reproduce this bug, as
> CSET may be added only one in building superset.
Thank you for the patch.
That seems like a fine change, but so far, I cannot see how
it avoids accessing uninitialized memory.
I do see that it fixes an error whereby memcpy was being
called with its 2nd argument NULL, though in each case,
the third argument is always 0. Passing a NULL pointer as
the 2nd argument to memcpy is officially "undefined
behavior", and I confirmed that building with gcc and its
"undefined behavior sanitizer", the problem was exposed,
and that your patch fixes it.
Do you know of a way to make grep crash, as stated in your
proposed NEWS entry? If so, please give details.
It is UB after all. Perhaps you found a system whose memcpy
dereferences the source pointer even when the size is 0?
This bug report was last modified 10 years and 189 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.