From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 10 18:43:32 2015 Received: (at submit) by debbugs.gnu.org; 10 Jan 2015 23:43:32 +0000 Received: from localhost ([127.0.0.1]:42227 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YA5gq-00083i-5A for submit@debbugs.gnu.org; Sat, 10 Jan 2015 18:43:32 -0500 Received: from eggs.gnu.org ([208.118.235.92]:38976) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YA5gm-00083X-Se for submit@debbugs.gnu.org; Sat, 10 Jan 2015 18:43:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YA5gl-0003uC-Of for submit@debbugs.gnu.org; Sat, 10 Jan 2015 18:43:28 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:44643) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YA5gl-0003tu-Lo for submit@debbugs.gnu.org; Sat, 10 Jan 2015 18:43:27 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40698) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YA5gk-0003P8-DT for bug-grep@gnu.org; Sat, 10 Jan 2015 18:43:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YA5gj-0003pb-IK for bug-grep@gnu.org; Sat, 10 Jan 2015 18:43:26 -0500 Received: from mail-ie0-x234.google.com ([2607:f8b0:4001:c03::234]:65016) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YA5gj-0003nr-9Q for bug-grep@gnu.org; Sat, 10 Jan 2015 18:43:25 -0500 Received: by mail-ie0-f180.google.com with SMTP id rp18so20510749iec.11 for ; Sat, 10 Jan 2015 15:43:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:cc:content-type; bh=bBnWU8gHMjIVWcn+uXr1tKWWrFxpuJ5DSfbhjQ5Jyzs=; b=r3f/lQprpfv1mANRFUG1jjPSWyePL+NN5p6Sa3Qo5mWCrWfIKobg05fGm0qdmI4NaW gGJVOXnG1Q/AiydTp9hICR5qKj1SBfGuwaUiLqSbkLfGjOAL2Fx9QuaPTBy+BoZI5DFJ Wv4hmJ6l4abop8+sXvTF8Yfdrf5GfdHdImaysoBpvd6FsHgr4qsgLRdA5miv3oGOeFZa G5Jpb7gIfdDh5PK6Qp1lm/CwDUE2RMDwc4yStGdsr4xZCeDQZ53XY5JHagBpSCfgncUF KK0VUF0OVVcjfFTelMES8vKAVeZ/HY1B7cW8cJ5HlkmotYheLcXAurj7a8packl1wkBZ 9xVg== X-Received: by 10.107.16.41 with SMTP id y41mr22275021ioi.41.1420933404241; Sat, 10 Jan 2015 15:43:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.107.197 with HTTP; Sat, 10 Jan 2015 15:43:02 -0800 (PST) From: Jim Meyering Date: Sat, 10 Jan 2015 15:43:02 -0800 X-Google-Sender-Auth: 0qGpsMheI24kdjB51au50xYvcww Message-ID: Subject: grep -F: fix a heap buffer (read) overrun To: bug-grep@gnu.org Content-Type: multipart/mixed; boundary=001a113f1d28cfa912050c54d685 X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit Cc: Yuliy Pisetsky , Nima Aghdaii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) --001a113f1d28cfa912050c54d685 Content-Type: text/plain; charset=ISO-8859-1 Colleagues Nima Aghdaii and Yuliy Pisetsky found and fixed a heap buffer overrun in grep's kwset.c. The underlying bug, already hard to trigger, would most often result in a "mere" heap UMR (uninitialized memory read), but Yuliy constructed inputs (see the new test) that cause a buffer overrun. I'm attaching two other related patches: - grep: avoid false-positive UMR - tests: add support for ASAN memory poisoning I expect to push these by Monday. --001a113f1d28cfa912050c54d685 Content-Type: application/octet-stream; name="0001-grep-avoid-false-positive-UMR.patch" Content-Disposition: attachment; filename="0001-grep-avoid-false-positive-UMR.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i4rmzu2f0 RnJvbSA5YWVkZDc5NzI5MTkzZDU3OTM5ZGQxNzE4NTBlYjJkNDRkMjhlZWNiIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gTWV5ZXJpbmcgPG1leWVyaW5nQGZiLmNvbT4KRGF0ZTog VGh1LCAxIEphbiAyMDE1IDE0OjU5OjAwIC0wODAwClN1YmplY3Q6IFtQQVRDSCAxLzNdIGdyZXA6 IGF2b2lkIGZhbHNlLXBvc2l0aXZlIFVNUgoKRm9yIHNvbWUgaW5wdXRzLCB2YWxncmluZCB3b3Vs ZCByZXBvcnQgYW4gdW5pbml0aWFsaXplZAptZW1vcnkgcmVhZCBlcnJvciwgYnV0IGl0IHdhcyBo YXJtbGVzcy4KKiBzcmMvZ3JlcC5jIChmaWxsYnVmKTogSW5pdGlhbGl6ZSB0aG9zZSB0cmFpbGlu ZyBieXRlcy4KLS0tCiBzcmMvZ3JlcC5jIHwgNiArKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA2IGlu c2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS9zcmMvZ3JlcC5jIGIvc3JjL2dyZXAuYwppbmRleCAy Mjc2ZTkzLi5jODVmYzZlIDEwMDY0NAotLS0gYS9zcmMvZ3JlcC5jCisrKyBiL3NyYy9ncmVwLmMK QEAgLTgxMCw2ICs4MTAsMTIgQEAgZmlsbGJ1ZiAoc2l6ZV90IHNhdmUsIHN0cnVjdCBzdGF0IGNv bnN0ICpzdCkKCiAgIGZpbGxzaXplID0gdW5kb3NzaWZ5X2lucHV0IChyZWFkYnVmLCBmaWxsc2l6 ZSk7CiAgIGJ1ZmxpbSA9IHJlYWRidWYgKyBmaWxsc2l6ZTsKKworICAvKiBJbml0aWFsaXplIHRo ZSBmb2xsb3dpbmcgd29yZCwgYmVjYXVzZSBza2lwX2Vhc3lfYnl0ZXMgYW5kIHNvbWUKKyAgICAg bWF0Y2hlcnMgcmVhZCAoYnV0IGRvIG5vdCB1c2UpIHRob3NlIGJ5dGVzLiAgVGhpcyBhdm9pZHMg ZmFsc2UKKyAgICAgcG9zaXRpdmUgcmVwb3J0cyBvZiB0aGVzZSBieXRlcyBiZWluZyB1c2VkIHVu aW5pdGlhbGl6ZWQuICAqLworICBtZW1zZXQgKGJ1ZmxpbSwgMCwgc2l6ZW9mICh1d29yZCkpOwor CiAgIHJldHVybiBjYzsKIH0KCi0tIAoyLjIuMQoK --001a113f1d28cfa912050c54d685 Content-Type: application/octet-stream; name="0002-grep-F-fix-a-heap-buffer-read-overrun.patch" Content-Disposition: attachment; filename="0002-grep-F-fix-a-heap-buffer-read-overrun.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i4rmzu331 RnJvbSA4M2E5NWJkOGM4NTYxODc1Yjk0OGNhZGQ0MTdjNjUzZGJlN2VmMmUyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBZdWxpeSBQaXNldHNreSA8eXBpc2V0c2t5QGZiLmNvbT4KRGF0 ZTogVGh1LCAxIEphbiAyMDE1IDE1OjM2OjU1IC0wODAwClN1YmplY3Q6IFtQQVRDSCAyLzNdIGdy ZXAgLUY6IGZpeCBhIGhlYXAgYnVmZmVyIChyZWFkKSBvdmVycnVuCgpncmVwJ3MgcmVhZCBidWZm ZXIgaXMgb2Z0ZW4gZmlsbGVkIHRvIGl0cyBmdWxsIHNpemUsIGV4Y2VwdCB3aGVuCnJlYWRpbmcg dGhlIGZpbmFsIGJ1ZmZlciBvZiBhIGZpbGUuICBJbiB0aGF0IGNhc2UsIHRoZSBudW1iZXIgb2YK Ynl0ZXMgcmVhZCBtYXkgYmUgZmFyIGxlc3MgdGhhbiB0aGUgc2l6ZSBvZiB0aGUgYnVmZmVyLiAg SG93ZXZlciwgZm9yCmNlcnRhaW4gdW51c3VhbCBwYXR0ZXJuL3RleHQgY29tYmluYXRpb25zLCBn cmVwIC1GIHdvdWxkIG1pc3Rha2VubHkKZXhhbWluZSBieXRlcyBpbiB0aGF0IHVuaW5pdGlhbGl6 ZWQgcmVnaW9uIG9mIG1lbW9yeSB3aGVuIHNlYXJjaGluZwpmb3IgYSBtYXRjaC4gIFdpdGggY2Fy ZWZ1bGx5IGNob3NlbiBpbnB1dHMsIG9uZSBjYW4gY2F1c2UgZ3JlcCAtRiB0bwpyZWFkIGJleW9u ZCB0aGUgZW5kIG9mIHRoYXQgYnVmZmVyIGFsdG9nZXRoZXIuICBUaGlzIHByb2JsZW0gYXJvc2Ug dmlhCmNvbW1pdCB2Mi4xOC05MC1nNzM4OTNmZiB3aXRoIHRoZSBpbnRyb2R1Y3Rpb24gb2YgYSBt b3JlIGVmZmljaWVudApoZXVyaXN0aWMgdXNpbmcgd2hhdCBpcyBub3cgdGhlIG1lbWNocl9rd3Nl dCBmdW5jdGlvbi4gVGhlIHVzZSBvZgp0aGF0IGZ1bmN0aW9uIGluIGJtZXhlY190cmFucyBjb3Vs ZCBsZWF2ZSBUUCBtdWNoIGxhcmdlciB0aGFuIEVQLAphbmQgdGhlIHN1YnNlcXVlbnQgY2FsbCB0 byBibV9kZWx0YTJfc2VhcmNoIHdvdWxkIG1pc3Rha2VubHkgYWNjZXNzCmJleW9uZCBlbmQgb2Yg dGhlIG1haW4gaW5wdXQgcmVhZCBidWZmZXIuCgoqIHNyYy9rd3NldC5jIChibWV4ZWNfdHJhbnMp OiBXaGVuIFRQIHJlYWNoZXMgb3IgZXhjZWVkcyBFUCwKZG8gbm90IGNhbGwgYm1fZGVsdGEyX3Nl YXJjaC4KKiB0ZXN0cy9rd3NldC1hYnVzZTogTmV3IGZpbGUuCiogdGVzdHMvTWFrZWZpbGUuYW0g KFRFU1RTKTogQWRkIGl0LgoqIFRIQU5LUy5pbjogVXBkYXRlLgoqIE5FV1MgKEJ1ZyBmaXhlcyk6 IE1lbnRpb24gaXQuCgpQcmlvciB0byB0aGlzIHBhdGNoLCB0aGlzIGNvbW1hbmQgd291bGQgdHJp Z2dlciBhIFVNUjoKCiAgcHJpbnRmICUwMzYwZGIgMCB8IHZhbGdyaW5kIHNyYy9ncmVwIC1GICQo cHJpbnRmICUwMTlkWGIgMCkKCiAgVXNlIG9mIHVuaW5pdGlhbGlzZWQgdmFsdWUgb2Ygc2l6ZSA4 CiAgICAgYXQgMHg0MTQyQkU6IGJtZXhlY190cmFucyAoa3dzZXQuYzo2NTcpCiAgICAgYnkgMHg0 MTQzQ0E6IGJtZXhlYyAoa3dzZXQuYzo2NzgpCiAgICAgYnkgMHg0MTQ5NzM6IGt3c2V4ZWMgKGt3 c2V0LmM6ODQ4KQogICAgIGJ5IDB4NDE0REM0OiBGZXhlY3V0ZSAoa3dzZWFyY2guYzoxMjgpCiAg ICAgYnkgMHg0MDRFMkU6IGdyZXBidWYgKGdyZXAuYzoxMjM4KQogICAgIGJ5IDB4NDA1NEJGOiBn cmVwIChncmVwLmM6MTQxNykKICAgICBieSAweDQwNUNFQjogZ3JlcGRlc2MgKGdyZXAuYzoxNjQ1 KQogICAgIGJ5IDB4NDA1RUMxOiBncmVwX2NvbW1hbmRfbGluZV9hcmcgKGdyZXAuYzoxNjkyKQog ICAgIGJ5IDB4NDA3N0Q0OiBtYWluIChncmVwLmM6MjU3MCkKClNlZSB0aGUgYWNjb21wYW55aW5n IHRlc3QgZm9yIGhvdyB0byB0cmlnZ2VyIHRoZSBoZWFwIGJ1ZmZlciBvdmVycnVuLgoKVGhhbmtz IHRvIE5pbWEgQWdoZGFpaSBmb3IgdGVzdGluZyBhbmQgZmluZGluZyBudW1lcm91cwp3YXlzIHRv IGJyZWFrIGVhcmx5IGl0ZXJhdGlvbnMgb2YgdGhpcyBwYXRjaC4KLS0tCiBORVdTICAgICAgICAg ICAgICB8ICA1ICsrKysrCiBUSEFOS1MuaW4gICAgICAgICB8ICAxICsKIHNyYy9rd3NldC5jICAg ICAgIHwgIDIgKysKIHRlc3RzL01ha2VmaWxlLmFtIHwgIDEgKwogdGVzdHMva3dzZXQtYWJ1c2Ug fCAzMiArKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKwogNSBmaWxlcyBjaGFuZ2VkLCA0 MSBpbnNlcnRpb25zKCspCiBjcmVhdGUgbW9kZSAxMDA3NTUgdGVzdHMva3dzZXQtYWJ1c2UKCmRp ZmYgLS1naXQgYS9ORVdTIGIvTkVXUwppbmRleCA5NzU0NDBkLi4zODM1ZDhkIDEwMDY0NAotLS0g YS9ORVdTCisrKyBiL05FV1MKQEAgLTIsNiArMiwxMSBAQCBHTlUgZ3JlcCBORVdTICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgLSotIG91dGxpbmUgLSotCgogKiBOb3Rld29ydGh5 IGNoYW5nZXMgaW4gcmVsZWFzZSA/Lj8gKD8/Pz8tPz8tPz8pIFs/XQoKKyoqIEJ1ZyBmaXhlcwor CisgIGdyZXAgbm8gbG9uZ2VyIHJlYWRzIGZyb20gdW5pbml0aWFsaXplZCBtZW1vcnkgb3IgZnJv bSBiZXlvbmQgdGhlIGVuZAorICBvZiB0aGUgaGVhcC1hbGxvY2F0ZWQgaW5wdXQgYnVmZmVyLgor CgogKiBOb3Rld29ydGh5IGNoYW5nZXMgaW4gcmVsZWFzZSAyLjIxICgyMDE0LTExLTIzKSBbc3Rh YmxlXQoKZGlmZiAtLWdpdCBhL1RIQU5LUy5pbiBiL1RIQU5LUy5pbgppbmRleCBhZWFmNTE2Li42 MjQ0NzhkIDEwMDY0NAotLS0gYS9USEFOS1MuaW4KKysrIGIvVEhBTktTLmluCkBAIC02Miw2ICs2 Miw3IEBAIE1pY2hhZWwgQWljaGxtYXlyICAgICAgICAgICAgICAgICAgIG1pa2xhQG54LmNvbQog TWlsZXMgQmFkZXIgICAgICAgICAgICAgICAgICAgICAgICAgbWlsZXNAY2NzLm10Lm5lYy5jby5q cAogTWlycmF6IE1pcnJheiAgICAgICAgICAgICAgICAgICAgICAgbWlycmF6MUByYW1ibGVyLnJ1 CiBOZWxzb24gSC4gRi4gQmVlYmUgICAgICAgICAgICAgICAgICBiZWViZUBtYXRoLnV0YWguZWR1 CitOaW1hIEFnaGRhaWkgICAgICAgICAgICAgICAgICAgICAgICBuYWdoZGFpaUBmYi5jb20KIE9s YWYgS2lyY2ggICAgICAgICAgICAgICAgICAgICAgICAgIG9raXJAbnMubHN0LmRlCiBQYXVsIEtp bW90byAgICAgICAgICAgICAgICAgICAgICAgICBraW1vdG9Ac3BhY2VuZXQudG4uY29ybmVsbC5l ZHUKIFDDqXRlciBSYWRpY3MgICAgICAgICAgICAgICAgICAgICAgICBtaXRjaG51bGxAZ21haWwu Y29tCmRpZmYgLS1naXQgYS9zcmMva3dzZXQuYyBiL3NyYy9rd3NldC5jCmluZGV4IDQwMDNjOGQu LjM3NmY3YzMgMTAwNjQ0Ci0tLSBhL3NyYy9rd3NldC5jCisrKyBiL3NyYy9rd3NldC5jCkBAIC02 NDMsNiArNjQzLDggQEAgYm1leGVjX3RyYW5zIChrd3NldF90IGt3c2V0LCBjaGFyIGNvbnN0ICp0 ZXh0LCBzaXplX3Qgc2l6ZSkKICAgICAgICAgICAgICAgICAgICAgaWYgKCEgdHApCiAgICAgICAg ICAgICAgICAgICAgICAgcmV0dXJuIC0xOwogICAgICAgICAgICAgICAgICAgICB0cCsrOworICAg ICAgICAgICAgICAgICAgICBpZiAoZXAgPD0gdHApCisgICAgICAgICAgICAgICAgICAgICAgYnJl YWs7CiAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgIH0KICAgICAgICAgICB9CmRp ZmYgLS1naXQgYS90ZXN0cy9NYWtlZmlsZS5hbSBiL3Rlc3RzL01ha2VmaWxlLmFtCmluZGV4IDJj YmEyY2QuLjA1MDhjZDIgMTAwNjQ0Ci0tLSBhL3Rlc3RzL01ha2VmaWxlLmFtCisrKyBiL3Rlc3Rz L01ha2VmaWxlLmFtCkBAIC03NSw2ICs3NSw3IEBAIFRFU1RTID0JCQkJCQlcCiAgIGluY29uc2lz dGVudC1yYW5nZQkJCQlcCiAgIGludmFsaWQtbXVsdGlieXRlLWluZmxvb3AJCQlcCiAgIGtoYWRh ZnkJCQkJCVwKKyAga3dzZXQtYWJ1c2UJCQkJCVwKICAgbG9uZy1saW5lLXZzLTJHaUItcmVhZAkJ CVwKICAgbWF0Y2gtbGluZXMJCQkJCVwKICAgbWF4LWNvdW50LW92ZXJyZWFkCQkJCVwKZGlmZiAt LWdpdCBhL3Rlc3RzL2t3c2V0LWFidXNlIGIvdGVzdHMva3dzZXQtYWJ1c2UKbmV3IGZpbGUgbW9k ZSAxMDA3NTUKaW5kZXggMDAwMDAwMC4uNmQ4ZWMwYwotLS0gL2Rldi9udWxsCisrKyBiL3Rlc3Rz L2t3c2V0LWFidXNlCkBAIC0wLDAgKzEsMzIgQEAKKyMhIC9iaW4vc2gKKyMgRXZva2UgYSBzZWdm YXVsdCBpbiBhIGhhcmQtdG8tcmVhY2ggY29kZSBwYXRoIG9mIGt3c2V0LmMuCisjIFRoaXMgYnVn IGFmZmVjdGVkIGdyZXAgdmVyc2lvbnMgMi4xOSB0aHJvdWdoIDIuMjEuCisjCisjIENvcHlyaWdo dCAoQykgMjAxNSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KKyMKKyMgVGhpcyBwcm9n cmFtIGlzIGZyZWUgc29mdHdhcmU6IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vciBtb2Rp ZnkKKyMgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5z ZSBhcyBwdWJsaXNoZWQgYnkKKyMgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgZWl0aGVy IHZlcnNpb24gMyBvZiB0aGUgTGljZW5zZSwgb3IKKyMgKGF0IHlvdXIgb3B0aW9uKSBhbnkgbGF0 ZXIgdmVyc2lvbi4KKworIyBUaGlzIHByb2dyYW0gaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUg dGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKKyMgYnV0IFdJVEhPVVQgQU5ZIFdBUlJBTlRZOyB3aXRo b3V0IGV2ZW4gdGhlIGltcGxpZWQgd2FycmFudHkgb2YKKyMgTUVSQ0hBTlRBQklMSVRZIG9yIEZJ VE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NFLiAgU2VlIHRoZQorIyBHTlUgR2VuZXJhbCBQ dWJsaWMgTGljZW5zZSBmb3IgbW9yZSBkZXRhaWxzLgorCisjIFlvdSBzaG91bGQgaGF2ZSByZWNl aXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlCisjIGFsb25nIHdp dGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBzZWUgPGh0dHA6Ly93d3cuZ251Lm9yZy9saWNlbnNl cy8+LgorCisuICIke3NyY2Rpcj0ufS9pbml0LnNoIjsgcGF0aF9wcmVwZW5kXyAuLi9zcmMKKwor ZmFpbD0wCisKKyMgVGhpcyB0ZXN0IGNhc2UgY2hvb3NlcyBhIGhheXN0YWNrIG9mIHNpemUgMjYw LDAwMCwgc2luY2UgcHJvZGRpbmcKKyMgd2l0aCBnZGIgc2hvd2VkIGEgcmVhbGxvY2F0aW9uIHNs aWdodGx5IGxhcmdlciB0aGFuIHRoYXQgaW4gZmlsbGJ1Zi4KKyMgVG8gcmVhY2ggdGhlIGJ1Z2d5 IGNvZGUsIHRoZSBuZWVkbGUgbXVzdCBoYXZlIGxlbmd0aCA8IDEvMTEgdGhhdCBvZgorIyB0aGUg aGF5c3RhY2ssIGFuZCAxMCwwMDAgaXMgYSBuaWNlIHJvdW5kIG51bWJlciB0aGF0IGZpdHMgdGhl IGJpbGwuCitwcmludGYgJyUwMjYwMDAwZFh5XG4nIDAgfCBncmVwIC1GICQocHJpbnRmICUwMTAw MDBkeSAwKQorCit0ZXN0ICQ/ID0gMSB8fCBmYWlsPTEKKworRXhpdCAkZmFpbAotLSAKMi4yLjEK Cg== --001a113f1d28cfa912050c54d685 Content-Type: application/octet-stream; name="0003-tests-add-support-for-ASAN-memory-poisoning.patch" Content-Disposition: attachment; filename="0003-tests-add-support-for-ASAN-memory-poisoning.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i4rmzu3a2 RnJvbSBkNGMzYmM5YzhlZGM3NmU0NTUwMDNjNmM4YWQ3NThkMWEzODJmN2M2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gTWV5ZXJpbmcgPG1leWVyaW5nQGZiLmNvbT4KRGF0ZTog U3VuLCA0IEphbiAyMDE1IDA3OjI4OjEzIC0wODAwClN1YmplY3Q6IFtQQVRDSCAzLzNdIHRlc3Rz OiBhZGQgc3VwcG9ydCBmb3IgQVNBTiBtZW1vcnkgcG9pc29uaW5nCgpUaGlzIGxldHMgdXMgcmVs aWFibHkgZGV0ZWN0IHdpdGggQVNBTiBzb21lIFVNUiBidWdzCnRoYXQgd291bGQgb3RoZXJ3aXNl IGJlIGRldGVjdGFibGUgb25seSBzb21lIG9mIHRoZSB0aW1lCndpdGggTVNBTi4gIFVzZSBBU0FO X1BPSVNPTl9NRU1PUllfUkVHSU9OIHRvIG1hcmsgdGhlIHVudXNlZApwb3J0aW9uIG9mIGEgcmVh ZCBidWZmZXIgYXMgaW5hY2Nlc3NpYmxlLiAgVGhlbiwgd2l0aCBBU0FOLAphbnkgYXR0ZW1wdCB0 byBhY2Nlc3MgdGhvc2UgYnl0ZXMgcmVzdWx0cyBpbiBhbiBBU0FOIGFib3J0LgoqIHNyYy9zeXN0 ZW0uaDogSW5jbHVkZSAiaWdub3JlLXZhbHVlLmgiLgooSEFWRV9BU0FOKTogRGVmaW5lIHdoZW4g YWRkcmVzcyBzYW5pdGl6ZXIgaXMgZW5hYmxlZC4KKiBzcmMvZ3JlcC5jIChBU0FOX1BPSVNPTl9N RU1PUllfUkVHSU9OKTogRGVmaW5lLgooQVNBTl9VTlBPSVNPTl9NRU1PUllfUkVHSU9OKTogRGVm aW5lLgotLS0KIHNyYy9ncmVwLmMgICB8ICAyICsrCiBzcmMvc3lzdGVtLmggfCA0MiArKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysKIDIgZmlsZXMgY2hhbmdlZCwgNDQg aW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3NyYy9ncmVwLmMgYi9zcmMvZ3JlcC5jCmluZGV4 IGM4NWZjNmUuLjNkNzlkNTMgMTAwNjQ0Ci0tLSBhL3NyYy9ncmVwLmMKKysrIGIvc3JjL2dyZXAu YwpAQCAtODE1LDYgKzgxNSw4IEBAIGZpbGxidWYgKHNpemVfdCBzYXZlLCBzdHJ1Y3Qgc3RhdCBj b25zdCAqc3QpCiAgICAgIG1hdGNoZXJzIHJlYWQgKGJ1dCBkbyBub3QgdXNlKSB0aG9zZSBieXRl cy4gIFRoaXMgYXZvaWRzIGZhbHNlCiAgICAgIHBvc2l0aXZlIHJlcG9ydHMgb2YgdGhlc2UgYnl0 ZXMgYmVpbmcgdXNlZCB1bmluaXRpYWxpemVkLiAgKi8KICAgbWVtc2V0IChidWZsaW0sIDAsIHNp emVvZiAodXdvcmQpKTsKKyAgQVNBTl9QT0lTT05fTUVNT1JZX1JFR0lPTiAoYnVmbGltICsgc2l6 ZW9mKHV3b3JkKSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYnVmYWxsb2MgLSAoYnVm bGltIC0gYnVmZmVyKSAtIHNpemVvZih1d29yZCkpOwoKICAgcmV0dXJuIGNjOwogfQpkaWZmIC0t Z2l0IGEvc3JjL3N5c3RlbS5oIGIvc3JjL3N5c3RlbS5oCmluZGV4IDFjYzJiZDMuLjA2MjUyYzQg MTAwNjQ0Ci0tLSBhL3NyYy9zeXN0ZW0uaAorKysgYi9zcmMvc3lzdGVtLmgKQEAgLTI2LDYgKzI2 LDcgQEAKICNpbmNsdWRlICJiaW5hcnktaW8uaCIKICNpbmNsdWRlICJjb25maWdtYWtlLmgiCiAj aW5jbHVkZSAiZGlybmFtZS5oIgorI2luY2x1ZGUgImlnbm9yZS12YWx1ZS5oIgogI2luY2x1ZGUg Im1pbm1heC5oIgogI2luY2x1ZGUgInNhbWUtaW5vZGUuaCIKCkBAIC02Nyw0ICs2OCw0NSBAQCB0 b191Y2hhciAoY2hhciBjaCkKCiBfR0xfSU5MSU5FX0hFQURFUl9FTkQKCisvKiBNYXJrIG1lbW9y eSByZWdpb24gW2FkZHIsIGFkZHIrc2l6ZSkgYXMgdW5hZGRyZXNzYWJsZS4KKyAgIFRoaXMgbWVt b3J5IG11c3QgYmUgcHJldmlvdXNseSBhbGxvY2F0ZWQgYnkgdGhlIHVzZXIgcHJvZ3JhbS4gIEFj Y2Vzc2luZworICAgYWRkcmVzc2VzIGluIHRoaXMgcmVnaW9uIGZyb20gaW5zdHJ1bWVudGVkIGNv ZGUgaXMgZm9yYmlkZGVuIHVudGlsCisgICB0aGlzIHJlZ2lvbiBpcyB1bnBvaXNvbmVkLiAgVGhp cyBmdW5jdGlvbiBpcyBub3QgZ3VhcmFudGVlZCB0byBwb2lzb24KKyAgIHRoZSB3aG9sZSByZWdp b24gLSBpdCBtYXkgcG9pc29uIG9ubHkgYSBzdWJyZWdpb24gb2YgW2FkZHIsIGFkZHIrc2l6ZSkK KyAgIGR1ZSB0byBBU2FuIGFsaWdubWVudCByZXN0cmljdGlvbnMuCisgICBNZXRob2QgaXMgTk9U IHRocmVhZC1zYWZlIGluIHRoZSBzZW5zZSB0aGF0IG5vIHR3byB0aHJlYWRzIGNhbgorICAgKHVu KXBvaXNvbiBtZW1vcnkgaW4gdGhlIHNhbWUgbWVtb3J5IHJlZ2lvbiBzaW11bHRhbmVvdXNseS4g ICovCit2b2lkIF9fYXNhbl9wb2lzb25fbWVtb3J5X3JlZ2lvbiAodm9pZCBjb25zdCB2b2xhdGls ZSAqYWRkciwgc2l6ZV90IHNpemUpOworCisvKiBNYXJrIG1lbW9yeSByZWdpb24gW2FkZHIsIGFk ZHIrc2l6ZSkgYXMgYWRkcmVzc2FibGUuCisgICBUaGlzIG1lbW9yeSBtdXN0IGJlIHByZXZpb3Vz bHkgYWxsb2NhdGVkIGJ5IHRoZSB1c2VyIHByb2dyYW0uICBBY2Nlc3NpbmcKKyAgIGFkZHJlc3Nl cyBpbiB0aGlzIHJlZ2lvbiBpcyBhbGxvd2VkIHVudGlsIHRoaXMgcmVnaW9uIGlzIHBvaXNvbmVk IGFnYWluLgorICAgVGhpcyBmdW5jdGlvbiBtYXkgdW5wb2lzb24gYSBzdXBlcnJlZ2lvbiBvZiBb YWRkciwgYWRkcitzaXplKSBkdWUgdG8KKyAgIEFTYW4gYWxpZ25tZW50IHJlc3RyaWN0aW9ucy4K KyAgIE1ldGhvZCBpcyBOT1QgdGhyZWFkLXNhZmUgaW4gdGhlIHNlbnNlIHRoYXQgbm8gdHdvIHRo cmVhZHMgY2FuCisgICAodW4pcG9pc29uIG1lbW9yeSBpbiB0aGUgc2FtZSBtZW1vcnkgcmVnaW9u IHNpbXVsdGFuZW91c2x5LiAgKi8KK3ZvaWQgX19hc2FuX3VucG9pc29uX21lbW9yeV9yZWdpb24g KHZvaWQgY29uc3Qgdm9sYXRpbGUgKmFkZHIsIHNpemVfdCBzaXplKTsKKworI2lmIGRlZmluZWQg X19jbGFuZ19fCisjIGlmIF9faGFzX2ZlYXR1cmUoYWRkcmVzc19zYW5pdGl6ZXIpCisjICBkZWZp bmUgSEFWRV9BU0FOIDEKKyMgZW5kaWYKKyNlbGlmIGRlZmluZWQgX19HTlVDX18gXAorICAmJiAo KChfX0dOVUNfXyA9PSA0KSAmJiAoX19HTlVDX01JTk9SX18gPj0gOCkpIHx8IChfX0dOVUNfXyA+ PSA1KSkgXAorICAmJiBfX1NBTklUSVpFX0FERFJFU1NfXworIyBkZWZpbmUgSEFWRV9BU0FOIDEK KyNlbmRpZgorCisjaWZkZWYgSEFWRV9BU0FOCisjIGRlZmluZSBBU0FOX1BPSVNPTl9NRU1PUllf UkVHSU9OKGFkZHIsIHNpemUpIFwKKyAgX19hc2FuX3BvaXNvbl9tZW1vcnlfcmVnaW9uICgoYWRk ciksIChzaXplKSkKKyMgZGVmaW5lIEFTQU5fVU5QT0lTT05fTUVNT1JZX1JFR0lPTihhZGRyLCBz aXplKSBcCisgIF9fYXNhbl91bnBvaXNvbl9tZW1vcnlfcmVnaW9uICgoYWRkciksIChzaXplKSkK KyNlbHNlCisjIGRlZmluZSBBU0FOX1BPSVNPTl9NRU1PUllfUkVHSU9OKGFkZHIsIHNpemUpIFwK KyAgKGlnbm9yZV92YWx1ZSAoYWRkciksIGlnbm9yZV92YWx1ZSAoc2l6ZSkpCisjIGRlZmluZSBB U0FOX1VOUE9JU09OX01FTU9SWV9SRUdJT04oYWRkciwgc2l6ZSkgXAorICAoaWdub3JlX3ZhbHVl IChhZGRyKSwgaWdub3JlX3ZhbHVlIChzaXplKSkKKyNlbmRpZgorCiAjZW5kaWYKLS0gCjIuMi4x Cgo= --001a113f1d28cfa912050c54d685-- From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 10 19:02:51 2015 Received: (at 19563) by debbugs.gnu.org; 11 Jan 2015 00:02:51 +0000 Received: from localhost ([127.0.0.1]:42233 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YA5zX-0000HH-6u for submit@debbugs.gnu.org; Sat, 10 Jan 2015 19:02:51 -0500 Received: from smtp.cs.ucla.edu ([131.179.128.62]:42843) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YA5zU-0000H7-S1 for 19563@debbugs.gnu.org; Sat, 10 Jan 2015 19:02:49 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 4EEA2A6000A; Sat, 10 Jan 2015 16:02:47 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mj+JnfkzHVj; Sat, 10 Jan 2015 16:02:47 -0800 (PST) Received: from [192.168.1.9] (pool-173-55-11-52.lsanca.fios.verizon.net [173.55.11.52]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id F264BA60006; Sat, 10 Jan 2015 16:02:46 -0800 (PST) Message-ID: <54B1BDA6.7000901@cs.ucla.edu> Date: Sat, 10 Jan 2015 16:02:46 -0800 From: Paul Eggert Organization: UCLA Computer Science Department User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Jim Meyering , 19563@debbugs.gnu.org Subject: Re: bug#19563: grep -F: fix a heap buffer (read) overrun References: In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 19563 Cc: Yuliy Pisetsky , Nima Aghdaii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Jim Meyering wrote: > +#if defined __clang__ > +# if __has_feature(address_sanitizer) > +# define HAVE_ASAN 1 > +# endif > +#elif defined __GNUC__ \ > + && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 8)) || (__GNUC__ >= 5)) \ > + && __SANITIZE_ADDRESS__ > +# define HAVE_ASAN 1 > +#endif How about the following instead? #ifndef __has_feature # define __has_feature(a) false #endif #if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer) # define HAVE_ASAN 1 #else # define HAVE_ASAN 0 #endif This is what Emacs uses (its symbol is ADDRESS_SANITIZER instead of HAVE_ASAN, for what that's worth). > + ASAN_POISON_MEMORY_REGION (buflim + sizeof(uword), > + bufalloc - (buflim - buffer) - sizeof(uword)); > The two 'sizeof's need spaces afterwards. > +#ifdef HAVE_ASAN > +# define ASAN_POISON_MEMORY_REGION(addr, size) \ > + __asan_poison_memory_region ((addr), (size)) > +# define ASAN_UNPOISON_MEMORY_REGION(addr, size) \ > + __asan_unpoison_memory_region ((addr), (size)) > +#else > +# define ASAN_POISON_MEMORY_REGION(addr, size) \ > + (ignore_value (addr), ignore_value (size)) > +# define ASAN_UNPOISON_MEMORY_REGION(addr, size) \ > + (ignore_value (addr), ignore_value (size)) > +#endif I don't see the value of having macros here. How about the following instead? #ifndef HAVE_ASAN static void __asan_unpoison_memory_region (void const volatile *addr, size_t size) { } static void __asan_unpoison_memory_region (void const volatile *addr, size_t size) { } #endif And then have the callers invoke '__asan_poison_memory_region' instead of 'ASAN_POISON_MEMORY_REGION'. This way, there should be no need to pull in the ignore-value machinery, it's two less macros to worry about, and there's better type checking when address sanitization is not in use. From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 10 19:42:52 2015 Received: (at 19563) by debbugs.gnu.org; 11 Jan 2015 00:42:52 +0000 Received: from localhost ([127.0.0.1]:42243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YA6cG-0001Zl-2O for submit@debbugs.gnu.org; Sat, 10 Jan 2015 19:42:52 -0500 Received: from mail-ie0-f182.google.com ([209.85.223.182]:38110) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YA6cD-0001Zb-95 for 19563@debbugs.gnu.org; Sat, 10 Jan 2015 19:42:49 -0500 Received: by mail-ie0-f182.google.com with SMTP id x19so20538514ier.13 for <19563@debbugs.gnu.org>; Sat, 10 Jan 2015 16:42:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=4mzVr+n4LTQjjAcExEc6d1dR65UeQ+1MNPmhdZQvYa4=; b=KfuaxGCxpmGDHteXikzfLUXRV65AzDG/kDej+4bltMB4dmoG7TclYQQzuzHW9dDX5O cMVWQoNBRlWX3aSJhicOEIqI41uxb6S1vZysXa0+aTEIRa0l6Dvf4oEta06SsrhV+B+8 9h9wKL/tbPtA8EPwykxp+aXsvexvs8e6RQ8d4cgRPOjxI9uGlTd5ngyY5hS/mJs28CF0 y7bnhApYHC1kVv8TMv6poK2xR17mFc0DcSmShmI4xwfc+AfETgH+P+w/jd9TIAVJSBfs pLbgXO0Mix/1KcWU+PtI74XXiOJrAs7zoyjmfxu3AQq5u9jbRdqhNwqihrjLvkqaf110 JOKw== X-Received: by 10.50.111.10 with SMTP id ie10mr2150664igb.15.1420936968631; Sat, 10 Jan 2015 16:42:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.107.197 with HTTP; Sat, 10 Jan 2015 16:42:28 -0800 (PST) In-Reply-To: <54B1BDA6.7000901@cs.ucla.edu> References: <54B1BDA6.7000901@cs.ucla.edu> From: Jim Meyering Date: Sat, 10 Jan 2015 16:42:28 -0800 X-Google-Sender-Auth: yoEUGAZFG3np_-LTEGsJsyMq_Qc Message-ID: Subject: Re: bug#19563: grep -F: fix a heap buffer (read) overrun To: Paul Eggert Content-Type: multipart/mixed; boundary=089e0149c054463bbc050c55ab14 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19563 Cc: 19563@debbugs.gnu.org, Yuliy Pisetsky , Nima Aghdaii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --089e0149c054463bbc050c55ab14 Content-Type: text/plain; charset=ISO-8859-1 On Sat, Jan 10, 2015 at 4:02 PM, Paul Eggert wrote: > Jim Meyering wrote: >> >> +#if defined __clang__ >> +# if __has_feature(address_sanitizer) >> +# define HAVE_ASAN 1 >> +# endif >> +#elif defined __GNUC__ \ >> + && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 8)) || (__GNUC__ >= 5)) \ >> + && __SANITIZE_ADDRESS__ >> +# define HAVE_ASAN 1 >> +#endif > > > How about the following instead? > > #ifndef __has_feature > # define __has_feature(a) false > #endif > > #if defined __SANITIZE_ADDRESS__ || __has_feature (address_sanitizer) > # define HAVE_ASAN 1 > #else > # define HAVE_ASAN 0 > #endif > > This is what Emacs uses (its symbol is ADDRESS_SANITIZER instead of > HAVE_ASAN, for what that's worth). > >> + ASAN_POISON_MEMORY_REGION (buflim + sizeof(uword), >> + bufalloc - (buflim - buffer) - >> sizeof(uword)); >> > > The two 'sizeof's need spaces afterwards. Fixed. > I don't see the value of having macros here. How about the following > instead? > > #ifndef HAVE_ASAN > static void > __asan_unpoison_memory_region (void const volatile *addr, size_t size) > { > } > > static void > __asan_unpoison_memory_region (void const volatile *addr, size_t size) > { > } > #endif I agree. Adjusted via s/unpoison/poison/ in the first. In addition, I have added _GL_UNUSED so as not to run afoul of grep's use of -Werror=unused-function. Also, I have adapted not to declare when using the static wrappers. and to use #if, not #ifndef, since now HAVE_ASAN is always defined. > And then have the callers invoke '__asan_poison_memory_region' instead of > 'ASAN_POISON_MEMORY_REGION'. This way, there should be no need to pull in > the ignore-value machinery, it's two less macros to worry about, and there's > better type checking when address sanitization is not in use. Thanks for all the good suggestions. Here's an updated version: --089e0149c054463bbc050c55ab14 Content-Type: application/octet-stream; name="0001-tests-add-support-for-ASAN-memory-poisoning.patch" Content-Disposition: attachment; filename="0001-tests-add-support-for-ASAN-memory-poisoning.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i4rp3az90 RnJvbSAxNTU1MTg1ZDViNzg2NzQ3MmIwZTVmMDU4OWY3MWQ5YjEyNDJlODQyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gTWV5ZXJpbmcgPG1leWVyaW5nQGZiLmNvbT4KRGF0ZTog U3VuLCA0IEphbiAyMDE1IDA3OjI4OjEzIC0wODAwClN1YmplY3Q6IFtQQVRDSF0gdGVzdHM6IGFk ZCBzdXBwb3J0IGZvciBBU0FOIG1lbW9yeSBwb2lzb25pbmcKClRoaXMgbGV0cyB1cyByZWxpYWJs eSBkZXRlY3Qgd2l0aCBBU0FOIHNvbWUgVU1SIGJ1Z3MKdGhhdCB3b3VsZCBvdGhlcndpc2UgYmUg ZGV0ZWN0YWJsZSBvbmx5IHNvbWUgb2YgdGhlIHRpbWUKd2l0aCBNU0FOLiAgVXNlIF9fYXNhbl9w b2lzb25fbWVtb3J5X3JlZ2lvbiB0byBtYXJrIHRoZSB1bnVzZWQKcG9ydGlvbiBvZiBhIHJlYWQg YnVmZmVyIGFzIGluYWNjZXNzaWJsZS4gIFRoZW4sIHdpdGggQVNBTiwKYW55IGF0dGVtcHQgdG8g YWNjZXNzIHRob3NlIGJ5dGVzIHJlc3VsdHMgaW4gYW4gQVNBTiBhYm9ydC4KKiBzcmMvc3lzdGVt Lmg6IEluY2x1ZGUgImlnbm9yZS12YWx1ZS5oIi4KKF9faGFzX2ZlYXR1cmUpOiBEZWZpbmUuCihI QVZFX0FTQU4pOiBEZWZpbmUgd2hlbiBhZGRyZXNzIHNhbml0aXplciBpcyBlbmFibGVkLgpbSEFW RV9BU0FOXTogRGVjbGFyZSB0aGVzZSB0d28gX19hc2FuXyogc3ltYm9scy4KWyFIQVZFX0FTQU5d IChfX2FzYW5fcG9pc29uX21lbW9yeV9yZWdpb24pOiBEZWZpbmUgc3R1Yi4KWyFIQVZFX0FTQU5d IChfX2FzYW5fdW5wb2lzb25fbWVtb3J5X3JlZ2lvbik6IExpa2V3aXNlLgoqIHNyYy9ncmVwLmM6 IFVzZSBfX2FzYW5fcG9pc29uX21lbW9yeV9yZWdpb24uCi0tLQogc3JjL2dyZXAuYyAgIHwgIDUg KysrKysKIHNyYy9zeXN0ZW0uaCB8IDQwICsrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKysKIDIgZmlsZXMgY2hhbmdlZCwgNDUgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBh L3NyYy9ncmVwLmMgYi9zcmMvZ3JlcC5jCmluZGV4IGM4NWZjNmUuLjdkNzBmNGEgMTAwNjQ0Ci0t LSBhL3NyYy9ncmVwLmMKKysrIGIvc3JjL2dyZXAuYwpAQCAtODE2LDYgKzgxNiwxMSBAQCBmaWxs YnVmIChzaXplX3Qgc2F2ZSwgc3RydWN0IHN0YXQgY29uc3QgKnN0KQogICAgICBwb3NpdGl2ZSBy ZXBvcnRzIG9mIHRoZXNlIGJ5dGVzIGJlaW5nIHVzZWQgdW5pbml0aWFsaXplZC4gICovCiAgIG1l bXNldCAoYnVmbGltLCAwLCBzaXplb2YgKHV3b3JkKSk7CgorICAvKiBNYXJrIHRoZSBwYXJ0IG9m IHRoZSBidWZmZXIgbm90IGZpbGxlZCBieSB0aGUgcmVhZCBvciBzZXQgYnkKKyAgICAgdGhlIGFi b3ZlIG1lbXNldCBjYWxsIGFzIEFTQU4tcG9pc29uZWQuICAqLworICBfX2FzYW5fcG9pc29uX21l bW9yeV9yZWdpb24gKGJ1ZmxpbSArIHNpemVvZiAodXdvcmQpLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGJ1ZmFsbG9jIC0gKGJ1ZmxpbSAtIGJ1ZmZlcikgLSBzaXplb2YgKHV3b3Jk KSk7CisKICAgcmV0dXJuIGNjOwogfQoKZGlmZiAtLWdpdCBhL3NyYy9zeXN0ZW0uaCBiL3NyYy9z eXN0ZW0uaAppbmRleCAxY2MyYmQzLi4xNWExYWJiIDEwMDY0NAotLS0gYS9zcmMvc3lzdGVtLmgK KysrIGIvc3JjL3N5c3RlbS5oCkBAIC0yNiw2ICsyNiw3IEBACiAjaW5jbHVkZSAiYmluYXJ5LWlv LmgiCiAjaW5jbHVkZSAiY29uZmlnbWFrZS5oIgogI2luY2x1ZGUgImRpcm5hbWUuaCIKKyNpbmNs dWRlICJpZ25vcmUtdmFsdWUuaCIKICNpbmNsdWRlICJtaW5tYXguaCIKICNpbmNsdWRlICJzYW1l LWlub2RlLmgiCgpAQCAtNjcsNCArNjgsNDMgQEAgdG9fdWNoYXIgKGNoYXIgY2gpCgogX0dMX0lO TElORV9IRUFERVJfRU5ECgorI2lmbmRlZiBfX2hhc19mZWF0dXJlCisjIGRlZmluZSBfX2hhc19m ZWF0dXJlKEYpIGZhbHNlCisjZW5kaWYKKworI2lmIGRlZmluZWQgX19TQU5JVElaRV9BRERSRVNT X18gfHwgX19oYXNfZmVhdHVyZSAoYWRkcmVzc19zYW5pdGl6ZXIpCisjIGRlZmluZSBIQVZFX0FT QU4gMQorI2Vsc2UKKyMgZGVmaW5lIEhBVkVfQVNBTiAwCisjZW5kaWYKKworI2lmIEhBVkVfQVNB TgorCisvKiBNYXJrIG1lbW9yeSByZWdpb24gW2FkZHIsIGFkZHIrc2l6ZSkgYXMgdW5hZGRyZXNz YWJsZS4KKyAgIFRoaXMgbWVtb3J5IG11c3QgYmUgcHJldmlvdXNseSBhbGxvY2F0ZWQgYnkgdGhl IHVzZXIgcHJvZ3JhbS4gIEFjY2Vzc2luZworICAgYWRkcmVzc2VzIGluIHRoaXMgcmVnaW9uIGZy b20gaW5zdHJ1bWVudGVkIGNvZGUgaXMgZm9yYmlkZGVuIHVudGlsCisgICB0aGlzIHJlZ2lvbiBp cyB1bnBvaXNvbmVkLiAgVGhpcyBmdW5jdGlvbiBpcyBub3QgZ3VhcmFudGVlZCB0byBwb2lzb24K KyAgIHRoZSB3aG9sZSByZWdpb24gLSBpdCBtYXkgcG9pc29uIG9ubHkgYSBzdWJyZWdpb24gb2Yg W2FkZHIsIGFkZHIrc2l6ZSkKKyAgIGR1ZSB0byBBU2FuIGFsaWdubWVudCByZXN0cmljdGlvbnMu CisgICBNZXRob2QgaXMgTk9UIHRocmVhZC1zYWZlIGluIHRoZSBzZW5zZSB0aGF0IG5vIHR3byB0 aHJlYWRzIGNhbgorICAgKHVuKXBvaXNvbiBtZW1vcnkgaW4gdGhlIHNhbWUgbWVtb3J5IHJlZ2lv biBzaW11bHRhbmVvdXNseS4gICovCit2b2lkIF9fYXNhbl9wb2lzb25fbWVtb3J5X3JlZ2lvbiAo dm9pZCBjb25zdCB2b2xhdGlsZSAqYWRkciwgc2l6ZV90IHNpemUpOworCisvKiBNYXJrIG1lbW9y eSByZWdpb24gW2FkZHIsIGFkZHIrc2l6ZSkgYXMgYWRkcmVzc2FibGUuCisgICBUaGlzIG1lbW9y eSBtdXN0IGJlIHByZXZpb3VzbHkgYWxsb2NhdGVkIGJ5IHRoZSB1c2VyIHByb2dyYW0uICBBY2Nl c3NpbmcKKyAgIGFkZHJlc3NlcyBpbiB0aGlzIHJlZ2lvbiBpcyBhbGxvd2VkIHVudGlsIHRoaXMg cmVnaW9uIGlzIHBvaXNvbmVkIGFnYWluLgorICAgVGhpcyBmdW5jdGlvbiBtYXkgdW5wb2lzb24g YSBzdXBlcnJlZ2lvbiBvZiBbYWRkciwgYWRkcitzaXplKSBkdWUgdG8KKyAgIEFTYW4gYWxpZ25t ZW50IHJlc3RyaWN0aW9ucy4KKyAgIE1ldGhvZCBpcyBOT1QgdGhyZWFkLXNhZmUgaW4gdGhlIHNl bnNlIHRoYXQgbm8gdHdvIHRocmVhZHMgY2FuCisgICAodW4pcG9pc29uIG1lbW9yeSBpbiB0aGUg c2FtZSBtZW1vcnkgcmVnaW9uIHNpbXVsdGFuZW91c2x5LiAgKi8KK3ZvaWQgX19hc2FuX3VucG9p c29uX21lbW9yeV9yZWdpb24gKHZvaWQgY29uc3Qgdm9sYXRpbGUgKmFkZHIsIHNpemVfdCBzaXpl KTsKKworI2Vsc2UKKworc3RhdGljIF9HTF9VTlVTRUQgdm9pZAorX19hc2FuX3BvaXNvbl9tZW1v cnlfcmVnaW9uICh2b2lkIGNvbnN0IHZvbGF0aWxlICphZGRyLCBzaXplX3Qgc2l6ZSkgeyB9Citz dGF0aWMgX0dMX1VOVVNFRCB2b2lkCitfX2FzYW5fdW5wb2lzb25fbWVtb3J5X3JlZ2lvbiAodm9p ZCBjb25zdCB2b2xhdGlsZSAqYWRkciwgc2l6ZV90IHNpemUpIHsgfQorI2VuZGlmCisKICNlbmRp ZgotLSAKMi4yLjEKCg== --089e0149c054463bbc050c55ab14-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 11 19:31:22 2015 Received: (at 19563) by debbugs.gnu.org; 12 Jan 2015 00:31:22 +0000 Received: from localhost ([127.0.0.1]:42976 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YASuf-0004Rf-GV for submit@debbugs.gnu.org; Sun, 11 Jan 2015 19:31:22 -0500 Received: from mailgw04.kcn.ne.jp ([61.86.7.211]:47348) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YASub-0004RK-UW for 19563@debbugs.gnu.org; Sun, 11 Jan 2015 19:31:19 -0500 Received: from imp02 (mailgw6.kcn.ne.jp [61.86.15.232]) by mailgw04.kcn.ne.jp (Postfix) with ESMTP id 21C6B6C1426 for <19563@debbugs.gnu.org>; Mon, 12 Jan 2015 09:31:15 +0900 (JST) Received: from mail04.kcn.ne.jp ([61.86.6.183]) by imp02 with bizsmtp id eoXF1p0013wvxAM01oXFJ9; Mon, 12 Jan 2015 09:31:15 +0900 X-OrgRCPT: 19563@debbugs.gnu.org Received: from [10.120.1.73] (i118-21-128-66.s30.a048.ap.plala.or.jp [118.21.128.66]) by mail04.kcn.ne.jp (Postfix) with ESMTPA id BFC9512900C2; Mon, 12 Jan 2015 09:31:14 +0900 (JST) Date: Mon, 12 Jan 2015 09:31:09 +0900 From: Norihiro Tanaka To: Jim Meyering Subject: Re: bug#19563: grep -F: fix a heap buffer (read) overrun In-Reply-To: References: Message-Id: <20150112093053.7009.27F6AC2D@kcn.ne.jp> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------_54B31501000000007000_MULTIPART_MIXED_" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.65.07 [ja] X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 19563 Cc: 19563@debbugs.gnu.org, Yuliy Pisetsky , Nima Aghdaii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --------_54B31501000000007000_MULTIPART_MIXED_ Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit On Sat, 10 Jan 2015 15:43:02 -0800 Jim Meyering wrote: > Colleagues Nima Aghdaii and Yuliy Pisetsky found and fixed a heap > buffer overrun in grep's kwset.c. The underlying bug, already hard to > trigger, would most often result in a "mere" heap UMR (uninitialized > memory read), but Yuliy constructed inputs (see the new test) that > cause a buffer overrun. > > I'm attaching two other related patches: > - grep: avoid false-positive UMR > - tests: add support for ASAN memory poisoning > > I expect to push these by Monday. How about the attachments instead for the second patch? --------_54B31501000000007000_MULTIPART_MIXED_ Content-Type: text/plain; charset="US-ASCII"; name="0002-grep-F-fix-a-heap-buffer-read-overrun.patch" Content-Disposition: attachment; filename="0002-grep-F-fix-a-heap-buffer-read-overrun.patch" Content-Transfer-Encoding: base64 RnJvbSA3OWU4YzI2Y2QzMjQ5ZWYzOWU0YTRhYjEyODgyNTljZjQwZmY0NmE0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBZdWxpeSBQaXNldHNreSA8eXBpc2V0c2t5QGZiLmNvbT4KRGF0 ZTogVGh1LCAxIEphbiAyMDE1IDE1OjM2OjU1IC0wODAwClN1YmplY3Q6IFtQQVRDSCAyLzJdIGdy ZXAgLUY6IGZpeCBhIGhlYXAgYnVmZmVyIChyZWFkKSBvdmVycnVuCgpncmVwJ3MgcmVhZCBidWZm ZXIgaXMgb2Z0ZW4gZmlsbGVkIHRvIGl0cyBmdWxsIHNpemUsIGV4Y2VwdCB3aGVuCnJlYWRpbmcg dGhlIGZpbmFsIGJ1ZmZlciBvZiBhIGZpbGUuICBJbiB0aGF0IGNhc2UsIHRoZSBudW1iZXIgb2YK Ynl0ZXMgcmVhZCBtYXkgYmUgZmFyIGxlc3MgdGhhbiB0aGUgc2l6ZSBvZiB0aGUgYnVmZmVyLiAg SG93ZXZlciwgZm9yCmNlcnRhaW4gdW51c3VhbCBwYXR0ZXJuL3RleHQgY29tYmluYXRpb25zLCBn cmVwIC1GIHdvdWxkIG1pc3Rha2VubHkKZXhhbWluZSBieXRlcyBpbiB0aGF0IHVuaW5pdGlhbGl6 ZWQgcmVnaW9uIG9mIG1lbW9yeSB3aGVuIHNlYXJjaGluZwpmb3IgYSBtYXRjaC4gIFdpdGggY2Fy ZWZ1bGx5IGNob3NlbiBpbnB1dHMsIG9uZSBjYW4gY2F1c2UgZ3JlcCAtRiB0bwpyZWFkIGJleW9u ZCB0aGUgZW5kIG9mIHRoYXQgYnVmZmVyIGFsdG9nZXRoZXIuICBUaGlzIHByb2JsZW0gYXJvc2Ug dmlhCmNvbW1pdCB2Mi4xOC05MC1nNzM4OTNmZiB3aXRoIHRoZSBpbnRyb2R1Y3Rpb24gb2YgYSBt b3JlIGVmZmljaWVudApoZXVyaXN0aWMgdXNpbmcgd2hhdCBpcyBub3cgdGhlIG1lbWNocl9rd3Nl dCBmdW5jdGlvbi4gVGhlIHVzZSBvZgp0aGF0IGZ1bmN0aW9uIGluIGJtZXhlY190cmFucyBjb3Vs ZCBsZWF2ZSBUUCBtdWNoIGxhcmdlciB0aGFuIEVQLAphbmQgdGhlIHN1YnNlcXVlbnQgY2FsbCB0 byBibV9kZWx0YTJfc2VhcmNoIHdvdWxkIG1pc3Rha2VubHkgYWNjZXNzCmJleW9uZCBlbmQgb2Yg dGhlIG1haW4gaW5wdXQgcmVhZCBidWZmZXIuCgoqIHNyYy9rd3NldC5jIChibWV4ZWNfdHJhbnMp OiBXaGVuIFRQIHJlYWNoZXMgb3IgZXhjZWVkcyBFUCwKZG8gbm90IGNhbGwgYm1fZGVsdGEyX3Nl YXJjaC4KKiB0ZXN0cy9rd3NldC1hYnVzZTogTmV3IGZpbGUuCiogdGVzdHMvTWFrZWZpbGUuYW0g KFRFU1RTKTogQWRkIGl0LgoqIFRIQU5LUy5pbjogVXBkYXRlLgoqIE5FV1MgKEJ1ZyBmaXhlcyk6 IE1lbnRpb24gaXQuCgpQcmlvciB0byB0aGlzIHBhdGNoLCB0aGlzIGNvbW1hbmQgd291bGQgdHJp Z2dlciBhIFVNUjoKCiAgcHJpbnRmICUwMzYwZGIgMCB8IHZhbGdyaW5kIHNyYy9ncmVwIC1GICQo cHJpbnRmICUwMTlkWGIgMCkKCiAgVXNlIG9mIHVuaW5pdGlhbGlzZWQgdmFsdWUgb2Ygc2l6ZSA4 CiAgICAgYXQgMHg0MTQyQkU6IGJtZXhlY190cmFucyAoa3dzZXQuYzo2NTcpCiAgICAgYnkgMHg0 MTQzQ0E6IGJtZXhlYyAoa3dzZXQuYzo2NzgpCiAgICAgYnkgMHg0MTQ5NzM6IGt3c2V4ZWMgKGt3 c2V0LmM6ODQ4KQogICAgIGJ5IDB4NDE0REM0OiBGZXhlY3V0ZSAoa3dzZWFyY2guYzoxMjgpCiAg ICAgYnkgMHg0MDRFMkU6IGdyZXBidWYgKGdyZXAuYzoxMjM4KQogICAgIGJ5IDB4NDA1NEJGOiBn cmVwIChncmVwLmM6MTQxNykKICAgICBieSAweDQwNUNFQjogZ3JlcGRlc2MgKGdyZXAuYzoxNjQ1 KQogICAgIGJ5IDB4NDA1RUMxOiBncmVwX2NvbW1hbmRfbGluZV9hcmcgKGdyZXAuYzoxNjkyKQog ICAgIGJ5IDB4NDA3N0Q0OiBtYWluIChncmVwLmM6MjU3MCkKClNlZSB0aGUgYWNjb21wYW55aW5n IHRlc3QgZm9yIGhvdyB0byB0cmlnZ2VyIHRoZSBoZWFwIGJ1ZmZlciBvdmVycnVuLgoKVGhhbmtz IHRvIE5pbWEgQWdoZGFpaSBmb3IgdGVzdGluZyBhbmQgZmluZGluZyBudW1lcm91cwp3YXlzIHRv IGJyZWFrIGVhcmx5IGl0ZXJhdGlvbnMgb2YgdGhpcyBwYXRjaC4KLS0tCiBORVdTICAgICAgICAg ICAgICB8ICA1ICsrKysrCiBUSEFOS1MuaW4gICAgICAgICB8ICAxICsKIHNyYy9rd3NldC5jICAg ICAgIHwgIDUgKysrKy0KIHRlc3RzL01ha2VmaWxlLmFtIHwgIDEgKwogdGVzdHMva3dzZXQtYWJ1 c2UgfCAzMiArKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKwogNSBmaWxlcyBjaGFuZ2Vk LCA0MyBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCiBjcmVhdGUgbW9kZSAxMDA3NTUgdGVz dHMva3dzZXQtYWJ1c2UKCmRpZmYgLS1naXQgYS9ORVdTIGIvTkVXUwppbmRleCA5NzU0NDBkLi4z ODM1ZDhkIDEwMDY0NAotLS0gYS9ORVdTCisrKyBiL05FV1MKQEAgLTIsNiArMiwxMSBAQCBHTlUg Z3JlcCBORVdTICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLSotIG91dGxpbmUg LSotCiAKICogTm90ZXdvcnRoeSBjaGFuZ2VzIGluIHJlbGVhc2UgPy4/ICg/Pz8/LT8/LT8/KSBb P10KIAorKiogQnVnIGZpeGVzCisKKyAgZ3JlcCBubyBsb25nZXIgcmVhZHMgZnJvbSB1bmluaXRp YWxpemVkIG1lbW9yeSBvciBmcm9tIGJleW9uZCB0aGUgZW5kCisgIG9mIHRoZSBoZWFwLWFsbG9j YXRlZCBpbnB1dCBidWZmZXIuCisKIAogKiBOb3Rld29ydGh5IGNoYW5nZXMgaW4gcmVsZWFzZSAy LjIxICgyMDE0LTExLTIzKSBbc3RhYmxlXQogCmRpZmYgLS1naXQgYS9USEFOS1MuaW4gYi9USEFO S1MuaW4KaW5kZXggYWVhZjUxNi4uNjI0NDc4ZCAxMDA2NDQKLS0tIGEvVEhBTktTLmluCisrKyBi L1RIQU5LUy5pbgpAQCAtNjIsNiArNjIsNyBAQCBNaWNoYWVsIEFpY2hsbWF5ciAgICAgICAgICAg ICAgICAgICBtaWtsYUBueC5jb20KIE1pbGVzIEJhZGVyICAgICAgICAgICAgICAgICAgICAgICAg IG1pbGVzQGNjcy5tdC5uZWMuY28uanAKIE1pcnJheiBNaXJyYXogICAgICAgICAgICAgICAgICAg ICAgIG1pcnJhejFAcmFtYmxlci5ydQogTmVsc29uIEguIEYuIEJlZWJlICAgICAgICAgICAgICAg ICAgYmVlYmVAbWF0aC51dGFoLmVkdQorTmltYSBBZ2hkYWlpICAgICAgICAgICAgICAgICAgICAg ICAgbmFnaGRhaWlAZmIuY29tCiBPbGFmIEtpcmNoICAgICAgICAgICAgICAgICAgICAgICAgICBv a2lyQG5zLmxzdC5kZQogUGF1bCBLaW1vdG8gICAgICAgICAgICAgICAgICAgICAgICAga2ltb3Rv QHNwYWNlbmV0LnRuLmNvcm5lbGwuZWR1CiBQw6l0ZXIgUmFkaWNzICAgICAgICAgICAgICAgICAg ICAgICAgbWl0Y2hudWxsQGdtYWlsLmNvbQpkaWZmIC0tZ2l0IGEvc3JjL2t3c2V0LmMgYi9zcmMv a3dzZXQuYwppbmRleCA0MDAzYzhkLi5lMmE4ZTE2IDEwMDY0NAotLS0gYS9zcmMva3dzZXQuYwor KysgYi9zcmMva3dzZXQuYwpAQCAtNjQ2LDcgKzY0Niw4IEBAIGJtZXhlY190cmFucyAoa3dzZXRf dCBrd3NldCwgY2hhciBjb25zdCAqdGV4dCwgc2l6ZV90IHNpemUpCiAgICAgICAgICAgICAgICAg ICB9CiAgICAgICAgICAgICAgIH0KICAgICAgICAgICB9Ci0gICAgICAgIGlmIChibV9kZWx0YTJf c2VhcmNoICgmdHAsIGVwLCBzcCwgbGVuLCB0cmFucywgZ2MxLCBnYzIsIGQxLCBrd3NldCkpCisg ICAgICAgIGlmIChibV9kZWx0YTJfc2VhcmNoICgmdHAsIHRleHQgKyBzaXplLCBzcCwgbGVuLCB0 cmFucywgZ2MxLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICBnYzIsIGQxLCBrd3NldCkp CiAgICAgICAgICAgcmV0dXJuIHRwIC0gdGV4dDsKICAgICAgIGJpZ19hZHZhbmNlOjsKICAgICAg IH0KQEAgLTY1NCw2ICs2NTUsOCBAQCBibWV4ZWNfdHJhbnMgKGt3c2V0X3Qga3dzZXQsIGNoYXIg Y29uc3QgKnRleHQsIHNpemVfdCBzaXplKQogICAvKiBOb3cgd2UgaGF2ZSBvbmx5IGEgZmV3IGNo YXJhY3RlcnMgbGVmdCB0byBzZWFyY2guICBXZQogICAgICBjYXJlZnVsbHkgYXZvaWQgZXZlciBw cm9kdWNpbmcgYW4gb3V0LW9mLWJvdW5kcyBwb2ludGVyLiAqLwogICBlcCA9IHRleHQgKyBzaXpl OworICBpZiAoZXAgPCB0cCkKKyAgICByZXR1cm4gLTE7CiAgIGQgPSBkMVtVKHRwWy0xXSldOwog ICB3aGlsZSAoZCA8PSBlcCAtIHRwKQogICAgIHsKZGlmZiAtLWdpdCBhL3Rlc3RzL01ha2VmaWxl LmFtIGIvdGVzdHMvTWFrZWZpbGUuYW0KaW5kZXggMmNiYTJjZC4uMDUwOGNkMiAxMDA2NDQKLS0t IGEvdGVzdHMvTWFrZWZpbGUuYW0KKysrIGIvdGVzdHMvTWFrZWZpbGUuYW0KQEAgLTc1LDYgKzc1 LDcgQEAgVEVTVFMgPQkJCQkJCVwKICAgaW5jb25zaXN0ZW50LXJhbmdlCQkJCVwKICAgaW52YWxp ZC1tdWx0aWJ5dGUtaW5mbG9vcAkJCVwKICAga2hhZGFmeQkJCQkJXAorICBrd3NldC1hYnVzZQkJ CQkJXAogICBsb25nLWxpbmUtdnMtMkdpQi1yZWFkCQkJXAogICBtYXRjaC1saW5lcwkJCQkJXAog ICBtYXgtY291bnQtb3ZlcnJlYWQJCQkJXApkaWZmIC0tZ2l0IGEvdGVzdHMva3dzZXQtYWJ1c2Ug Yi90ZXN0cy9rd3NldC1hYnVzZQpuZXcgZmlsZSBtb2RlIDEwMDc1NQppbmRleCAwMDAwMDAwLi42 ZDhlYzBjCi0tLSAvZGV2L251bGwKKysrIGIvdGVzdHMva3dzZXQtYWJ1c2UKQEAgLTAsMCArMSwz MiBAQAorIyEgL2Jpbi9zaAorIyBFdm9rZSBhIHNlZ2ZhdWx0IGluIGEgaGFyZC10by1yZWFjaCBj b2RlIHBhdGggb2Yga3dzZXQuYy4KKyMgVGhpcyBidWcgYWZmZWN0ZWQgZ3JlcCB2ZXJzaW9ucyAy LjE5IHRocm91Z2ggMi4yMS4KKyMKKyMgQ29weXJpZ2h0IChDKSAyMDE1IEZyZWUgU29mdHdhcmUg Rm91bmRhdGlvbiwgSW5jLgorIworIyBUaGlzIHByb2dyYW0gaXMgZnJlZSBzb2Z0d2FyZTogeW91 IGNhbiByZWRpc3RyaWJ1dGUgaXQgYW5kL29yIG1vZGlmeQorIyBpdCB1bmRlciB0aGUgdGVybXMg b2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGFzIHB1Ymxpc2hlZCBieQorIyB0aGUg RnJlZSBTb2Z0d2FyZSBGb3VuZGF0aW9uLCBlaXRoZXIgdmVyc2lvbiAzIG9mIHRoZSBMaWNlbnNl LCBvcgorIyAoYXQgeW91ciBvcHRpb24pIGFueSBsYXRlciB2ZXJzaW9uLgorCisjIFRoaXMgcHJv Z3JhbSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUgdXNlZnVsLAor IyBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJy YW50eSBvZgorIyBNRVJDSEFOVEFCSUxJVFkgb3IgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBV UlBPU0UuICBTZWUgdGhlCisjIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBtb3JlIGRl dGFpbHMuCisKKyMgWW91IHNob3VsZCBoYXZlIHJlY2VpdmVkIGEgY29weSBvZiB0aGUgR05VIEdl bmVyYWwgUHVibGljIExpY2Vuc2UKKyMgYWxvbmcgd2l0aCB0aGlzIHByb2dyYW0uICBJZiBub3Qs IHNlZSA8aHR0cDovL3d3dy5nbnUub3JnL2xpY2Vuc2VzLz4uCisKKy4gIiR7c3JjZGlyPS59L2lu aXQuc2giOyBwYXRoX3ByZXBlbmRfIC4uL3NyYworCitmYWlsPTAKKworIyBUaGlzIHRlc3QgY2Fz ZSBjaG9vc2VzIGEgaGF5c3RhY2sgb2Ygc2l6ZSAyNjAsMDAwLCBzaW5jZSBwcm9kZGluZworIyB3 aXRoIGdkYiBzaG93ZWQgYSByZWFsbG9jYXRpb24gc2xpZ2h0bHkgbGFyZ2VyIHRoYW4gdGhhdCBp biBmaWxsYnVmLgorIyBUbyByZWFjaCB0aGUgYnVnZ3kgY29kZSwgdGhlIG5lZWRsZSBtdXN0IGhh dmUgbGVuZ3RoIDwgMS8xMSB0aGF0IG9mCisjIHRoZSBoYXlzdGFjaywgYW5kIDEwLDAwMCBpcyBh IG5pY2Ugcm91bmQgbnVtYmVyIHRoYXQgZml0cyB0aGUgYmlsbC4KK3ByaW50ZiAnJTAyNjAwMDBk WHlcbicgMCB8IGdyZXAgLUYgJChwcmludGYgJTAxMDAwMGR5IDApCisKK3Rlc3QgJD8gPSAxIHx8 IGZhaWw9MQorCitFeGl0ICRmYWlsCi0tIAoyLjIuMAoK --------_54B31501000000007000_MULTIPART_MIXED_-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 11 20:49:53 2015 Received: (at 19563) by debbugs.gnu.org; 12 Jan 2015 01:49:53 +0000 Received: from localhost ([127.0.0.1]:53888 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YAU8f-0002du-8o for submit@debbugs.gnu.org; Sun, 11 Jan 2015 20:49:53 -0500 Received: from mail-ie0-f173.google.com ([209.85.223.173]:36721) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YAU8b-0002de-4A for 19563@debbugs.gnu.org; Sun, 11 Jan 2015 20:49:50 -0500 Received: by mail-ie0-f173.google.com with SMTP id y20so23140258ier.4 for <19563@debbugs.gnu.org>; Sun, 11 Jan 2015 17:49:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=nmahHcGLsaVMKE56VrxaEOwCaawxZ00+g1f61Rfl3z8=; b=uDSkK6FQT72ibOZ47/VVfAhAQJ8barFwfLRmVIqOo1xHW68oanroA8nEtQWFP6SPpH 8vJ49u4d74Rg1Au4iV5ZBf2SVGeHqtHeQ0COeahk0WjYCEwwtb2JEp6BwjiSkdaAEVsq E/W/PK1N9/jcEn7DIqHPAreNynwvfikiGQAmuPlFcIzkETkW0xONW56GmUCz5dsrEtel CBiMHTvRg9H2qFfuY/m2Iqo3D8B6shuYxX+NBAtyogLpng9gEvHoXtWuU/KOUgWsLadH rDoYDQK978lOth9n+ZpoQD76PZ/eotmcBTn/Do7aAxhGAplxZ158m9Wg6CC2k/zAq0Ew onEw== X-Received: by 10.107.138.131 with SMTP id c3mr25817990ioj.0.1421027383054; Sun, 11 Jan 2015 17:49:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.107.197 with HTTP; Sun, 11 Jan 2015 17:49:22 -0800 (PST) In-Reply-To: <20150112093053.7009.27F6AC2D@kcn.ne.jp> References: <20150112093053.7009.27F6AC2D@kcn.ne.jp> From: Jim Meyering Date: Sun, 11 Jan 2015 17:49:22 -0800 X-Google-Sender-Auth: -3Zz4_OQ3ziaZA82-1bJqi2HLyQ Message-ID: Subject: Re: bug#19563: grep -F: fix a heap buffer (read) overrun To: Norihiro Tanaka Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19563 Cc: 19563@debbugs.gnu.org, Yuliy Pisetsky , Nima Aghdaii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sun, Jan 11, 2015 at 4:31 PM, Norihiro Tanaka wrote: ... > How about the attachments instead for the second patch? Thank you for the suggestion. However, I do not see a problem with Yuliy's fix, so have pushed it, along with the other two commits. Comparing your change to Yuliy's, I have a slight preference for his, since it adds work only to the rarely-used code path on which this bug was introduced, and keeps the handling of "out of bounds TP" closer to the code that makes TP too large. If you can provide justification for this proposed change, would you please do so in the commit log of a rebased patch? From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 11 21:31:59 2015 Received: (at 19563) by debbugs.gnu.org; 12 Jan 2015 02:31:59 +0000 Received: from localhost ([127.0.0.1]:53901 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YAUnO-0003fe-Ox for submit@debbugs.gnu.org; Sun, 11 Jan 2015 21:31:59 -0500 Received: from mailgw01.kcn.ne.jp ([61.86.7.208]:55436) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YAUnL-0003fR-Qf for 19563@debbugs.gnu.org; Sun, 11 Jan 2015 21:31:57 -0500 Received: from imp02 (mailgw6.kcn.ne.jp [61.86.15.232]) by mailgw01.kcn.ne.jp (Postfix) with ESMTP id C612380334 for <19563@debbugs.gnu.org>; Mon, 12 Jan 2015 11:31:50 +0900 (JST) Received: from mail05.kcn.ne.jp ([61.86.6.184]) by imp02 with bizsmtp id eqXq1p00f3yDdWd01qXqLB; Mon, 12 Jan 2015 11:31:50 +0900 X-OrgRCPT: 19563@debbugs.gnu.org Received: from [10.120.1.73] (i118-21-128-66.s30.a048.ap.plala.or.jp [118.21.128.66]) by mail05.kcn.ne.jp (Postfix) with ESMTPA id 47DD57D0099; Mon, 12 Jan 2015 11:31:50 +0900 (JST) Date: Mon, 12 Jan 2015 11:31:44 +0900 From: Norihiro Tanaka To: Jim Meyering Subject: Re: bug#19563: grep -F: fix a heap buffer (read) overrun In-Reply-To: References: <20150112093053.7009.27F6AC2D@kcn.ne.jp> Message-Id: <20150112113143.702A.27F6AC2D@kcn.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.65.07 [ja] X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 19563 Cc: 19563@debbugs.gnu.org, Yuliy Pisetsky , Nima Aghdaii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On Sun, 11 Jan 2015 17:49:22 -0800 Jim Meyering wrote: > On Sun, Jan 11, 2015 at 4:31 PM, Norihiro Tanaka wrote: > ... > > How about the attachments instead for the second patch? > > Thank you for the suggestion. > > However, I do not see a problem with Yuliy's fix, so have pushed it, > along with the other two commits. > > Comparing your change to Yuliy's, I have a slight preference > for his, since it adds work only to the rarely-used code path on > which this bug was introduced, and keeps the handling of > "out of bounds TP" closer to the code that makes TP too large. > > If you can provide justification for this proposed change, > would you please do so in the commit log of a rebased patch? I understood. However, if fill d == 0 before reach in memchr(), even if fill ep <= tp, bm_delta2_search() can be called, and it is not buggy. So It is difficult for me to understand that we must exit the loop if tp <= ep at the point, although I understand that his fix is correct. From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 01 11:39:39 2015 Received: (at 19563) by debbugs.gnu.org; 1 Feb 2015 16:39:39 +0000 Received: from localhost ([127.0.0.1]:59773 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YHxYh-0008Rl-Fc for submit@debbugs.gnu.org; Sun, 01 Feb 2015 11:39:39 -0500 Received: from mail-ie0-f169.google.com ([209.85.223.169]:65173) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YHxYf-0008RY-0j for 19563@debbugs.gnu.org; Sun, 01 Feb 2015 11:39:37 -0500 Received: by mail-ie0-f169.google.com with SMTP id rl12so13113991iec.0 for <19563@debbugs.gnu.org>; Sun, 01 Feb 2015 08:39:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:content-type; bh=yVpqBSCBUlqSHLJrBe36WD0U6qIEyinqYFnGyLTjZSc=; b=KT8BiRL+eb/GoBwZLtatNCxIp6mP79bGMXPj2rX6/9jfoLGp6abh5fBQ37qWrWDpGk Hdl5VQfPiAW0HESvgUvXNwRBegdtes1h2T6Uk3lJvE1G7rpT7FKtDVdcBxgEBGxt2l3Y YRJCuKVM7SsnLDUurV4o/LAesuEVdT3m06h0ve1LRslHQtqqR2PqqIBtqryH9VJddPrk 2f4acJSI7AIsLmrbl5l1kfzh/oAY39Npr2kO61v1ZT98BZKUVuhJ0i8nNnUwFjBiabHg /rvp7LhdYhUjg1u/fYsl2wBJMNTehhq8r4nVjmx1tRqhLhN6f78C4VHzx+Hui2EhXvda G2lg== X-Received: by 10.107.149.203 with SMTP id x194mr18646949iod.12.1422808771078; Sun, 01 Feb 2015 08:39:31 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.171.115 with HTTP; Sun, 1 Feb 2015 08:39:08 -0800 (PST) From: Jim Meyering Date: Sun, 1 Feb 2015 08:39:08 -0800 X-Google-Sender-Auth: lxlqIy1aSugc4SFb6hxuj98kXTU Message-ID: Subject: CVE number and trivial NSC follow-up patch To: 19563@debbugs.gnu.org Content-Type: multipart/mixed; boundary=001a1140eed6641e2b050e097b60 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19563 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --001a1140eed6641e2b050e097b60 Content-Type: text/plain; charset=ISO-8859-1 I obtained a CVE number for this flaw and added a reference to it in NEWS. Also fixed a now-unnecessary "goto" in related code. --001a1140eed6641e2b050e097b60 Content-Type: application/octet-stream; name="0001-maint-convert-goto-to-continue-and-remove-now-spurio.patch" Content-Disposition: attachment; filename="0001-maint-convert-goto-to-continue-and-remove-now-spurio.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i5mnl7030 RnJvbSAwZmYxYzZmMzY4MjBhNzliZjc5ZDMzMDQyMmU2NDY4MTZmMGQ4ZGU0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gTWV5ZXJpbmcgPG1leWVyaW5nQGZiLmNvbT4KRGF0ZTog VGh1LCAxNSBKYW4gMjAxNSAwNzo1OToyNSAtMDgwMApTdWJqZWN0OiBbUEFUQ0ggMS8yXSBtYWlu dDogY29udmVydCAiZ290byIgdG8gImNvbnRpbnVlIiBhbmQgcmVtb3ZlCiBub3ctc3B1cmlvdXMg bGFiZWwKCiogc3JjL2t3c2V0LmMgKGJtZXhlY190cmFucyk6IFVzaW5nICJnb3RvIGJpZ19hZHZh bmNlIiBoZXJlIGlzCmVxdWl2YWxlbnQgdG8gdXNpbmcgImNvbnRpbnVlIi4gIE1ha2UgdGhhdCBj aGFuZ2UgYW5kIHJlbW92ZQp0aGUgbm93LXVudXNlZCBsYWJlbC4KLS0tCiBzcmMva3dzZXQuYyB8 IDMgKy0tCiAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKyksIDIgZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvc3JjL2t3c2V0LmMgYi9zcmMva3dzZXQuYwppbmRleCAzNzZmN2MzLi5hZDdh ODllIDEwMDY0NAotLS0gYS9zcmMva3dzZXQuYworKysgYi9zcmMva3dzZXQuYwpAQCAtNjM3LDcg KzYzNyw3IEBAIGJtZXhlY190cmFucyAoa3dzZXRfdCBrd3NldCwgY2hhciBjb25zdCAqdGV4dCwg c2l6ZV90IHNpemUpCiAgICAgICAgICAgICAgICAgICAgICAgIGRlbHRhMSB3aGVuIHRoZSBsYXR0 ZXIgZG9lc24ndCBhZHZhbmNlIG11Y2guICAqLwogICAgICAgICAgICAgICAgICAgICBpbnQgYWR2 YW5jZV9oZXVyaXN0aWMgPSAxNiAqIHNpemVvZiAobG9uZyk7CiAgICAgICAgICAgICAgICAgICAg IGlmIChhZHZhbmNlX2hldXJpc3RpYyA8PSB0cCAtIHRwMCkKLSAgICAgICAgICAgICAgICAgICAg ICBnb3RvIGJpZ19hZHZhbmNlOworICAgICAgICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogICAg ICAgICAgICAgICAgICAgICB0cC0tOwogICAgICAgICAgICAgICAgICAgICB0cCA9IG1lbWNocl9r d3NldCAodHAsIHRleHQgKyBzaXplIC0gdHAsIGt3c2V0KTsKICAgICAgICAgICAgICAgICAgICAg aWYgKCEgdHApCkBAIC02NTAsNyArNjUwLDYgQEAgYm1leGVjX3RyYW5zIChrd3NldF90IGt3c2V0 LCBjaGFyIGNvbnN0ICp0ZXh0LCBzaXplX3Qgc2l6ZSkKICAgICAgICAgICB9CiAgICAgICAgIGlm IChibV9kZWx0YTJfc2VhcmNoICgmdHAsIGVwLCBzcCwgbGVuLCB0cmFucywgZ2MxLCBnYzIsIGQx LCBrd3NldCkpCiAgICAgICAgICAgcmV0dXJuIHRwIC0gdGV4dDsKLSAgICAgIGJpZ19hZHZhbmNl OjsKICAgICAgIH0KCiAgIC8qIE5vdyB3ZSBoYXZlIG9ubHkgYSBmZXcgY2hhcmFjdGVycyBsZWZ0 IHRvIHNlYXJjaC4gIFdlCi0tIAoyLjIuMgoK --001a1140eed6641e2b050e097b60 Content-Type: application/octet-stream; name="0002-maint-reference-CVE-2015-1345-from-NEWS.patch" Content-Disposition: attachment; filename="0002-maint-reference-CVE-2015-1345-from-NEWS.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i5mnl70o1 RnJvbSA4NDZlN2VlZThiZGM4NGIzMzIxNTAwNDNhNjZmZThmMTdkYzFhMzBiIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gTWV5ZXJpbmcgPG1leWVyaW5nQGZiLmNvbT4KRGF0ZTog U3VuLCAxIEZlYiAyMDE1IDA4OjMyOjMyIC0wODAwClN1YmplY3Q6IFtQQVRDSCAyLzJdIG1haW50 OiByZWZlcmVuY2UgQ1ZFLTIwMTUtMTM0NSBmcm9tIE5FV1MKCiogTkVXUzogTWVudGlvbiB0aGUg Q1ZFIHRoYXQgd2FzIGFkZHJlc3NlZCBieSB2Mi4yMS0xMy1nODNhOTViZCwKImdyZXAgLUY6IGZp eCBhIGhlYXAgYnVmZmVyIChyZWFkKSBvdmVycnVuIi4KLS0tCiBORVdTIHwgMiArLQogMSBmaWxl IGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvTkVX UyBiL05FV1MKaW5kZXggMzgzNWQ4ZC4uZGE4YmM3OCAxMDA2NDQKLS0tIGEvTkVXUworKysgYi9O RVdTCkBAIC01LDcgKzUsNyBAQCBHTlUgZ3JlcCBORVdTICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgLSotIG91dGxpbmUgLSotCiAqKiBCdWcgZml4ZXMKCiAgIGdyZXAgbm8gbG9u Z2VyIHJlYWRzIGZyb20gdW5pbml0aWFsaXplZCBtZW1vcnkgb3IgZnJvbSBiZXlvbmQgdGhlIGVu ZAotICBvZiB0aGUgaGVhcC1hbGxvY2F0ZWQgaW5wdXQgYnVmZmVyLgorICBvZiB0aGUgaGVhcC1h bGxvY2F0ZWQgaW5wdXQgYnVmZmVyLiAgVGhpcyBmaXggYWRkcmVzc2VkIENWRS0yMDE1LTEzNDUu CgoKICogTm90ZXdvcnRoeSBjaGFuZ2VzIGluIHJlbGVhc2UgMi4yMSAoMjAxNC0xMS0yMykgW3N0 YWJsZV0KLS0gCjIuMi4yCgo= --001a1140eed6641e2b050e097b60-- From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 09 11:40:43 2015 Received: (at 19563) by debbugs.gnu.org; 9 Feb 2015 16:40:43 +0000 Received: from localhost ([127.0.0.1]:38459 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YKrO6-0000DE-5e for submit@debbugs.gnu.org; Mon, 09 Feb 2015 11:40:42 -0500 Received: from mail-ig0-f181.google.com ([209.85.213.181]:43210) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YKrO3-0000Cy-FK for 19563@debbugs.gnu.org; Mon, 09 Feb 2015 11:40:40 -0500 Received: by mail-ig0-f181.google.com with SMTP id hn18so17480212igb.2 for <19563@debbugs.gnu.org>; Mon, 09 Feb 2015 08:40:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=FXZJ5cAbtRnGBnXOdGaqLQMB9KSQ5wpNC2GzYcCAsyY=; b=YsDk/kyPBo7t/V1VszQEfWDRafoXC6M4OB0w25mq0tlaR72kVqLn39zg04IJsbAmjW 3413t8utKmbfW+r37sFfaz6fIUIsA4E4PZ7hb69u9Dy4eRlm4stCaArclUL9r1Ej4Mvk 9cPvL41Ft4tzYa6eUFYSKyKxrFqKAHVJ/sOMCoh6aG4sRKJu5SKKxwBAAh+hjbxxw9mY Yq++IayVXb5G2XeLHB+KxS7AmZ211hpCMCGM1OeZMTxVZNv578V7BzPl+Vqa6jx/PUc0 BXVcEV+m3SxAACpnRW2OTqXnOP+Z94poy5HNqgEA/xUH1KtMM8WkfCNrMeUyWKem+zjK JwxA== X-Received: by 10.107.149.203 with SMTP id x194mr15010237iod.12.1423500033872; Mon, 09 Feb 2015 08:40:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.171.115 with HTTP; Mon, 9 Feb 2015 08:40:13 -0800 (PST) In-Reply-To: <20150209100856.GA3122@nomada> References: <20150209100856.GA3122@nomada> From: Jim Meyering Date: Mon, 9 Feb 2015 08:40:13 -0800 X-Google-Sender-Auth: eQj8GlBYYRnKTApS48PnNTpb45k Message-ID: Subject: Re: bug#19563: CVE number and trivial NSC follow-up patch To: =?ISO-8859-1?Q?Santiago_Ruano_Rinc=F3n?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19563 Cc: 19563@debbugs.gnu.org, Michael Gilbert , anibal@debian.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Mon, Feb 9, 2015 at 2:08 AM, Santiago Ruano Rinc=F3n wrote: > El 01/02/15 a las 08:39, Jim Meyering escribi=F3: >> I obtained a CVE number for this flaw and added a reference to it in NEW= S. >> Also fixed a now-unnecessary "goto" in related code. > > Hi, > > I'm running kwset-abuse test, but I don't get any difference with or > without the fix for this CVE (in kwset.c). Do you think there is an > issue with the test? Maybe something related to my platform? > > Cheers, > > Santiago > > PS. kwset-abuse.log attached Thanks for checking. I've just confirmed that backing out that fix and running kwset-abuse does trigger a segfault on a rawhide x86-64 system, but not on a debian unstable (also x86-64) system. The trouble is that the test case is sensitive to the implementation details of the allocator and system details like page size. The test case was designed to trigger the segfault, given a particular observed behavior. If you can tune the test to trigger a failure on your system, I'd be happy to accept a patch that adds another case for that. From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 09 13:42:49 2015 Received: (at 19563) by debbugs.gnu.org; 9 Feb 2015 18:42:49 +0000 Received: from localhost ([127.0.0.1]:38540 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YKtIG-0003Ch-5p for submit@debbugs.gnu.org; Mon, 09 Feb 2015 13:42:49 -0500 Received: from mx1.riseup.net ([198.252.153.129]:56354) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YKlH5-0000kW-67 for 19563@debbugs.gnu.org; Mon, 09 Feb 2015 05:09:04 -0500 Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 3222640B87; Mon, 9 Feb 2015 10:09:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1423476542; bh=WI1eEnttL4JwpTzGCOzhYKJ48WJeW1lgUZumYWF8aHk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=G8+wW4hItwQEyv/Fy4PC1dKsJDTpfhhKuuyzxu2zSGreOphRFf7XNY662kp/B9TJ8 PVTG/h/NHqF9suRy6ZzXjfu5PXbradJFMDolxL87qnF8e0a5mqcLCxOGgiM5j9D1lH RlZ4G0ppxm8pf/YAhm3VXVv3sdTQI5lApQ3X3GlU= Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: santiagorr) with ESMTPSA id AE7033F772 Received: by nomada (sSMTP sendmail emulation); Mon, 09 Feb 2015 11:08:57 +0100 Date: Mon, 9 Feb 2015 11:08:57 +0100 From: Santiago Ruano =?iso-8859-1?Q?Rinc=F3n?= To: Jim Meyering Subject: Re: bug#19563: CVE number and trivial NSC follow-up patch Message-ID: <20150209100856.GA3122@nomada> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3siQDZowHQqNOShm" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: clamav-milter 0.98.5 at mx1 X-Virus-Status: Clean X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 19563 X-Mailman-Approved-At: Mon, 09 Feb 2015 13:42:47 -0500 Cc: 19563@debbugs.gnu.org, Michael Gilbert , anibal@debian.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --3siQDZowHQqNOShm Content-Type: multipart/mixed; boundary="/NkBOFFp2J2Af1nK" Content-Disposition: inline --/NkBOFFp2J2Af1nK Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable El 01/02/15 a las 08:39, Jim Meyering escribi=F3: > I obtained a CVE number for this flaw and added a reference to it in NEWS. > Also fixed a now-unnecessary "goto" in related code. Hi, I'm running kwset-abuse test, but I don't get any difference with or without the fix for this CVE (in kwset.c). Do you think there is an issue with the test? Maybe something related to my platform? Cheers, Santiago PS. kwset-abuse.log attached --/NkBOFFp2J2Af1nK Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="kwset-abuse.log" Content-Transfer-Encoding: quoted-printable ++ initial_cwd_=3D/home/santiago/debian/paquetes/grep/upstream/grep/tests ++ fail=3D0 +++ testdir_prefix_ +++ printf gt ++ pfx_=3Dgt +++ mktempd_ /home/santiago/debian/paquetes/grep/upstream/grep/tests gt-kws= et-abuse.XXXX +++ case $# in +++ destdir_=3D/home/santiago/debian/paquetes/grep/upstream/grep/tests +++ template_=3Dgt-kwset-abuse.XXXX +++ MAX_TRIES_=3D4 +++ case $destdir_ in +++ case $template_ in ++++ unset TMPDIR +++ d=3D/home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-kwset-ab= use.WP7G +++ case $d in +++ test -d /home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-kwse= t-abuse.WP7G ++++ ls -dgo /home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-kws= et-abuse.WP7G ++++ tr S - ++++ LC_ALL=3DC ++++ env -- tr S - +++ perms=3D'drwx------ 2 4096 Feb 9 10:25 /home/santiago/debian/paquetes/= grep/upstream/grep/tests/gt-kwset-abuse.WP7G' +++ case $perms in +++ test 0 =3D 0 +++ echo /home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-kwset-a= buse.WP7G +++ return ++ test_dir_=3D/home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-k= wset-abuse.WP7G ++ cd /home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-kwset-abus= e.WP7G ++ gl_init_sh_nl_=3D' ' ++ IFS=3D' =09 ' ++ for sig_ in 1 2 3 13 15 +++ expr 1 + 128 ++ eval 'trap '\''Exit 129'\'' 1' +++ trap 'Exit 129' 1 ++ for sig_ in 1 2 3 13 15 +++ expr 2 + 128 ++ eval 'trap '\''Exit 130'\'' 2' +++ trap 'Exit 130' 2 ++ for sig_ in 1 2 3 13 15 +++ expr 3 + 128 ++ eval 'trap '\''Exit 131'\'' 3' +++ trap 'Exit 131' 3 ++ for sig_ in 1 2 3 13 15 +++ expr 13 + 128 ++ eval 'trap '\''Exit 141'\'' 13' +++ trap 'Exit 141' 13 ++ for sig_ in 1 2 3 13 15 +++ expr 15 + 128 ++ eval 'trap '\''Exit 143'\'' 15' +++ trap 'Exit 143' 15 ++ trap remove_tmp_ 0 + path_prepend_ ../src + test 1 '!=3D' 0 + path_dir_=3D../src + case $path_dir_ in + abs_path_dir_=3D/home/santiago/debian/paquetes/grep/upstream/grep/tests/.= =2E/src + case $abs_path_dir_ in + PATH=3D/home/santiago/debian/paquetes/grep/upstream/grep/tests/../src:/ho= me/santiago/debian/paquetes/grep/upstream/grep/src:/usr/local/bin:/usr/bin:= /bin:/usr/local/games:/usr/games + create_exe_shims_ /home/santiago/debian/paquetes/grep/upstream/grep/tests= /../src + case $EXEEXT in + return 0 + shift + test 0 '!=3D' 0 + export PATH + fail=3D0 + printf '%0260000dXy\n' 0 ++ printf %010000dy 0 + grep -F 00000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 00000000000000000000000000000000000y + test 1 =3D 1 + Exit 0 + set +e + exit 0 + exit 0 + remove_tmp_ + __st=3D0 + cleanup_ + : + cd /home/santiago/debian/paquetes/grep/upstream/grep/tests + chmod -R u+rwx /home/santiago/debian/paquetes/grep/upstream/grep/tests/gt= -kwset-abuse.WP7G + rm -rf /home/santiago/debian/paquetes/grep/upstream/grep/tests/gt-kwset-a= buse.WP7G + exit 0 --/NkBOFFp2J2Af1nK-- --3siQDZowHQqNOShm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJU2Ic4AAoJELPyXWsAqAZiyaQP/3L7OslMNl8aKncwYPeOtRlm Wa9e8uPumL/XqLCftjI/brerrK/Bz/W6itWMQutIho0/PUDxXedssZ90du6i/FMH eFoU2HK7PFfLCk+x8MEO/qZaXaOATgxNDw6SMNzu027ltB1jbUWKIoSkKaUTbZKI qGYC42o8B5CWiUSMjkys5vKOCHJEjDqSL/CikMnZkV2vVuZOiwqVnNP5iBQbSvnX B6REV84gxbLr60DWmv2TMx+AqjowReFw8yrz4r3XocW/ueq99n585vWzjcE+RMH2 GTvbSs52gRXJymjCky3g8bHZj7da+fy47RT9pXfDbWce3tXc7UwZRScJ0bwAZevz lDrNHaswFxCjCoqEI3UfCZ48lLyT34olonOO9BIPfO86P3/WuxL9PcKaCxK6GH96 RFB+eDvbYtPqDCkC/MOTpdDh+By6WQ8qYdy2ptTGgE/S0bsQP7t8Sm+LgI56t0JW 8RIfB9uroXVXAjdnSlWHFFRuniKMaPEIuaeZsZWy8WNrdLnvmpwaQss/OpfbXOIU zflDZT0WcYuoTlEKRNtwzsB6zEbPAqZa7z6z6jjk4tUFb6PFuUQzfP946QqWLNz0 u5Ys7SQvsvE0C2umlGGNGEeYbVAJ9qTOukOwDfDBd2HW1ETMec8g54RsD0G2SG5k P26yysJX6LVgqFtGmgrY =2u5f -----END PGP SIGNATURE----- --3siQDZowHQqNOShm-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 11 23:50:57 2015 Received: (at 19563) by debbugs.gnu.org; 12 Feb 2015 04:50:57 +0000 Received: from localhost ([127.0.0.1]:40487 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YLljs-0004Ri-B9 for submit@debbugs.gnu.org; Wed, 11 Feb 2015 23:50:56 -0500 Received: from mail-ie0-f175.google.com ([209.85.223.175]:43499) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YLljq-0004RV-6K for 19563@debbugs.gnu.org; Wed, 11 Feb 2015 23:50:54 -0500 Received: by iecrp18 with SMTP id rp18so9317430iec.10 for <19563@debbugs.gnu.org>; Wed, 11 Feb 2015 20:50:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:content-type; bh=XDC6qWiQykohOYji0TUtDgH6F9kUqfhVG2SZ+m7h3VQ=; b=JoD2oYKz2gKaun71ir9ai5sVaGjT06mDy4V9bBFXGmfattJDWT1IkxtP51GpR6vKvY I4hklBHt4RiljAf/jO6ifDvtzDoxfM4sfjvSwvYFQEOqLk3M3i3HKiuV/uYHAav1WVi3 gSW1tmCOOIsfrDONemRxz2VPd03vkZlWvONyGMvrjYSVw4M3Yr3pDsoTCwJ+1jnImBXR PSovtfn8D1aOzE8boA9ptoi0a1V2Os15safxE0MwKP4ckQIExmjrph25CIIaa9ovGB1Z A2LGjff3M0VIM7xZPlS4RwDLD10LlIVsEWGJn2eydaCaXLBcCGF5N2TiDUcd7+rEuAld smjw== X-Received: by 10.50.79.161 with SMTP id k1mr1750205igx.14.1423716648450; Wed, 11 Feb 2015 20:50:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.171.115 with HTTP; Wed, 11 Feb 2015 20:50:28 -0800 (PST) From: Jim Meyering Date: Wed, 11 Feb 2015 20:50:28 -0800 X-Google-Sender-Auth: uLDx_nxIzvYRKrhTPbUAJsxHcL4 Message-ID: Subject: [PATCH] maint: use ASAN-poisoning more carefully To: 19563@debbugs.gnu.org Content-Type: multipart/mixed; boundary=089e01183c361796ad050edcdd4e X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19563 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --089e01183c361796ad050edcdd4e Content-Type: text/plain; charset=ISO-8859-1 I noticed some false-positive use-of-poisoned-memory reports when testing with ASAN enabled. This avoids them: --089e01183c361796ad050edcdd4e Content-Type: application/octet-stream; name="0001-maint-use-ASAN-poisoning-more-carefully.patch" Content-Disposition: attachment; filename="0001-maint-use-ASAN-poisoning-more-carefully.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i61o2hl20 RnJvbSA0MTliNjI2NzlmY2FlYTIyOGNmNmM5NGFjOTc0MTQ4N2FmODViMmU1IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gTWV5ZXJpbmcgPG1leWVyaW5nQGZiLmNvbT4KRGF0ZTog V2VkLCAxMSBGZWIgMjAxNSAxMjoxMjoyMyAtMDgwMApTdWJqZWN0OiBbUEFUQ0hdIG1haW50OiB1 c2UgQVNBTi1wb2lzb25pbmcgbW9yZSBjYXJlZnVsbHkKClRoZSBBU0FOLXBvaXNvbmluZyBpbnN0 aXR1dGVkIGJ5IGNvbW1pdCB2Mi4yMS0xNC1nMTU1NTE4NSB3YXMKaW5jb21wbGV0ZSwgc2luY2Ug dGhlIHBvaXNvbmVkIHRhaWwgb2YgdGhlIHJlYWQgYnVmZmVyIGNvdWxkIHdlbGwKYmUgdGhlIHRh cmdldCBvZiBhIGxlZ2l0aW1hdGUgZm9sbG93LW9uIHJlYWQuICBUbyBhY2NvbW1vZGF0ZSB0aGF0 LAp3ZSBtdXN0IHVucG9pc29uIGVhY2ggc3VjaCByZWdpb24ganVzdCBiZWZvcmUgYmVnaW5uaW5n IGZpbGxidWYncwpyZWFkIGxvb3AuCiogc3JjL2dyZXAuYyBbSEFWRV9BU0FOXSAoYXNhbl9wb2lz b24pOiBEZWZpbmUuCihjbGVhcl9hc2FuX3BvaXNvbik6IERlZmluZS4KKGZpbGxidWYpOiBDbGVh ciBiZWZvcmUgcmVhZGluZywgc2luY2Ugd2UgYXJlIGxpa2VseSB0byByZWFkCmludG8gbWVtb3J5 IHRoYXQgd2FzIHBvaXNvbmVkIG9uIHRoZSBwcmVjZWRpbmcgaXRlcmF0aW9uLgoqIHRlc3RzL3R3 by1maWxlczogTmV3IGZpbGUsIHRvIHRlc3QgZm9yIHRoaXMuCiogdGVzdHMvTWFrZWZpbGUuYW0g KFRFU1RTKTogQWRkIGl0LgotLS0KIHNyYy9ncmVwLmMgICAgICAgIHwgMzIgKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrLS0KIHRlc3RzL01ha2VmaWxlLmFtIHwgIDEgKwogdGVzdHMvdHdv LWZpbGVzICAgfCAyMiArKysrKysrKysrKysrKysrKysrKysrCiAzIGZpbGVzIGNoYW5nZWQsIDUz IGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pCiBjcmVhdGUgbW9kZSAxMDA3NTUgdGVzdHMv dHdvLWZpbGVzCgpkaWZmIC0tZ2l0IGEvc3JjL2dyZXAuYyBiL3NyYy9ncmVwLmMKaW5kZXggN2Q3 MGY0YS4uZjcyMGE4YSAxMDA2NDQKLS0tIGEvc3JjL2dyZXAuYworKysgYi9zcmMvZ3JlcC5jCkBA IC04MCw2ICs4MCwzMiBAQCBzdGF0aWMgYm9vbCBvbmx5X21hdGNoaW5nOwogLyogSWYgbm9uemVy bywgbWFrZSBzdXJlIGZpcnN0IGNvbnRlbnQgY2hhciBpbiBhIGxpbmUgaXMgb24gYSB0YWIgc3Rv cC4gKi8KIHN0YXRpYyBib29sIGFsaWduX3RhYnM7CiAKKyNpZiBIQVZFX0FTQU4KKy8qIFJlY29y ZCB0aGUgc3RhcnRpbmcgYWRkcmVzcyBhbmQgbGVuZ3RoIG9mIHRoZSBzb2xlIHBvaXNvbmVkIHJl Z2lvbiwKKyAgIHNvIHRoYXQgd2UgY2FuIHVucG9pc29uIGl0IGxhdGVyLCBqdXN0IGJlZm9yZSBl YWNoIGZvbGxvd2luZyByZWFkLiAgKi8KK3N0YXRpYyB2b2lkIGNvbnN0ICpwb2lzb25fYnVmOwor c3RhdGljIHNpemVfdCBwb2lzb25fbGVuOworCitzdGF0aWMgdm9pZAorY2xlYXJfYXNhbl9wb2lz b24gKHZvaWQpCit7CisgIGlmIChwb2lzb25fYnVmKQorICAgIF9fYXNhbl91bnBvaXNvbl9tZW1v cnlfcmVnaW9uIChwb2lzb25fYnVmLCBwb2lzb25fbGVuKTsKK30KKworc3RhdGljIHZvaWQKK2Fz YW5fcG9pc29uICh2b2lkIGNvbnN0ICphZGRyLCBzaXplX3Qgc2l6ZSkKK3sKKyAgcG9pc29uX2J1 ZiA9IGFkZHI7CisgIHBvaXNvbl9sZW4gPSBzaXplOworCisgIF9fYXNhbl9wb2lzb25fbWVtb3J5 X3JlZ2lvbiAocG9pc29uX2J1ZiwgcG9pc29uX2xlbik7Cit9CisjZWxzZQorc3RhdGljIHZvaWQg Y2xlYXJfYXNhbl9wb2lzb24gKHZvaWQpIHsgfQorc3RhdGljIHZvaWQgYXNhbl9wb2lzb24gKHZv aWQgY29uc3Qgdm9sYXRpbGUgKmFkZHIsIHNpemVfdCBzaXplKSB7IH0KKyNlbmRpZgorCiAvKiBU aGUgZ3JvdXAgc2VwYXJhdG9yIHVzZWQgd2hlbiBjb250ZXh0IGlzIHJlcXVlc3RlZC4gKi8KIHN0 YXRpYyBjb25zdCBjaGFyICpncm91cF9zZXBhcmF0b3IgPSBTRVBfU1RSX0dST1VQOwogCkBAIC03 NzMsNiArNzk5LDggQEAgZmlsbGJ1ZiAoc2l6ZV90IHNhdmUsIHN0cnVjdCBzdGF0IGNvbnN0ICpz dCkKICAgICAgICAgfQogICAgIH0KIAorICBjbGVhcl9hc2FuX3BvaXNvbiAoKTsKKwogICByZWFk c2l6ZSA9IGJ1ZmZlciArIGJ1ZmFsbG9jIC0gc2l6ZW9mICh1d29yZCkgLSByZWFkYnVmOwogICBy ZWFkc2l6ZSAtPSByZWFkc2l6ZSAlIHBhZ2VzaXplOwogCkBAIC04MTgsOCArODQ2LDggQEAgZmls bGJ1ZiAoc2l6ZV90IHNhdmUsIHN0cnVjdCBzdGF0IGNvbnN0ICpzdCkKIAogICAvKiBNYXJrIHRo ZSBwYXJ0IG9mIHRoZSBidWZmZXIgbm90IGZpbGxlZCBieSB0aGUgcmVhZCBvciBzZXQgYnkKICAg ICAgdGhlIGFib3ZlIG1lbXNldCBjYWxsIGFzIEFTQU4tcG9pc29uZWQuICAqLwotICBfX2FzYW5f cG9pc29uX21lbW9yeV9yZWdpb24gKGJ1ZmxpbSArIHNpemVvZiAodXdvcmQpLAotICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGJ1ZmFsbG9jIC0gKGJ1ZmxpbSAtIGJ1ZmZlcikgLSBzaXpl b2YgKHV3b3JkKSk7CisgIGFzYW5fcG9pc29uIChidWZsaW0gKyBzaXplb2YgKHV3b3JkKSwKKyAg ICAgICAgICAgICAgIGJ1ZmFsbG9jIC0gKGJ1ZmxpbSAtIGJ1ZmZlcikgLSBzaXplb2YgKHV3b3Jk KSk7CiAKICAgcmV0dXJuIGNjOwogfQpkaWZmIC0tZ2l0IGEvdGVzdHMvTWFrZWZpbGUuYW0gYi90 ZXN0cy9NYWtlZmlsZS5hbQppbmRleCA4ZmNmOGY2Li4zM2I2YWRjIDEwMDY0NAotLS0gYS90ZXN0 cy9NYWtlZmlsZS5hbQorKysgYi90ZXN0cy9NYWtlZmlsZS5hbQpAQCAtMTE0LDYgKzExNCw3IEBA IFRFU1RTID0JCQkJCQlcCiAgIHN1cnJvZ2F0ZS1wYWlyCQkJCVwKICAgc3ltbGluawkJCQkJXAog ICB0cmlwbGUtYmFja3JlZgkJCQlcCisgIHR3by1maWxlcwkJCQkJXAogICB0dXJraXNoLWV5ZXMJ CQkJCVwKICAgdHVya2lzaC1JCQkJCQlcCiAgIHR1cmtpc2gtSS13aXRob3V0LWRvdAkJCQlcCmRp ZmYgLS1naXQgYS90ZXN0cy90d28tZmlsZXMgYi90ZXN0cy90d28tZmlsZXMKbmV3IGZpbGUgbW9k ZSAxMDA3NTUKaW5kZXggMDAwMDAwMC4uZDY1NWU1NgotLS0gL2Rldi9udWxsCisrKyBiL3Rlc3Rz L3R3by1maWxlcwpAQCAtMCwwICsxLDIyIEBACisjISAvYmluL3NoCisjIFJlYWQgdHdvIGZpbGVz LCBvZiBpbmNyZWFzaW5nIHNpemUuCisjIFdpdGggQVNBTiwgdGhpcyB3b3VsZCBoYXZlIHRyaWdn ZXJlZCBhIGZhbHNlLXBvc2l0aXZlIHJlYWQgb2YgcG9pc29uZWQgbWVtb3J5LgorIworIyBDb3B5 cmlnaHQgMjAxNSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KKyMKKyMgQ29weWluZyBh bmQgZGlzdHJpYnV0aW9uIG9mIHRoaXMgZmlsZSwgd2l0aCBvciB3aXRob3V0IG1vZGlmaWNhdGlv biwKKyMgYXJlIHBlcm1pdHRlZCBpbiBhbnkgbWVkaXVtIHdpdGhvdXQgcm95YWx0eSBwcm92aWRl ZCB0aGUgY29weXJpZ2h0CisjIG5vdGljZSBhbmQgdGhpcyBub3RpY2UgYXJlIHByZXNlcnZlZC4K KworLiAiJHtzcmNkaXI9Ln0vaW5pdC5zaCI7IHBhdGhfcHJlcGVuZF8gLi4vc3JjCisKK2ZhaWw9 MAorCitwcmludGYgYSA+IDEgfHwgZnJhbWV3b3JrX2ZhaWx1cmVfCitwcmludGYgYWIgPiAyIHx8 IGZyYW1ld29ya19mYWlsdXJlXworCitncmVwIHggMSAyID4gb3V0IDI+JjEKK3Rlc3QgJD8gLWVx IDEgfHwgZmFpbD0xCitjb21wYXJlIC9kZXYvbnVsbCBvdXQgfHwgZmFpbD0xCisKK0V4aXQgJGZh aWwKLS0gCjEuOC41LjYKCg== --089e01183c361796ad050edcdd4e-- From debbugs-submit-bounces@debbugs.gnu.org Sat May 30 16:04:40 2015 Received: (at control) by debbugs.gnu.org; 30 May 2015 20:04:41 +0000 Received: from localhost ([127.0.0.1]:33783 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Yymzo-0007X7-Fr for submit@debbugs.gnu.org; Sat, 30 May 2015 16:04:40 -0400 Received: from smtp.cs.ucla.edu ([131.179.128.62]:53645) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Yymzm-0007Wi-MZ for control@debbugs.gnu.org; Sat, 30 May 2015 16:04:39 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 3C93E39E801B for ; Sat, 30 May 2015 13:04:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9SwSbBss7Jia for ; Sat, 30 May 2015 13:04:32 -0700 (PDT) Received: from [192.168.1.9] (pool-100-32-155-148.lsanca.fios.verizon.net [100.32.155.148]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 4CC9C39E8016 for ; Sat, 30 May 2015 13:04:32 -0700 (PDT) Message-ID: <556A17D0.4000303@cs.ucla.edu> Date: Sat, 30 May 2015 13:04:32 -0700 From: Paul Eggert Organization: UCLA Computer Science Department User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: control@debbugs.gnu.org Subject: grep bug maintainance Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) tag 20605 notabug close 20605 severity 20657 wishlist tag 20638 notabug close 20638 merge 20526 19985 19230 tag 19837 notabug close 19837 merge 16444 19777 close 19563 close 19486 tag 19330 notabug close 19330 tag 19193 notabug close 19193 tag 19071 notabug close 19071 tag 19005 notabug close 19005 close 19000 tag 18888 notabug close 18888 From unknown Sun Aug 17 22:11:46 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 28 Jun 2015 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator