GNU bug report logs - #23983
[PATCH] grep: fix crash with a pattern of alternation of two same characters

Previous Next

Package: grep;

Reported by: Norihiro Tanaka <noritnk <at> kcn.ne.jp>

Date: Thu, 14 Jul 2016 15:08:01 UTC

Severity: normal

Tags: patch

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 23983 in the body.
You can then email your comments to 23983 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-grep <at> gnu.org:
bug#23983; Package grep. (Thu, 14 Jul 2016 15:08:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Norihiro Tanaka <noritnk <at> kcn.ne.jp>:
New bug report received and forwarded. Copy sent to bug-grep <at> gnu.org. (Thu, 14 Jul 2016 15:08:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Norihiro Tanaka <noritnk <at> kcn.ne.jp>
To: <bug-grep <at> gnu.org>
Subject: [PATCH] grep: fix crash with a pattern of alternation of two same
 characters
Date: Fri, 15 Jul 2016 00:07:13 +0900

[Message part 1 (text/plain, inline)]
Current master crashes with below.

$ printf '0\n0' >pat
$ printf '0\n' >in
$ env LC_ALL=C grep -F pat in

grep -F uses memchr2() for each character in this pattern, but if two
characters is same, the trie has no child.

[0001-grep-fix-crash-with-a-pattern-of-alternation-of-two-.patch (text/plain, attachment)]
Information forwarded to bug-grep <at> gnu.org:
bug#23983; Package grep. (Thu, 14 Jul 2016 17:30:02 GMT) Full text and rfc822 format available.

Message #8 received at 23983 <at> debbugs.gnu.org (full text, mbox):

From: Eric Blake <eblake <at> redhat.com>
To: Norihiro Tanaka <noritnk <at> kcn.ne.jp>, 23983 <at> debbugs.gnu.org
Subject: Re: bug#23983: [PATCH] grep: fix crash with a pattern of alternation
 of two same characters
Date: Thu, 14 Jul 2016 11:28:56 -0600

[Message part 1 (text/plain, inline)]
On 07/14/2016 09:07 AM, Norihiro Tanaka wrote:
> Current master crashes with below.
> 
> $ printf '0\n0' >pat
> $ printf '0\n' >in
> $ env LC_ALL=C grep -F pat in
> 
> grep -F uses memchr2() for each character in this pattern, but if two
> characters is same, the trie has no child.

memchr2() should already be handling the special case of the same
character requested twice, without clients having to code around it.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[signature.asc (application/pgp-signature, attachment)]
Information forwarded to bug-grep <at> gnu.org:
bug#23983; Package grep. (Thu, 14 Jul 2016 17:33:01 GMT) Full text and rfc822 format available.

Message #11 received at 23983 <at> debbugs.gnu.org (full text, mbox):

From: Eric Blake <eblake <at> redhat.com>
To: Norihiro Tanaka <noritnk <at> kcn.ne.jp>, 23983 <at> debbugs.gnu.org
Subject: Re: bug#23983: [PATCH] grep: fix crash with a pattern of alternation
 of two same characters
Date: Thu, 14 Jul 2016 11:32:30 -0600

[Message part 1 (text/plain, inline)]
On 07/14/2016 09:07 AM, Norihiro Tanaka wrote:
> Current master crashes with below.
> 
> $ printf '0\n0' >pat
> $ printf '0\n' >in
> $ env LC_ALL=C grep -F pat in
> 
> grep -F uses memchr2() for each character in this pattern, but if two
> characters is same, the trie has no child.
> 

> +++ b/src/kwset.c
> @@ -643,8 +643,13 @@ memoff2_kwset (char const *s, size_t n, kwset_t kwset,
>  {
>    struct tree const *link = kwset->trie->links;
>    struct tree const *clink = link->llink ? link->llink : link->rlink;
> +  char const *mch;
> +
> +  if (clink)
> +    mch = memchr2 (s, link->label, clink->label, n);
> +  else
> +    mch = memchr (s, link->label, n);

So the crash is because clink can be NULL, not because memchr2() is
faulty.  Could you instead do:

struct tree const *clink = link->llink ? link->llink : link->rlink ?
link->rlink : link;

>  
> -  char const *mch = memchr2 (s, link->label, clink->label, n);

so that you end up passing link->label to both parameters of memchr2()
when there are no further children in the trie?


-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[signature.asc (application/pgp-signature, attachment)]
Reply sent to Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility. (Thu, 14 Jul 2016 18:01:02 GMT) Full text and rfc822 format available.
Notification sent to Norihiro Tanaka <noritnk <at> kcn.ne.jp>:
bug acknowledged by developer. (Thu, 14 Jul 2016 18:01:02 GMT) Full text and rfc822 format available.

Message #16 received at 23983-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Eric Blake <eblake <at> redhat.com>, Norihiro Tanaka <noritnk <at> kcn.ne.jp>,
 23983-done <at> debbugs.gnu.org
Subject: Re: bug#23983: [PATCH] grep: fix crash with a pattern of alternation
 of two same characters
Date: Thu, 14 Jul 2016 20:00:35 +0200

[Message part 1 (text/plain, inline)]
On 07/14/2016 07:32 PM, Eric Blake wrote:
> Could you instead do:
Something like that should work, but the original patch seems more 
straightforward. As it happens I installed the attached before seeing 
your email. The first is the original patch but with comments spruced up 
a bit, mostly for English. The second is a minor style change.

[0001-grep-fix-F-crash-when-alternating-duplicates.patch (text/x-patch, attachment)]
[0002-grep-minor-style-changes-for-F-crash-fix.patch (text/x-patch, attachment)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 12 Aug 2016 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 8 years and 363 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.