GNU bug report logs -
#23983
[PATCH] grep: fix crash with a pattern of alternation of two same characters
Previous Next
Reported by: Norihiro Tanaka <noritnk <at> kcn.ne.jp>
Date: Thu, 14 Jul 2016 15:08:01 UTC
Severity: normal
Tags: patch
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
Message #11 received at 23983 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 07/14/2016 09:07 AM, Norihiro Tanaka wrote:
> Current master crashes with below.
>
> $ printf '0\n0' >pat
> $ printf '0\n' >in
> $ env LC_ALL=C grep -F pat in
>
> grep -F uses memchr2() for each character in this pattern, but if two
> characters is same, the trie has no child.
>
> +++ b/src/kwset.c
> @@ -643,8 +643,13 @@ memoff2_kwset (char const *s, size_t n, kwset_t kwset,
> {
> struct tree const *link = kwset->trie->links;
> struct tree const *clink = link->llink ? link->llink : link->rlink;
> + char const *mch;
> +
> + if (clink)
> + mch = memchr2 (s, link->label, clink->label, n);
> + else
> + mch = memchr (s, link->label, n);
So the crash is because clink can be NULL, not because memchr2() is
faulty. Could you instead do:
struct tree const *clink = link->llink ? link->llink : link->rlink ?
link->rlink : link;
>
> - char const *mch = memchr2 (s, link->label, clink->label, n);
so that you end up passing link->label to both parameters of memchr2()
when there are no further children in the trie?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 8 years and 364 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.