GNU bug report logs - #25390
Segfault with sed 4.3

Previous Next

Full log

View this message in rfc822 format

From: Norihiro Tanaka <noritnk <at> kcn.ne.jp>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 25390 <at> debbugs.gnu.org, Assaf Gordon <assafgordon <at> gmail.com>, Gnulib bugs <bug-gnulib <at> gnu.org>, "S. Gilles" <sgilles <at> math.umd.edu>, GNU grep developers <grep-devel <at> gnu.org>
Subject: bug#25390: Segfault with sed 4.3
Date: Mon, 09 Jan 2017 11:38:40 +0900

[Message part 1 (text/plain, inline)]

On Sun, 8 Jan 2017 12:49:42 -0800
Paul Eggert <eggert <at> cs.ucla.edu> wrote:

> Assaf Gordon wrote:
> > The immediate cause is somewhere in gnulib's DFA module.
> 
> The bug was introduced in Gnulib, in commit 403adf1b40897ba108075008c10bd38d937e1539
> dated 2016-11-25 and labeled "dfa: addition of new state on demand".
> It's not a bug that grep runs into, since grep doesn't use the
> newline transition that sed does. I installed the attached patch to
> fix the Gnulib bug. I'll leave Bug#25390 open, as I assume you'll
> want to check it for 'sed' and add a test case for 'sed'.

Thanks for fixing quickly.

I wrote two additional patches for dfa.  First, derive number of
allocation from not argument but number of state in transition table
allocation.  Second, melt down dfastate() into build_state().  Now, I
think that there do not have to be separated.

I also wrote a simple test, but the issue are not always caused, as it
depends on state of memory.  Should we rely to complate the test on
valgrind?

[0001-dfa-simplify-transition-table-allocation.patch (text/plain, attachment)]

[0002-dfa-melt-down-dfastate-into-build_state.patch (text/plain, attachment)]

[0001-tests-new-test-for-dfa-crash-bug.patch (text/plain, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.