GNU bug report logs - #25494
sed 4.3-1 segmentation fault (core dumped) : Error in `sed': realloc(): invalid next size: 0x000000000209aed0 ***

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 25494 in the body.
You can then email your comments to 25494 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Noé Girand <noe.girand <at> gmail.com>
To: bug-sed <at> gnu.org
Subject: Re: sed 4.3-1 segmentation fault (core dumped) : Error in `sed':
 realloc(): invalid next size: 0x000000000209aed0 ***
Date: Fri, 20 Jan 2017 13:18:39 +0100

[Message part 1 (text/plain, inline)]

Hi all,

is there any feedback about this issue ?

I could not find it at
https://debbugs.gnu.org/cgi/pkgreport.cgi?pkg=sed

Let me know if I can help in any way.

Regards,
Noe Girand.

2017-01-17 17:39 GMT+01:00 Noé Girand <noe <at> articly.com>:

> Hi all,
>
> I am sending an email to this email address as mentioned on the sed man
> page.
>
> On running the following sed script
>
> sed -r '/<b>/ {
>         :searchforendb
>         /<\/b>/ ! {
>                 N
>                 b searchforendb
>         }
>         /^[ \n\t\r]*<b>[ \n\t\r]*Par(\xc2\xa0)*[ \n\t\r]*<\/b>[ \n\t\r]*$/
> d
> }' sed-dump.xml
>
> where sed-dump.xml is an UTF-8 Unicode text with CRLF line terminators and
> contains :
>
> <text>
>  <b>Par
>     <b>
>        <b>
>        </b>
>     </b>
>  </b>
> </text>
>
> I get the following :
>
> *** Error in `sed': realloc(): invalid next size: 0x000000000209aed0 ***
> ======= Backtrace: =========
> /usr/lib/libc.so.6(+0x70c4b)[0x7f06a69bbc4b]
> /usr/lib/libc.so.6(+0x76fe6)[0x7f06a69c1fe6]
> /usr/lib/libc.so.6(+0x79fcc)[0x7f06a69c4fcc]
> /usr/lib/libc.so.6(realloc+0x159)[0x7f06a69c64f9]
> sed[0x412786]
> sed[0x409bd0]
> sed[0x40ce4b]
> sed[0x40e760]
> sed[0x4085aa]
> sed[0x405f4f]
> sed[0x406c59]
> sed[0x407cad]
> sed[0x402d66]
> /usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7f06a696b291]
> sed[0x402e3a]
> ======= Memory map: ========
> 00400000-0041a000 r-xp 00000000 08:05 936899
> /usr/bin/sed
> 00619000-0061a000 r--p 00019000 08:05 936899
> /usr/bin/sed
> 0061a000-0061b000 rw-p 0001a000 08:05 936899
> /usr/bin/sed
> 02065000-020c8000 rw-p 00000000 00:00 0
> [heap]
> 7f06a0000000-7f06a0021000 rw-p 00000000 00:00 0
> 7f06a0021000-7f06a4000000 ---p 00000000 00:00 0
> 7f06a64f5000-7f06a650b000 r-xp 00000000 08:05 939866
> /usr/lib/libgcc_s.so.1
> 7f06a650b000-7f06a670a000 ---p 00016000 08:05 939866
> /usr/lib/libgcc_s.so.1
> 7f06a670a000-7f06a670b000 r--p 00015000 08:05 939866
> /usr/lib/libgcc_s.so.1
> 7f06a670b000-7f06a670c000 rw-p 00016000 08:05 939866
> /usr/lib/libgcc_s.so.1
> 7f06a6746000-7f06a674a000 r-xp 00000000 08:05 928101
> /usr/lib/libattr.so.1.1.0
> 7f06a674a000-7f06a6949000 ---p 00004000 08:05 928101
> /usr/lib/libattr.so.1.1.0
> 7f06a6949000-7f06a694a000 r--p 00003000 08:05 928101
> /usr/lib/libattr.so.1.1.0
> 7f06a694a000-7f06a694b000 rw-p 00004000 08:05 928101
> /usr/lib/libattr.so.1.1.0
> 7f06a694b000-7f06a6ae0000 r-xp 00000000 08:05 920754
> /usr/lib/libc-2.24.so
> 7f06a6ae0000-7f06a6cdf000 ---p 00195000 08:05 920754
> /usr/lib/libc-2.24.so
> 7f06a6cdf000-7f06a6ce3000 r--p 00194000 08:05 920754
> /usr/lib/libc-2.24.so
> 7f06a6ce3000-7f06a6ce5000 rw-p 00198000 08:05 920754
> /usr/lib/libc-2.24.so
> 7f06a6ce5000-7f06a6ce9000 rw-p 00000000 00:00 0
> 7f06a6ce9000-7f06a6cf1000 r-xp 00000000 08:05 928156
> /usr/lib/libacl.so.1.1.0
> 7f06a6cf1000-7f06a6ef0000 ---p 00008000 08:05 928156
> /usr/lib/libacl.so.1.1.0
> 7f06a6ef0000-7f06a6ef1000 r--p 00007000 08:05 928156
> /usr/lib/libacl.so.1.1.0
> 7f06a6ef1000-7f06a6ef2000 rw-p 00008000 08:05 928156
> /usr/lib/libacl.so.1.1.0
> 7f06a6ef2000-7f06a6f15000 r-xp 00000000 08:05 920753
> /usr/lib/ld-2.24.so
> 7f06a6f3d000-7f06a70d6000 r--p 00000000 08:05 968824
> /usr/lib/locale/locale-archive
> 7f06a70d6000-7f06a70da000 rw-p 00000000 00:00 0
> 7f06a7113000-7f06a7114000 rw-p 00000000 00:00 0
> 7f06a7114000-7f06a7115000 r--p 00022000 08:05 920753
> /usr/lib/ld-2.24.so
> 7f06a7115000-7f06a7116000 rw-p 00023000 08:05 920753
> /usr/lib/ld-2.24.so
> 7f06a7116000-7f06a7117000 rw-p 00000000 00:00 0
> 7fff8fd2e000-7fff8fd4f000 rw-p 00000000 00:00 0
> [stack]
> 7fff8fd8a000-7fff8fd8c000 r--p 00000000 00:00 0
> [vvar]
> 7fff8fd8c000-7fff8fd8e000 r-xp 00000000 00:00 0
> [vdso]
> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
> [vsyscall]
> [1]    962 abort (core dumped)  sed -r  sed-dump.xml
>
>
> In system log file, I also get the following
>
> Jan 17 17:26:28 noe-computer systemd[1]: Started Process Core Dump (PID
> 964/UID 0).
> Jan 17 17:26:28 noe-computer systemd-coredump[966]: Removed old coredump
> core.sed.1002.6c4d9506cb364da4a3e9da9ecd778b1d.922.1484670383000000000000.
> lz4.
> Jan 17 17:26:28 noe-computer systemd-coredump[966]: Process 962 (sed) of
> user 1002 dumped core.
>
> Stack trace of thread 962:
> #0  0x00007f06a697e04f raise (libc.so.6)
> #1  0x00007f06a697f47a abort (libc.so.6)
> #2  0x00007f06a69bbc50 __libc_message (libc.so.6)
> #3  0x00007f06a69c1fe6 malloc_printerr (libc.so.6)
> #4  0x00007f06a69c4fcc _int_realloc (libc.so.6)
> #5  0x00007f06a69c64f9 realloc (libc.so.6)
> #6  0x0000000000412786 n/a (sed)
> #7  0x0000000000409bd0 n/a (sed)
> #8  0x000000000040ce4b n/a (sed)
> #9  0x000000000040e760 n/a (sed)
> #10 0x00000000004085aa n/a (sed)
> #11 0x0000000000405f4f n/a (sed)
> #12 0x0000000000406c59 n/a (sed)
> #13 0x0000000000407cad n/a (sed)
> #14 0x0000000000402d66 n/a (sed)
> #15 0x00007f06a696b291 __libc_start_main (libc.so.6)
> #16 0x0000000000402e3a n/a (sed)
>
> As requested,`sed --version` outputs the following "
>
> sed (GNU sed) 4.3
> Copyright (C) 2016 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.
> html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Written by Jay Fenlason, Tom Lord, Ken Pizzini,
> and Paolo Bonzini.
> Page de GNU sed: <http://www.gnu.org/software/sed/>.
> Aide générale pour utiliser les logiciels GNU: <http://www.gnu.org/help/
> gethelp.fr.html>.
> E-mail bug reports to: <bug-sed <at> gnu.org>.
>
> "
>
> This was working in my previous version of sed, sed (GNU sed) 4.2.2
>
> For info, my glibc version is 2.24-2.
>
> Let me know if I can help in any way, as I reproduce consistently.
>
> Best regards,
> Noe
>
>
> --
> Noé GIRAND
> CTO de Articly
> +33 6 84 72 33 94 <+33%206%2084%2072%2033%2094>
>

[Message part 2 (text/html, inline)]

Message #8 received at 25494 <at> debbugs.gnu.org (full text, mbox):

From: Assaf Gordon <assafgordon <at> gmail.com>
To: Noé Girand <noe.girand <at> gmail.com>, 25494 <at> debbugs.gnu.org
Subject: Re: bug#25494: sed 4.3-1 segmentation fault (core dumped) : Error in
 `sed': realloc(): invalid next size: 0x000000000209aed0 ***
Date: Fri, 20 Jan 2017 14:07:34 -0500

Hello,

On 01/20/2017 07:18 AM, Noé Girand wrote:
> is there any feedback about this issue ?

Thank you for the report.

It seems your original message was not received, as I can't find a
trace of it in the mailing list archives.
Thanks for resending it.

>> On running the following sed script
>> [...]
>> *** Error in `sed': realloc(): invalid next size: 0x000000000209aed0 ***

I sadly not able to reproduce this, with sed-4.3 or the latest git
version. Perhaps this is due to input which isn't exactly what you're
using.

May I ask you to send the input XML file as an attachment,
just to ensure I'm testing on the same file?

Also, what is your current locale (i.e. the output of the 'locale'
program) ?

Thanks,
 - assaf

Message #11 received at 25494 <at> debbugs.gnu.org (full text, mbox):

From: Noé Girand <noe.girand <at> gmail.com>
To: Assaf Gordon <assafgordon <at> gmail.com>
Cc: 25494 <at> debbugs.gnu.org
Subject: Re: bug#25494: sed 4.3-1 segmentation fault (core dumped) : Error in
 `sed': realloc(): invalid next size: 0x000000000209aed0 ***
Date: Fri, 20 Jan 2017 20:29:19 +0100

[Message part 1 (text/plain, inline)]

Hi Assaf, thank you very much for you feedback.

Attached is my sed-dump.xml example input file, and `locale` outputs '
LANG=fr_FR.UTF-8
LC_CTYPE=fr_FR.UTF-8
LC_NUMERIC="fr_FR.UTF-8"
LC_TIME="fr_FR.UTF-8"
LC_COLLATE="fr_FR.UTF-8"
LC_MONETARY="fr_FR.UTF-8"
LC_MESSAGES="fr_FR.UTF-8"
LC_PAPER="fr_FR.UTF-8"
LC_NAME="fr_FR.UTF-8"
LC_ADDRESS="fr_FR.UTF-8"
LC_TELEPHONE="fr_FR.UTF-8"
LC_MEASUREMENT="fr_FR.UTF-8"
LC_IDENTIFICATION="fr_FR.UTF-8"
'

Let me know if I can provide any additional help.

Regards,
Noe

2017-01-20 20:07 GMT+01:00 Assaf Gordon <assafgordon <at> gmail.com>:

> Hello,
>
> On 01/20/2017 07:18 AM, Noé Girand wrote:
> > is there any feedback about this issue ?
>
> Thank you for the report.
>
> It seems your original message was not received, as I can't find a
> trace of it in the mailing list archives.
> Thanks for resending it.
>
> >> On running the following sed script
> >> [...]
> >> *** Error in `sed': realloc(): invalid next size: 0x000000000209aed0 ***
>
> I sadly not able to reproduce this, with sed-4.3 or the latest git
> version. Perhaps this is due to input which isn't exactly what you're
> using.
>
> May I ask you to send the input XML file as an attachment,
> just to ensure I'm testing on the same file?
>
> Also, what is your current locale (i.e. the output of the 'locale'
> program) ?
>
> Thanks,
>  - assaf
>
>
>
>

[Message part 2 (text/html, inline)]

[sed-dump.xml (text/xml, attachment)]

Message #14 received at 25494 <at> debbugs.gnu.org (full text, mbox):

From: Assaf Gordon <assafgordon <at> gmail.com>
To: Noé Girand <noe.girand <at> gmail.com>
Cc: 25494 <at> debbugs.gnu.org
Subject: Re: bug#25494: sed 4.3-1 segmentation fault (core dumped) : Error in
 `sed': realloc(): invalid next size: 0x000000000209aed0 ***
Date: Fri, 20 Jan 2017 15:13:58 -0500

Hello,

on 01/20/2017 02:29 PM, Noé Girand wrote:
> Attached is my sed-dump.xml example input file, and `locale` outputs.

Thank you.

I was able to reproduce it with sed-4.3,
and also able to confirm sed no longer segfaults in the latest git
version.
A related regex/newline bug was recently fixed in gnulib:
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=823b5cb589366f7c8742503af980803afad0978f

And I suspect it was the same cause as this bug.


> Let me know if I can provide any additional help.

Can you help us confirm that this bug is solved in the
latest 'sed' ?

If you are able to build from git, please use this:
  http://git.savannah.gnu.org/cgit/sed.git

Otherwise, I've prepared a temporary archive,
available here:

 http://download-mirror.savannah.gnu.org/releases/sed/sed-4.3.16-572d.tar.xz

 $ sha256sum sed-4.3.16-572d.tar.xz
5dc97640e955fb84e84dc48667de703fac1dd12f3529859ed7ba252d4112d4ef
sed-4.3.16-572d.tar.xz



thanks,
 - assaf

Message #17 received at 25494 <at> debbugs.gnu.org (full text, mbox):

From: Noé Girand <noe.girand <at> gmail.com>
To: Assaf Gordon <assafgordon <at> gmail.com>
Cc: 25494 <at> debbugs.gnu.org
Subject: Re: bug#25494: sed 4.3-1 segmentation fault (core dumped) : Error in
 `sed': realloc(): invalid next size: 0x000000000209aed0 ***
Date: Fri, 20 Jan 2017 21:23:09 +0100

[Message part 1 (text/plain, inline)]

Hi Assaf, thanks for your quick reponse, I will check this tomorrow.

Best regards,
Noe

2017-01-20 21:13 GMT+01:00 Assaf Gordon <assafgordon <at> gmail.com>:

> Hello,
>
> on 01/20/2017 02:29 PM, Noé Girand wrote:
> > Attached is my sed-dump.xml example input file, and `locale` outputs.
>
> Thank you.
>
> I was able to reproduce it with sed-4.3,
> and also able to confirm sed no longer segfaults in the latest git
> version.
> A related regex/newline bug was recently fixed in gnulib:
> http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=
> 823b5cb589366f7c8742503af980803afad0978f
>
> And I suspect it was the same cause as this bug.
>
>
> > Let me know if I can provide any additional help.
>
> Can you help us confirm that this bug is solved in the
> latest 'sed' ?
>
> If you are able to build from git, please use this:
>   http://git.savannah.gnu.org/cgit/sed.git
>
> Otherwise, I've prepared a temporary archive,
> available here:
>
>  http://download-mirror.savannah.gnu.org/releases/sed/
> sed-4.3.16-572d.tar.xz
>
>  $ sha256sum sed-4.3.16-572d.tar.xz
> 5dc97640e955fb84e84dc48667de703fac1dd12f3529859ed7ba252d4112d4ef
> sed-4.3.16-572d.tar.xz
>
>
>
> thanks,
>  - assaf
>

[Message part 2 (text/html, inline)]

Message #20 received at 25494 <at> debbugs.gnu.org (full text, mbox):

From: Noé Girand <noe.girand <at> gmail.com>
To: Assaf Gordon <assafgordon <at> gmail.com>
Cc: 25494 <at> debbugs.gnu.org
Subject: Re: bug#25494: sed 4.3-1 segmentation fault (core dumped) : Error in
 `sed': realloc(): invalid next size: 0x000000000209aed0 ***
Date: Sat, 21 Jan 2017 12:46:05 +0100

[Message part 1 (text/plain, inline)]

Hi Assaf,

I built from git, and can confirm that the issue is fixed !

The bug can be closed, but I don't know how to do it.

Thank you very much for your reactivity.

Best regards,
Noe

2017-01-20 21:23 GMT+01:00 Noé Girand <noe.girand <at> gmail.com>:

> Hi Assaf, thanks for your quick reponse, I will check this tomorrow.
>
> Best regards,
> Noe
>
> 2017-01-20 21:13 GMT+01:00 Assaf Gordon <assafgordon <at> gmail.com>:
>
>> Hello,
>>
>> on 01/20/2017 02:29 PM, Noé Girand wrote:
>> > Attached is my sed-dump.xml example input file, and `locale` outputs.
>>
>> Thank you.
>>
>> I was able to reproduce it with sed-4.3,
>> and also able to confirm sed no longer segfaults in the latest git
>> version.
>> A related regex/newline bug was recently fixed in gnulib:
>> http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=823b5
>> cb589366f7c8742503af980803afad0978f
>>
>> And I suspect it was the same cause as this bug.
>>
>>
>> > Let me know if I can provide any additional help.
>>
>> Can you help us confirm that this bug is solved in the
>> latest 'sed' ?
>>
>> If you are able to build from git, please use this:
>>   http://git.savannah.gnu.org/cgit/sed.git
>>
>> Otherwise, I've prepared a temporary archive,
>> available here:
>>
>>  http://download-mirror.savannah.gnu.org/releases/sed/sed-4.
>> 3.16-572d.tar.xz
>>
>>  $ sha256sum sed-4.3.16-572d.tar.xz
>> 5dc97640e955fb84e84dc48667de703fac1dd12f3529859ed7ba252d4112d4ef
>> sed-4.3.16-572d.tar.xz
>>
>>
>>
>> thanks,
>>  - assaf
>>
>
>

[Message part 2 (text/html, inline)]

Message #25 received at 25494-done <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Noé Girand <noe.girand <at> gmail.com>
Cc: Assaf Gordon <assafgordon <at> gmail.com>, 25494-done <at> debbugs.gnu.org
Subject: Re: bug#25494: sed 4.3-1 segmentation fault (core dumped) : Error in
 `sed': realloc(): invalid next size: 0x000000000209aed0 ***
Date: Sat, 21 Jan 2017 07:39:14 -0800

On Sat, Jan 21, 2017 at 3:46 AM, Noé Girand <noe.girand <at> gmail.com> wrote:
> I built from git, and can confirm that the issue is fixed !
>
> The bug can be closed, but I don't know how to do it.

Thanks for confirming.
Anyone can close a bug by replying to DDDDD-done <at> debbugs.gnu.org,
where DDDDD <at> debbugs.gnu.org is one of the recipients you would see in
the reply-to-all message.

So to close this, I am replying-to-all and changing the
25494 <at> debbugs.gnu.org recipient to 25494-done <at> debbugs.gnu.org.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.