GNU bug report logs - #29666
Segfault at changing location

Previous Next

Package: grep;

Reported by: Jeremy Feusi <jeremy <at> feusi.co>

Date: Mon, 11 Dec 2017 20:50:02 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jim Meyering <jim <at> meyering.net>
To: Jeremy Feusi <jeremy <at> feusi.co>
Cc: 29666 <at> debbugs.gnu.org
Subject: bug#29666: Segfault at changing location
Date: Tue, 12 Dec 2017 09:47:17 -0800

[Message part 1 (text/plain, inline)]
On Mon, Dec 11, 2017 at 12:44 PM, Jeremy Feusi <jeremy <at> feusi.co> wrote:
> Hi,
> I am working on a project for school in which I use afl to find bugs in
> software and I decided to fuzz grep. In doing so I discovered a
> segfault. When using gdb, the location of the segfault varies, which
> puzzles me and so I cannot include any further information.
> The command to obtain this bug is:
> grep -o -E -f <seg-file>
> where <seg-file> is the file attached.
>
> I am using grep 3.1 on arch linux.
> cheers
> Jeremy

Thank you for the report.

This has been an issue since about grep-2.6.1.
It gave a proper diagnostic until 2.5.4:

  $ grep-2.5.4/bin/grep -E -f <(printf %080000d 0|tr 0 '(')
  grep-2.5.4/bin/grep: Unmatched ( or \(
  [Exit 2]

Starting in approximately 2.6.1 (I don't have 2.6.0 handy) it
would fail like this:

  $ grep-2.6.1/bin/grep -E -f <(printf %080000d 0|tr 0 '(')
  Segmentation fault (core dumped)

Using the latest with -P works fine:

  $ grep -P -f <(printf %080000d 0|tr 0 '(')
  grep: parentheses are too deeply nested
  [Exit 2]

Here's a nearly-complete patch to make grep diagnose the generic
"stack overflow" problem:

[grep-stack-overflow.diff (text/plain, attachment)]
This bug report was last modified 7 years and 218 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.