GNU bug report logs - #34141
Stackoverflow triggered at lib/regexec.c:1948

Previous Next

Package: sed;

Reported by: Hongxu Chen <leftcopy.chx <at> gmail.com>

Date: Sun, 20 Jan 2019 05:59:01 UTC

Severity: normal

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hongxu Chen <leftcopy.chx <at> gmail.com>
To: bug-sed <at> gnu.org
Subject: Stackoverflow triggered at lib/regexec.c:1948
Date: Sun, 20 Jan 2019 13:58:01 +0800

[Message part 1 (text/plain, inline)]
Hi,

    Latest sed (4.7.4-f8503-dirty; and prior to this, e.g. 4.4) may trigger
a stack overflow error by executing the following command.

    echo 0 | ./sed '/\(\)\(\1\(\)\1\(\)\)*/c0'    # equivalently sed -f
c01.sed c01.in

    ASan reports like this:
AddressSanitizer:DEADLYSIGNAL



=================================================================



==26879==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea609bff8
(pc 0x0000005b0b76 bp 0x7ffea609c090 sp 0x7ffea609bf20 T0)


    #0 0x5b0b75 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18


    #1 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #2 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #3 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #4 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #5 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #6 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #7 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7
...
    #247 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #248 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7


    #249 0x5b0ed3 in check_dst_limits_calc_pos_1
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7






SUMMARY: AddressSanitizer: stack-overflow
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18 in
check_dst_limits_calc_pos_1

==26879==ABORTING

Best Regards,
Hongxu

[Message part 2 (text/html, inline)]
[c01.in (application/octet-stream, attachment)]
[c01.sed (application/octet-stream, attachment)]
[c01.asan (application/octet-stream, attachment)]
This bug report was last modified 6 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.