GNU bug report logs - #44538
grep -E might exhaust stack space

Previous Next

Package: grep;

Reported by: JIang Yuancheng <0599jiangyc <at> gmail.com>

Date: Mon, 9 Nov 2020 17:45:02 UTC

Severity: wishlist

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: JIang Yuancheng <0599jiangyc <at> gmail.com>
To: bug-grep <at> gnu.org
Cc: Kaihang Ji <kaihang <at> comp.nus.edu.sg>
Subject: grep -E might exhaust stack space
Date: Tue, 10 Nov 2020 01:34:47 +0800

[Message part 1 (text/plain, inline)]
Hi,

grep -E “.*{10,}{10,}{10,}{10,}{10,}” can exhaust stack space then stack overflow comes out. (Tested on latest version 3.6)

jyc <at> ubuntu18:~/GREP/grep-3.6/src$ ./grep -E ".*{10,}{10,}{10,}{10,}{10,}" 
grep: stack overflow

Gdb information:

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x20 (' ')
RCX: 0x555555799010 --> 0x705070701010700 
RDX: 0x0 
RSI: 0x8 
RDI: 0x7ffff7b5dc40 --> 0x0 
RBP: 0xffffffffffffffb0 
RSP: 0x7fffff7fefa0 
RIP: 0x7ffff780637e (<_int_malloc+62>:	mov    QWORD PTR [rsp+0x8],rsi)
R8 : 0x68b1d 
R9 : 0x0 
R10: 0x555555799010 --> 0x705070701010700 
R11: 0x0 
R12: 0x7ffff4d228f8 --> 0x0 
R13: 0x3458e8 
R14: 0x0 
R15: 0x55555579e460 --> 0x7ffff545e010 --> 0x2e ('.')
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff7806373 <_int_malloc+51>:	test   al,al
   0x7ffff7806375 <_int_malloc+53>:	jne    0x7ffff7806a58 <_int_malloc+1816>
   0x7ffff780637b <_int_malloc+59>:	test   rdi,rdi
=> 0x7ffff780637e <_int_malloc+62>:	mov    QWORD PTR [rsp+0x8],rsi
   0x7ffff7806383 <_int_malloc+67>:	mov    r14,rdi
   0x7ffff7806386 <_int_malloc+70>:	je     0x7ffff7806a38 <_int_malloc+1784>
   0x7ffff780638c <_int_malloc+76>:	mov    r15d,ebx
   0x7ffff780638f <_int_malloc+79>:	shr    r15d,0x4
[------------------------------------stack-------------------------------------]
Invalid $SP address: 0x7fffff7fefa0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff780637e in _int_malloc (av=av <at> entry=0x7ffff7b5dc40 <main_arena>, bytes=bytes <at> entry=0x8)
    at malloc.c:3557
3557	malloc.c: No such file or directory.

ASAN:

=================================================================
==12861==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9c8afc8 (pc 0x7f9f6989dd2e bp 0x7fffe9c8b060 sp 0x7fffe9c8afd0 T0)
    #0 0x7f9f6989dd2d  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
    #1 0x7f9f69954b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
    #2 0x555aa36928ec in re_node_set_alloc /home/jyc/GREP/grep-3.6/lib/regex_internal.c:973
    #3 0x555aa369f8cf in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1700
    #4 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
    #5 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
    #6 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
…
    #248 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
    #249 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737
    #250 0x555aa369fe25 in calc_eclosure_iter /home/jyc/GREP/grep-3.6/lib/regcomp.c:1737

SUMMARY: AddressSanitizer: stack-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d) 
==12861==ABORTING



Thanks,
Yuancheng
[Message part 2 (text/html, inline)]
This bug report was last modified 3 years and 294 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.