From unknown Tue Jun 24 06:57:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#66835: Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function. Resent-From: Some Dickhead Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 30 Oct 2023 16:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 66835 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: 66835@debbugs.gnu.org X-Debbugs-Original-To: bug-coreutils@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16986837605856 (code B ref -1); Mon, 30 Oct 2023 16:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 30 Oct 2023 16:36:00 +0000 Received: from localhost ([127.0.0.1]:46613 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qxVF9-0001WM-OM for submit@debbugs.gnu.org; Mon, 30 Oct 2023 12:36:00 -0400 Received: from lists.gnu.org ([2001:470:142::17]:45528) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qxAKE-0004AZ-0S for submit@debbugs.gnu.org; Sun, 29 Oct 2023 14:15:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qxAJb-0004ov-BN for bug-coreutils@gnu.org; Sun, 29 Oct 2023 14:15:11 -0400 Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qxAJZ-0003G1-1b for bug-coreutils@gnu.org; Sun, 29 Oct 2023 14:15:10 -0400 Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-9d216597f64so154271666b.3 for ; Sun, 29 Oct 2023 11:15:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698603306; x=1699208106; darn=gnu.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=MpR1yYtbCg2hvlzd6R85DsZ3y5Fq3OBTRdK+jaqX8CQ=; b=Uu92145S6xO1cdbTFT4aeiTCAZUzHLf/o1oqeqbXdYlewzYpJ3e1+1uiYwsBSoJtp/ P3hdb/NkmKoRAtMWyMtiY8ZMPMv9YCqWGy4D9CZ3OeOsh2c7TAxlPyfBvOCtrssHN3UJ Uo2InEfjn5Zphys3dOUjufsC1XpOHe1KDbOWGjNWXhpnevuSP8wnN2R+9FCoVvC74tua 2CydAVjtnxNPdwM1zx+knLeKMV6uNYNFJ1ztJn8GuCECaGUkJkSwINHlQJkl6thlBGOf K1EIHNK1sTeOfBWpQ9EZ6f4rfRrQdE8moY9UyA43lEMcacoeKGs2uJC2p/h/JuSrWS6N SKyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698603306; x=1699208106; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MpR1yYtbCg2hvlzd6R85DsZ3y5Fq3OBTRdK+jaqX8CQ=; b=F1rRilYgXl9zaouwl5lEWW36tkzPbQ3lQ2eM8SOQdWADYd1yOEb00JBdfabQv/wanU qSj1aDSlQtBKymzjwzoRMHibSklHviob+M/92MBJ0XZ5jUuFeCEXTHgnnoBnjRSEWIsP ye+o0YTAU2/9e9g53vSI7JSvehXAshtcuwyBZj9GQBfve9qURKACqmjpvT/fTqyV7ak6 6Lu8mlPtRuhBBaKCxhl6eKUm5e3oTGv893vV5V9oKNCa90AWU11bfJWd0Dt2DJTR6KyB QIOj3P0M/dFxZab79F3/5JnRHjCoar/I4Pa1cKZAU7nqIfJES5hdv89FozMDsWipoRAg I9sQ== X-Gm-Message-State: AOJu0YxMaENlM71tZ6qWLiMe4ZDQKeh1d4nxBaN2lq7um8jWFQQVfZkT Cru569fh18nAf7Rlyvwy9uGKapFMHSeWyvLXxdUPtRTmTo8= X-Google-Smtp-Source: AGHT+IHGUvtgbq3gX4gNOJgpzaPKvW9KSytgWiB/CE0g0Gp5pRtIIXCX53+rUispcrfmUbtJ4jzh8NGhHGZUV2R/Iu0= X-Received: by 2002:a17:906:dace:b0:9c6:19ea:cdd6 with SMTP id xi14-20020a170906dace00b009c619eacdd6mr6723535ejb.50.1698603305690; Sun, 29 Oct 2023 11:15:05 -0700 (PDT) MIME-Version: 1.0 From: Some Dickhead Date: Sun, 29 Oct 2023 20:14:54 +0200 Message-ID: Content-Type: multipart/mixed; boundary="000000000000a6794a0608dee651" Received-SPF: pass client-ip=2a00:1450:4864:20::635; envelope-from=wheneveriseefeetibeatmymeat@gmail.com; helo=mail-ej1-x635.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Mailman-Approved-At: Mon, 30 Oct 2023 12:35:58 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --000000000000a6794a0608dee651 Content-Type: multipart/alternative; boundary="000000000000a679480608dee64f" --000000000000a679480608dee64f Content-Type: text/plain; charset="UTF-8" Hi! I was fuzzing expr in coreutils and found a bug. I compiled expr with asan and ubsan. I cloned the repository from https://github.com/coreutils/coreutils and I am using commit f7e25d5bb53e35bcdea8512dd6db07dd7e6cf452 . After compiling expr, just run './expr $(printf "\x30\x98\xc8\x9d") : $(printf "\x5c\x28\x5c\x29\x2e\x2a\x5c\x53\x98\xc8\x30\x2a\x5c\x31")' and observe the crash. I have attached the ASAN report which I got from my run to this email. --000000000000a679480608dee64f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi! I was fuzzing expr in coreutils and found a bug. I com= piled expr with asan and ubsan. I cloned the repository from=C2=A0https://github.com/coreutils/co= reutils and I am using commit=C2=A0f7e25d5bb53e35bcdea8512dd6db07dd7e6c= f452 . After compiling expr, just run './expr $(printf "\x30\x98\x= c8\x9d") : $(printf "\x5c\x28\x5c\x29\x2e\x2a\x5c\x53\x98\xc8\x30= \x2a\x5c\x31")' and observe the crash. I have attached the ASAN re= port which I got from my run to this email.








--000000000000a679480608dee64f-- --000000000000a6794a0608dee651 Content-Type: text/plain; charset="US-ASCII"; name="asanreport.txt" Content-Disposition: attachment; filename="asanreport.txt" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_lobsh4p30 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KPT0xODk0MTM2PT1FUlJPUjogQWRkcmVzc1Nhbml0aXplcjogaGVhcC1idWZmZXIt b3ZlcmZsb3cgb24gYWRkcmVzcyAweDYwMzAwMDAwMDM2MCBhdCBwYyAweDU1ZWIxNDI3Mjg0NSBi cCAweDdmZmUxZDE5ZjdiMCBzcCAweDdmZmUxZDE5ZjdhOApSRUFEIG9mIHNpemUgOCBhdCAweDYw MzAwMDAwMDM2MCB0aHJlYWQgVDAKICAgICMwIDB4NTVlYjE0MjcyODQ0IGluIGNoZWNrX2Fycml2 YWxfYWRkX25leHRfbm9kZXMgL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9G dXp6aW5nL2NvcmV1dGlscy8uL2xpYi9yZWdleGVjLmM6MzAwMToyMQogICAgIzEgMHg1NWViMTQy NzI4NDQgaW4gY2hlY2tfYXJyaXZhbCAvaG9tZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hha2tlcm9p bnRpL0Z1enppbmcvY29yZXV0aWxzLy4vbGliL3JlZ2V4ZWMuYzoyOTE0OjEwCiAgICAjMiAweDU1 ZWIxNDI2ODQ5NiBpbiBnZXRfc3ViZXhwX3N1YiAvaG9tZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hh a2tlcm9pbnRpL0Z1enppbmcvY29yZXV0aWxzLy4vbGliL3JlZ2V4ZWMuYzoyNzY2OjkKICAgICMz IDB4NTVlYjE0MjFiNzU0IGluIGdldF9zdWJleHAgL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9I YWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGlscy8uL2xpYi9yZWdleGVjLmM6Mjc0MToxMAogICAg IzQgMHg1NWViMTQyMWI3NTQgaW4gdHJhbnNpdF9zdGF0ZV9ia3JlZiAvaG9tZS9jeWJlcmhhY2tl ci9Bc2lvaXRhL0hha2tlcm9pbnRpL0Z1enppbmcvY29yZXV0aWxzLy4vbGliL3JlZ2V4ZWMuYzoy NTI1OjEzCiAgICAjNSAweDU1ZWIxNDIzNzExYiBpbiBtZXJnZV9zdGF0ZV93aXRoX2xvZyAvaG9t ZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hha2tlcm9pbnRpL0Z1enppbmcvY29yZXV0aWxzLy4vbGli L3JlZ2V4ZWMuYzoyMzEyOjExCiAgICAjNiAweDU1ZWIxNDFmZTU1NyBpbiBjaGVja19tYXRjaGlu ZyAvaG9tZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hha2tlcm9pbnRpL0Z1enppbmcvY29yZXV0aWxz Ly4vbGliL3JlZ2V4ZWMuYzoxMTA5OjE0CiAgICAjNyAweDU1ZWIxNDFmZTU1NyBpbiByZV9zZWFy Y2hfaW50ZXJuYWwgL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6aW5n L2NvcmV1dGlscy8uL2xpYi9yZWdleGVjLmM6Nzg0OjIwCiAgICAjOCAweDU1ZWIxNDE2MGM1NiBp biByZV9zZWFyY2hfc3R1YiAvaG9tZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hha2tlcm9pbnRpL0Z1 enppbmcvY29yZXV0aWxzLy4vbGliL3JlZ2V4ZWMuYzo0MjA6MTIKICAgICM5IDB4NTVlYjE0MTYw YzU2IGluIHJwbF9yZV9tYXRjaCAvaG9tZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hha2tlcm9pbnRp L0Z1enppbmcvY29yZXV0aWxzLy4vbGliL3JlZ2V4ZWMuYzoyNzQ6MTAKICAgICMxMCAweDU1ZWIx NDE2MGM1NiBpbiBkb2NvbG9uIC9ob21lL2N5YmVyaGFja2VyL0FzaW9pdGEvSGFra2Vyb2ludGkv RnV6emluZy9jb3JldXRpbHMvc3JjL2V4cHIuYzo3MTQ6MTQKICAgICMxMSAweDU1ZWIxNDE1YjBi MiBpbiBldmFsNSAvaG9tZS9jeWJlcmhhY2tlci9Bc2lvaXRhL0hha2tlcm9pbnRpL0Z1enppbmcv Y29yZXV0aWxzL3NyYy9leHByLmM6ODk0OjE5CiAgICAjMTIgMHg1NWViMTQxNWIwYjIgaW4gZXZh bDQgL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGls cy9zcmMvZXhwci5jOjkxNzo3CiAgICAjMTMgMHg1NWViMTQxNWEyNzQgaW4gZXZhbDMgL2hvbWUv Y3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGlscy9zcmMvZXhw ci5jOjk1Njo3CiAgICAjMTQgMHg1NWViMTQxNTRiZjYgaW4gZXZhbDIgL2hvbWUvY3liZXJoYWNr ZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGlscy9zcmMvZXhwci5jOjk4Njo3 CiAgICAjMTUgMHg1NWViMTQxNTQwNzEgaW4gZXZhbDEgL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0 YS9IYWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGlscy9zcmMvZXhwci5jOjEwNjU6NwogICAgIzE2 IDB4NTVlYjE0MTUzMWExIGluIGV2YWwgL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJv aW50aS9GdXp6aW5nL2NvcmV1dGlscy9zcmMvZXhwci5jOjEwOTY6NwogICAgIzE3IDB4NTVlYjE0 MTUyOWY3IGluIG1haW4gL2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6 aW5nL2NvcmV1dGlscy9zcmMvZXhwci5jOjQ1NDo3CiAgICAjMTggMHg3ZjVjYTRkODEwODIgaW4g X19saWJjX3N0YXJ0X21haW4gL2J1aWxkL2dsaWJjLUJITDNLTS9nbGliYy0yLjMxL2NzdS8uLi9j c3UvbGliYy1zdGFydC5jOjMwODoxNgogICAgIzE5IDB4NTVlYjE0MDU2ZDlkIGluIF9zdGFydCAo L2hvbWUvY3liZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGlscy9m dXp6L3Bhc3NpbmcvcG9vcG9vZXhwcisweGFmZDlkKQoKMHg2MDMwMDAwMDAzNjAgaXMgbG9jYXRl ZCAwIGJ5dGVzIHRvIHRoZSByaWdodCBvZiAzMi1ieXRlIHJlZ2lvbiBbMHg2MDMwMDAwMDAzNDAs MHg2MDMwMDAwMDAzNjApCmFsbG9jYXRlZCBieSB0aHJlYWQgVDAgaGVyZToKICAgICMwIDB4NTVl YjE0MTA3MDdmIGluIF9faW50ZXJjZXB0b3JfcmVhbGxvYy5wYXJ0LjAgL2hvbWUvY3liZXJoYWNr ZXIvQXNpb2l0YS9uZXdhZmxmdXp6L3NoaXQvbGx2bS1wcm9qZWN0LWxsdm1vcmctMTUuMC43L2Nv bXBpbGVyLXJ0L2xpYi9hc2FuL2FzYW5fbWFsbG9jX2xpbnV4LmNwcDo4NTozCiAgICAjMSAweDU1 ZWIxNDI3MTY1NiBpbiBjaGVja19hcnJpdmFsIC9ob21lL2N5YmVyaGFja2VyL0FzaW9pdGEvSGFr a2Vyb2ludGkvRnV6emluZy9jb3JldXRpbHMvLi9saWIvcmVnZXhlYy5jOjI4MzU6MTkKICAgICMy IDB4NTVlYjE0MjY4NDk2IGluIGdldF9zdWJleHBfc3ViIC9ob21lL2N5YmVyaGFja2VyL0FzaW9p dGEvSGFra2Vyb2ludGkvRnV6emluZy9jb3JldXRpbHMvLi9saWIvcmVnZXhlYy5jOjI3NjY6OQoK U1VNTUFSWTogQWRkcmVzc1Nhbml0aXplcjogaGVhcC1idWZmZXItb3ZlcmZsb3cgL2hvbWUvY3li ZXJoYWNrZXIvQXNpb2l0YS9IYWtrZXJvaW50aS9GdXp6aW5nL2NvcmV1dGlscy8uL2xpYi9yZWdl eGVjLmM6MzAwMToyMSBpbiBjaGVja19hcnJpdmFsX2FkZF9uZXh0X25vZGVzClNoYWRvdyBieXRl cyBhcm91bmQgdGhlIGJ1Z2d5IGFkZHJlc3M6CiAgMHgwYzA2N2ZmZjgwMTA6IDAwIDAwIGZhIGZh IDAwIDAwIDAwIDAwIGZhIGZhIDAwIDAwIDAwIGZhIGZhIGZhCiAgMHgwYzA2N2ZmZjgwMjA6IDAw IDAwIDAwIGZhIGZhIGZhIDAwIDAwIDAwIDAwIGZhIGZhIDAwIDAwIDAwIDAwCiAgMHgwYzA2N2Zm ZjgwMzA6IGZhIGZhIGZkIGZkIGZkIGZhIGZhIGZhIGZkIGZkIGZkIGZhIGZhIGZhIGZkIGZkCiAg MHgwYzA2N2ZmZjgwNDA6IGZkIGZhIGZhIGZhIDAwIDAwIDAwIDAwIGZhIGZhIDAwIDAwIDA0IGZh IGZhIGZhCiAgMHgwYzA2N2ZmZjgwNTA6IGZkIGZkIGZkIGZkIGZhIGZhIDAwIDAwIDAwIGZhIGZh IGZhIDAwIDAwIDAwIGZhCj0+MHgwYzA2N2ZmZjgwNjA6IGZhIGZhIDAwIDAwIDAwIGZhIGZhIGZh IDAwIDAwIDAwIDAwW2ZhXWZhIGZhIGZhCiAgMHgwYzA2N2ZmZjgwNzA6IGZhIGZhIGZhIGZhIGZh IGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhCiAgMHgwYzA2N2ZmZjgwODA6IGZhIGZh IGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhCiAgMHgwYzA2N2ZmZjgw OTA6IGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhCiAgMHgw YzA2N2ZmZjgwYTA6IGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZh IGZhCiAgMHgwYzA2N2ZmZjgwYjA6IGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZh IGZhIGZhIGZhIGZhClNoYWRvdyBieXRlIGxlZ2VuZCAob25lIHNoYWRvdyBieXRlIHJlcHJlc2Vu dHMgOCBhcHBsaWNhdGlvbiBieXRlcyk6CiAgQWRkcmVzc2FibGU6ICAgICAgICAgICAwMAogIFBh cnRpYWxseSBhZGRyZXNzYWJsZTogMDEgMDIgMDMgMDQgMDUgMDYgMDcgCiAgSGVhcCBsZWZ0IHJl ZHpvbmU6ICAgICAgIGZhCiAgRnJlZWQgaGVhcCByZWdpb246ICAgICAgIGZkCiAgU3RhY2sgbGVm dCByZWR6b25lOiAgICAgIGYxCiAgU3RhY2sgbWlkIHJlZHpvbmU6ICAgICAgIGYyCiAgU3RhY2sg cmlnaHQgcmVkem9uZTogICAgIGYzCiAgU3RhY2sgYWZ0ZXIgcmV0dXJuOiAgICAgIGY1CiAgU3Rh Y2sgdXNlIGFmdGVyIHNjb3BlOiAgIGY4CiAgR2xvYmFsIHJlZHpvbmU6ICAgICAgICAgIGY5CiAg R2xvYmFsIGluaXQgb3JkZXI6ICAgICAgIGY2CiAgUG9pc29uZWQgYnkgdXNlcjogICAgICAgIGY3 CiAgQ29udGFpbmVyIG92ZXJmbG93OiAgICAgIGZjCiAgQXJyYXkgY29va2llOiAgICAgICAgICAg IGFjCiAgSW50cmEgb2JqZWN0IHJlZHpvbmU6ICAgIGJiCiAgQVNhbiBpbnRlcm5hbDogICAgICAg ICAgIGZlCiAgTGVmdCBhbGxvY2EgcmVkem9uZTogICAgIGNhCiAgUmlnaHQgYWxsb2NhIHJlZHpv bmU6ICAgIGNiCj09MTg5NDEzNj09QUJPUlRJTkcK --000000000000a6794a0608dee651-- From unknown Tue Jun 24 06:57:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#66835: Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function. Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Wed, 08 Nov 2023 00:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66835 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: Some Dickhead , 66835@debbugs.gnu.org Received: via spool by 66835-submit@debbugs.gnu.org id=B66835.169940390720899 (code B ref 66835); Wed, 08 Nov 2023 00:39:02 +0000 Received: (at 66835) by debbugs.gnu.org; 8 Nov 2023 00:38:27 +0000 Received: from localhost ([127.0.0.1]:43764 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r0WaQ-0005R0-S9 for submit@debbugs.gnu.org; Tue, 07 Nov 2023 19:38:27 -0500 Received: from mail.cs.ucla.edu ([131.179.128.66]:41456) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r0WaK-0005Qd-Cl for 66835@debbugs.gnu.org; Tue, 07 Nov 2023 19:38:24 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id E60023C011BD4; Tue, 7 Nov 2023 16:37:35 -0800 (PST) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id mz1nKzGfIuV6; Tue, 7 Nov 2023 16:37:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 4B2693C011BD6; Tue, 7 Nov 2023 16:37:35 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 4B2693C011BD6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1699403855; bh=jXENaI6Jg5n/ufV/6/Bd9s/PuVsOKSxjutmaSkuEh48=; h=Message-ID:Date:MIME-Version:To:From; b=CqEeHnkmOxQUt0i2294kfGD1uR6PzInTcnNgz9xEyzj9kq7cp8x6a7O7CISlXwOFT 9geYNhY2sEV/58jTKt8+0fxyZGdebGO2h9anr98Xg2/C+S/4R60nCdYXFyoTigEk3N As+3YOkSNvFmmQqFotkpZKOB27VUDwq9OXPWWmTR3JhXjW/PIlzWBIaj0PagAnTmwZ cr1fxdhQ1cIHhJQIKWtC+3dNuRLDTj+jKGvLFMIcgycI8IIAe1dHBeO9OKvDls+LGj xIP4TupaEJGwVk2fZOQCJwRfP/lNLsnj/q5UvycX/FAGA3bv5Uzk9RruUz5jG+bPhL +koOWruEFaFnA== X-Virus-Scanned: amavisd-new at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8z9eU8wfdsw3; Tue, 7 Nov 2023 16:37:35 -0800 (PST) Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 344C53C011BD4; Tue, 7 Nov 2023 16:37:35 -0800 (PST) Message-ID: <0bb7e4ad-2cb7-4781-a76c-6b65d994f091@cs.ucla.edu> Date: Tue, 7 Nov 2023 16:37:34 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US References: From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Thanks. This is a bug in the glibc regular expression matcher. It's part of a well known series of bugs. See, for example: https://sourceware.org/bugzilla/show_bug.cgi?id=12896 https://sourceware.org/bugzilla/show_bug.cgi?id=17356 It's not of much practical concern since the attacker should not have control of B in invocations like 'expr "$A" : "$B"'.