Bug 727895
| Summary: | Thread-safety bug in Boost.Regex-1.33.x | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | RHEL Program Management <pm-rhel> |
| Component: | boost | Assignee: | Benjamin Kosnik <bkoz> |
| Status: | CLOSED ERRATA | QA Contact: | qe-baseos-tools-bugs |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 5.7 | CC: | aupadhye, filbranden, martijn.devries, mnewsome, mpolacek, patrickm, pcfe, pmachata, pm-eus, pmuller, rdassen |
| Target Milestone: | rc | Keywords: | Patch, ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-11 07:35:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 472384 | ||
| Bug Blocks: | |||
|
Description
RHEL Program Management
2011-08-03 14:53:13 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1149.html I'd like to report that this change breaks binaries that were linking dynamically against the boost library prior to this fix. After upgrading to the boost package that includes this fix, our application binary segfaults on two regular expressions. When we recompile on a system with the updated package, everything runs fine (on that system). A similar problem occurs when you compile against the updated boost package, and try to run on a system that does not have the updated package installed yet. You should probably consider reverting this fix because there could be many applications out there that will now have to be recompiled after this update has been installed. Similarly, binaries generated on a system with the updated boost package may not work on older systems. Here is the relevant part of the stack trace:
Thread 1 (Thread 0x2af830d053b0 (LWP 8027)):
#0 0x00002af82c43dbde in boost::re_detail::cpp_regex_traits_implementation<char>::lookup_classname_imp(char const*, char const*) const () from /usr/lib64/libboost_regex.so.2
#1 0x00002af82c440efc in boost::re_detail::basic_regex_creator<char, boost::regex_traits<char, boost::cpp_regex_traits<char> > >::basic_regex_creator(boost::re_detail::regex_data<char, boost::regex_traits<char, boost::cpp_regex_traits<char> > >*) () from /usr/lib64/libboost_regex.so.2
#2 0x00002af82c4417bd in boost::basic_regex<char, boost::regex_traits<char, boost::cpp_regex_traits<char> > >::do_assign(char const*, char const*, unsigned int) ()
from /usr/lib64/libboost_regex.so.2
#3 0x0000000000ba7406 in regex_match(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
()
This is caused by m_sbuf and m_is disappearing from the API/ABI, and the remaining fields shifting. The failure scenario is the client doing a call into one of the methods in cpp_regex_traits_implementation, and providing old-ABI object to the new-ABI code. This can be reproduced trivially with the following snippet, *which has to be compiled with -O3*:
#include <boost/regex.hpp>
int main(int argc, char *argv[]) {
boost::regex r ("[[:digit:]]", boost::regex_constants::extended);
regex_match ("", r);
return 0;
}
$ g++ /tmp/boost-regex-2.cc -lboost_regex -Wall -g -O3
$ ./a.out
Segmentation fault
This is a serious regression and we need to adjust the shipped patch so as not to change the fields. (That is, drop the first two hunks of cpp_regex_traits.hpp)
Bug 733235 has been opened to track this regression. |