Bug 158506 - grep segfaults when all of color, context, match, ignorecase set
Summary: grep segfaults when all of color, context, match, ignorecase set
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: grep   
(Show other bugs)
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Mike McLean
URL:
Whiteboard:
Keywords:
: 158536 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-23 04:20 UTC by Doug Maxey
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-23 17:01:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to test return from memchr() (729 bytes, patch)
2005-05-23 04:20 UTC, Doug Maxey
no flags Details | Diff

Description Doug Maxey 2005-05-23 04:20:00 UTC
Description of problem:
When using the command 
grep --color=auto --ignore-case --before-context 1 --after-context=4 --max-count
10 SEARCH-ARG FILE
a segfault is produced in for the _last_ match in search.c

Version-Release number of selected component (if applicable):
grep-2.5.1-31.4

How reproducible:
100%

Actual results:
grep segfaults.

Expected results:
colorized context printed up to match times.

Additional info:
The faulting function is src/search.c::EGexecute::memchr().  The starting
address "beg" is passed as 1.  This was caused by the NULL return from the
previous call to memchr() and the loop continues.

Comment 1 Doug Maxey 2005-05-23 04:20:00 UTC
Created attachment 114697 [details]
patch to test return from memchr()

Comment 2 Tim Waugh 2005-05-23 12:38:52 UTC
Thanks.

Complete test case:

(echo foo ; echo foo) | \
  grep --color=auto --ignore-case --before-context=1 \
       --after-context=4 --max-count=1 foo


Comment 3 Doug Maxey 2005-05-23 13:13:57 UTC
*** Bug 158536 has been marked as a duplicate of this bug. ***

Comment 4 Tim Waugh 2005-05-23 17:01:35 UTC
Submitted upstream, as this check is missing in unpatched 2.5.1a.

https://savannah.gnu.org/bugs/index.php?func=detailitem&item_id=13161


Note You need to log in before you can comment on or make changes to this bug.