Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 171379 - echo | /bin/grep -P "^\s+$" segfaults
echo | /bin/grep -P "^\s+$" segfaults
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: grep (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Mike McLean
Depends On:
Blocks: 178252 187539
  Show dependency treegraph
Reported: 2005-10-21 08:00 EDT by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0223
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-22 11:56:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
grep-ignore-empty-matches.patch (423 bytes, patch)
2005-10-21 08:00 EDT, Bastien Nocera
no flags Details | Diff
grep-P.patch (378 bytes, patch)
2006-02-03 10:48 EST, Tim Waugh
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0223 normal SHIPPED_LIVE grep bug fix update 2006-07-19 15:20:00 EDT

  None (edit)
Description Bastien Nocera 2005-10-21 08:00:10 EDT

The segfault can also be reproduced with:
/bin/grep -P "^\s+$" file.txt
with file.txt being a file with a single carriage-return.

The stack trace looks like:
(gdb) run -P "^\s+$" file.txt
Starting program: /bin/grep -P "^\s+$" file.txt

Program received signal SIGSEGV, Segmentation fault.
0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
7496              if ((md->ctypes[*eptr++] & ctype_space) == 0)
(gdb) bt
#0  0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
#1  0x00d0f24a in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcf4
"L", offset_top=2, md=0xbfe02970, ims=Variable "ims" is not available.
   at ./pcre.c:5716
#2  0x00d14c5a in pcre_exec (external_re=0x893bcd8, extra_data=0x0, subject=0x1
<Address 0x1 out of bounds>,
   length=143900672, start_offset=0, options=0, offsets=0xbfe02a10,
offsetcount=300) at ./pcre.c:8251
#3  0x080552b8 in Pexecute (buf=0x1 <Address 0x1 out of bounds>, size=143900672,
mb_cache=0xbfe02f70, match_size=0xd12404,
   exact=0) at search.c:776
#4  0x0804a850 in grepbuf (beg=Variable "beg" is not available.
) at grep.c:752
#5  0x0804b50f in grepfile (file=0xbff01a72 "file.txt", stats=0x805a4a0) at
#6  0x0804c759 in main (argc=4, argv=0xbfe03104) at grep.c:1787
#7  0x00342e23 in __libc_start_main () from /lib/tls/libc.so.6
#8  0x08049981 in _start ()

and in Pexecute() (before that), the retval of memchr isn't checked (it is NULL,
and blindly incremented).
Comment 1 Bastien Nocera 2005-10-21 08:00:10 EDT
Created attachment 120250 [details]
Comment 2 Tim Waugh 2006-02-03 10:48:04 EST
Created attachment 124107 [details]

The real fix
Comment 10 Red Hat Bugzilla 2006-03-22 11:56:13 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.