Bug 171379 - echo | /bin/grep -P "^\s+$" segfaults
echo | /bin/grep -P "^\s+$" segfaults
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: grep (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Mike McLean
:
Depends On:
Blocks: 178252 187539
  Show dependency treegraph
 
Reported: 2005-10-21 08:00 EDT by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0223
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-22 11:56:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
grep-ignore-empty-matches.patch (423 bytes, patch)
2005-10-21 08:00 EDT, Bastien Nocera
no flags Details | Diff
grep-P.patch (378 bytes, patch)
2006-02-03 10:48 EST, Tim Waugh
no flags Details | Diff

  None (edit)
Description Bastien Nocera 2005-10-21 08:00:10 EDT
grep-2.5.1-24.5

The segfault can also be reproduced with:
/bin/grep -P "^\s+$" file.txt
with file.txt being a file with a single carriage-return.

The stack trace looks like:
(gdb) run -P "^\s+$" file.txt
Starting program: /bin/grep -P "^\s+$" file.txt

Program received signal SIGSEGV, Segmentation fault.
0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
7496              if ((md->ctypes[*eptr++] & ctype_space) == 0)
RRETURN(MATCH_NOMATCH);
(gdb) bt
#0  0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
#1  0x00d0f24a in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcf4
"L", offset_top=2, md=0xbfe02970, ims=Variable "ims" is not available.
)
   at ./pcre.c:5716
#2  0x00d14c5a in pcre_exec (external_re=0x893bcd8, extra_data=0x0, subject=0x1
<Address 0x1 out of bounds>,
   length=143900672, start_offset=0, options=0, offsets=0xbfe02a10,
offsetcount=300) at ./pcre.c:8251
#3  0x080552b8 in Pexecute (buf=0x1 <Address 0x1 out of bounds>, size=143900672,
mb_cache=0xbfe02f70, match_size=0xd12404,
   exact=0) at search.c:776
#4  0x0804a850 in grepbuf (beg=Variable "beg" is not available.
) at grep.c:752
#5  0x0804b50f in grepfile (file=0xbff01a72 "file.txt", stats=0x805a4a0) at
grep.c:845
#6  0x0804c759 in main (argc=4, argv=0xbfe03104) at grep.c:1787
#7  0x00342e23 in __libc_start_main () from /lib/tls/libc.so.6
#8  0x08049981 in _start ()

and in Pexecute() (before that), the retval of memchr isn't checked (it is NULL,
and blindly incremented).
Comment 1 Bastien Nocera 2005-10-21 08:00:10 EDT
Created attachment 120250 [details]
grep-ignore-empty-matches.patch
Comment 2 Tim Waugh 2006-02-03 10:48:04 EST
Created attachment 124107 [details]
grep-P.patch

The real fix
Comment 10 Red Hat Bugzilla 2006-03-22 11:56:13 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0223.html

Note You need to log in before you can comment on or make changes to this bug.