171380 – echo | /bin/grep -P "^\s+$" segfaults

Bug 171380 - echo | /bin/grep -P "^\s+$" segfaults

Summary: echo | /bin/grep -P "^\s+$" segfaults

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	grep
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Tim Waugh
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	187538
TreeView+	depends on / blocked

Reported:	2005-10-21 12:01 UTC by Bastien Nocera
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHBA-2006-0224
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-03-22 16:35:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2006:0224	0	normal	SHIPPED_LIVE	grep bug fix update	2006-03-22 05:00:00 UTC

Description Bastien Nocera 2005-10-21 12:01:30 UTC

+++ This bug was initially created as a clone of Bug #171379 +++

grep-2.5.1-24.5

The segfault can also be reproduced with:
/bin/grep -P "^\s+$" file.txt
with file.txt being a file with a single carriage-return.

The stack trace looks like:
(gdb) run -P "^\s+$" file.txt
Starting program: /bin/grep -P "^\s+$" file.txt

Program received signal SIGSEGV, Segmentation fault.
0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
7496              if ((md->ctypes[*eptr++] & ctype_space) == 0)
RRETURN(MATCH_NOMATCH);
(gdb) bt
#0  0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
#1  0x00d0f24a in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcf4
"L", offset_top=2, md=0xbfe02970, ims=Variable "ims" is not available.
)
   at ./pcre.c:5716
#2  0x00d14c5a in pcre_exec (external_re=0x893bcd8, extra_data=0x0, subject=0x1
<Address 0x1 out of bounds>,
   length=143900672, start_offset=0, options=0, offsets=0xbfe02a10,
offsetcount=300) at ./pcre.c:8251
#3  0x080552b8 in Pexecute (buf=0x1 <Address 0x1 out of bounds>, size=143900672,
mb_cache=0xbfe02f70, match_size=0xd12404,
   exact=0) at search.c:776
#4  0x0804a850 in grepbuf (beg=Variable "beg" is not available.
) at grep.c:752
#5  0x0804b50f in grepfile (file=0xbff01a72 "file.txt", stats=0x805a4a0) at
grep.c:845
#6  0x0804c759 in main (argc=4, argv=0xbfe03104) at grep.c:1787
#7  0x00342e23 in __libc_start_main () from /lib/tls/libc.so.6
#8  0x08049981 in _start ()

and in Pexecute() (before that), the retval of memchr isn't checked (it is NULL,
and blindly incremented).

-- Additional comment from bnocera on 2005-10-21 08:00 EST --
Created an attachment (id=120250)
grep-ignore-empty-matches.patch

Comment 7 Red Hat Bugzilla 2006-03-22 16:35:46 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0224.html

Note You need to log in before you can comment on or make changes to this bug.