Bug 171380 - echo | /bin/grep -P "^\s+$" segfaults
echo | /bin/grep -P "^\s+$" segfaults
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: grep (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Mike McLean
:
Depends On:
Blocks: 187538
  Show dependency treegraph
 
Reported: 2005-10-21 08:01 EDT by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0224
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-22 11:35:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2005-10-21 08:01:30 EDT
+++ This bug was initially created as a clone of Bug #171379 +++

grep-2.5.1-24.5

The segfault can also be reproduced with:
/bin/grep -P "^\s+$" file.txt
with file.txt being a file with a single carriage-return.

The stack trace looks like:
(gdb) run -P "^\s+$" file.txt
Starting program: /bin/grep -P "^\s+$" file.txt

Program received signal SIGSEGV, Segmentation fault.
0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
7496              if ((md->ctypes[*eptr++] & ctype_space) == 0)
RRETURN(MATCH_NOMATCH);
(gdb) bt
#0  0x00d1242d in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcfa
"\021>", offset_top=2, md=0xbfe02970, ims=2,
   eptrb=0xbfe02668, flags=Variable "flags" is not available.
) at ./pcre.c:7496
#1  0x00d0f24a in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x893bcf4
"L", offset_top=2, md=0xbfe02970, ims=Variable "ims" is not available.
)
   at ./pcre.c:5716
#2  0x00d14c5a in pcre_exec (external_re=0x893bcd8, extra_data=0x0, subject=0x1
<Address 0x1 out of bounds>,
   length=143900672, start_offset=0, options=0, offsets=0xbfe02a10,
offsetcount=300) at ./pcre.c:8251
#3  0x080552b8 in Pexecute (buf=0x1 <Address 0x1 out of bounds>, size=143900672,
mb_cache=0xbfe02f70, match_size=0xd12404,
   exact=0) at search.c:776
#4  0x0804a850 in grepbuf (beg=Variable "beg" is not available.
) at grep.c:752
#5  0x0804b50f in grepfile (file=0xbff01a72 "file.txt", stats=0x805a4a0) at
grep.c:845
#6  0x0804c759 in main (argc=4, argv=0xbfe03104) at grep.c:1787
#7  0x00342e23 in __libc_start_main () from /lib/tls/libc.so.6
#8  0x08049981 in _start ()

and in Pexecute() (before that), the retval of memchr isn't checked (it is NULL,
and blindly incremented).

-- Additional comment from bnocera@redhat.com on 2005-10-21 08:00 EST --
Created an attachment (id=120250)
grep-ignore-empty-matches.patch
Comment 7 Red Hat Bugzilla 2006-03-22 11:35:46 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0224.html

Note You need to log in before you can comment on or make changes to this bug.