483181 – msggrep segfaults when $ anchor is used

Bug 483181 - msggrep segfaults when $ anchor is used

Summary: msggrep segfaults when $ anchor is used

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gettext
Sub Component:
Version:	11
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jens Petersen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://savannah.gnu.org/bugs/index.p...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-30 02:31 UTC by Sean Flanigan
Modified:	2009-10-27 06:25 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-10-27 06:25:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Sean Flanigan 2009-01-30 02:31:21 UTC

Description of problem:
msggrep segfaults when $ anchor is used in regex

Version-Release number of selected component (if applicable):
0.17-4.fc9

How reproducible:
About 15 out of 16 runs.

Steps to Reproduce:
1.echo a=b | msggrep -P -K -e '^a$' 
  
Actual results:
Segmentation fault (15/16 runs) or 
no matches (1/16 runs)

Expected results:
One matching string

Additional info:
May be connected to https://savannah.gnu.org/bugs/index.php?25437.  (My locally compiled gettext-0.17 doesn't segfault, but never returns the expected matches.)

Comment 1 Jens Petersen 2009-01-30 05:05:57 UTC

Here is a gdb backtrace:

$ cat > /tmp/test.properties
a=b
$ sudo debuginfo-install gettext glibc
$ gdb msggrep
GNU gdb Fedora (6.8-29.fc10)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) set args -P -K -E -e ^a\$ ~/tmp/test.properties
(gdb) r
Starting program: /usr/bin/msggrep -P -K -E -e ^a\$ ~/tmp/test.properties

Program received signal SIGSEGV, Segmentation fault.
dfaexec (d=0x61a0c8, begin=0x61a8b0 "a", size=<value optimized out>, 
    backref=0x7fffffffd49c) at dfa.c:2833
2833			s = t[*p++];
(gdb) bt
#0  dfaexec (d=0x61a0c8, begin=0x61a8b0 "a", size=<value optimized out>, 
    backref=0x7fffffffd49c) at dfa.c:2833
#1  0x0000000000404336 in EGexecute (compiled_pattern=0x61a0c0, 
    buf=0x61a8b0 "a", buf_size=1, match_size=0x7fffffffd4f0, exact=false)
    at m-regex.c:362
#2  0x0000000000402425 in is_string_selected (grep_pass=<value optimized out>, 
    str=0x352873c4c8 "double free or corruption (fasttop)", len=6407344)
    at msggrep.c:672
#3  0x00000000004032fb in is_message_selected_no_invert (mp=0x61d8b0)
    at msggrep.c:703
#4  0x00000000004035cf in is_message_selected (mp=0x352896da00)
    at msggrep.c:807
#5  0x0000003529a0858b in message_list_remove_if_not (mlp=0x61a740, 
    predicate=0x4035c0 <is_message_selected>) at message.c:410
#6  0x0000000000402fb2 in process_message_list () at msggrep.c:824
#7  process_msgdomain_list () at msggrep.c:834
#8  main (argc=7, argv=0x7fffffffe708) at msggrep.c:465

Comment 3 Bug Zapper 2009-06-09 10:58:30 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 5 Jens Petersen 2009-10-27 06:25:41 UTC

Probably still not fixed in git

http://git.savannah.gnu.org/cgit/gettext.git/log/gettext-tools/src/msggrep.c

but I am going to close this for now since it is reported upstream:

http://savannah.gnu.org/bugs/?25437

Note You need to log in before you can comment on or make changes to this bug.