Bug 727895 - Thread-safety bug in Boost.Regex-1.33.x
Summary: Thread-safety bug in Boost.Regex-1.33.x
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: boost
Version: 5.7
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Benjamin Kosnik
QA Contact: qe-baseos-tools
URL:
Whiteboard:
Depends On: 472384
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-03 14:53 UTC by RHEL Product and Program Management
Modified: 2018-11-14 10:58 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-11 07:35:45 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1149 normal SHIPPED_LIVE boost bug fix update 2011-08-11 07:35:40 UTC

Description RHEL Product and Program Management 2011-08-03 14:53:13 UTC
This bug has been copied from bug #472384 and has been proposed
to be backported to 5.7 z-stream (EUS).

Comment 7 errata-xmlrpc 2011-08-11 07:35:45 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1149.html

Comment 8 Martijn de Vries 2011-08-19 16:18:13 UTC
I'd like to report that this change breaks binaries that were linking dynamically against the boost library prior to this fix.

After upgrading to the boost package that includes this fix, our application binary segfaults on two regular expressions. When we recompile on a system with the updated package, everything runs fine (on that system).

A similar problem occurs when you compile against the updated boost package, and try to run on a system that does not have the updated package installed yet.

You should probably consider reverting this fix because there could be many applications out there that will now have to be recompiled after this update has been installed. Similarly, binaries generated on a system with the updated boost package may not work on older systems.

Comment 9 Martijn de Vries 2011-08-19 16:29:03 UTC
Here is the relevant part of the stack trace:
Thread 1 (Thread 0x2af830d053b0 (LWP 8027)):
#0  0x00002af82c43dbde in boost::re_detail::cpp_regex_traits_implementation<char>::lookup_classname_imp(char const*, char const*) const () from /usr/lib64/libboost_regex.so.2
#1  0x00002af82c440efc in boost::re_detail::basic_regex_creator<char, boost::regex_traits<char, boost::cpp_regex_traits<char> > >::basic_regex_creator(boost::re_detail::regex_data<char, boost::regex_traits<char, boost::cpp_regex_traits<char> > >*) () from /usr/lib64/libboost_regex.so.2
#2  0x00002af82c4417bd in boost::basic_regex<char, boost::regex_traits<char, boost::cpp_regex_traits<char> > >::do_assign(char const*, char const*, unsigned int) ()
   from /usr/lib64/libboost_regex.so.2
#3  0x0000000000ba7406 in regex_match(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
    ()

Comment 10 Petr Machata 2011-08-23 20:46:49 UTC
This is caused by m_sbuf and m_is disappearing from the API/ABI, and the remaining fields shifting.  The failure scenario is the client doing a call into one of the methods in cpp_regex_traits_implementation, and providing old-ABI object to the new-ABI code.  This can be reproduced trivially with the following snippet, *which has to be compiled with -O3*:

#include <boost/regex.hpp>
int main(int argc, char *argv[]) {
  boost::regex r ("[[:digit:]]", boost::regex_constants::extended);
  regex_match ("", r);
  return 0;
}

$ g++ /tmp/boost-regex-2.cc -lboost_regex -Wall -g -O3
$ ./a.out
Segmentation fault

This is a serious regression and we need to adjust the shipped patch so as not to change the fields.  (That is, drop the first two hunks of cpp_regex_traits.hpp)

Comment 17 Petr Machata 2011-08-25 16:56:57 UTC
Bug 733235 has been opened to track this regression.


Note You need to log in before you can comment on or make changes to this bug.