This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12078] regcomp with invalid expression leaks memory
- From: "ppluzhnikov at google dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Tue, 12 Oct 2010 04:58:38 +0000
- Subject: [Bug libc/12078] regcomp with invalid expression leaks memory
- Auto-submitted: auto-generated
- References: <bug-12078-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12078
Paul Pluzhnikov <ppluzhnikov at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #6 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2010-10-12 04:58:29 UTC ---
(In reply to comment #5)
> Try the current git code.
Thanks. This fixed all the patterns I had so far.
However, this pattern still leaks: "([0]([0]([0([0])".
Making a systematic/exhaustive search ...
The smallest pattern that causes a leak is 4-characters.
Here are all 4-character patterns that currently cause a leak:
[[][
[[](
[0][
[0](
[(][
[(](
[)][
[)](
[]][
[]](
All of the above leak 1 32-byte chunk, and there is a definite pattern to them,
so probably all are caused by the same bug:
==12334== 320 bytes in 10 blocks are definitely lost in loss record 1 of 1
==12334== at 0x4C24185: calloc
/tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:506
==12334== by 0x4EE61D8: parse_expression /glibc-git/posix/regcomp.c:3028
==12334== by 0x4EE7B80: parse_branch /glibc-git/posix/regcomp.c:2153
==12334== by 0x4EE7C9D: parse_reg_exp /glibc-git/posix/regcomp.c:2112
==12334== by 0x4EE80B0: re_compile_internal /glibc-git/posix/regcomp.c:2081
==12334== by 0x4EE9320: regcomp /glibc-git/posix/regcomp.c:500
==12334== by 0x400764: main /tmp/build-glibc-git/bug-regex31.c:23
Extending to all possible 5-character patterns, I see what appears to be two
new leaks (in addition to the one above):
==12555== 960 bytes in 30 blocks are definitely lost in loss record 2 of 3
==12555== at 0x4C24185: calloc
/tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:506
==12555== by 0x4EE61D8: parse_expression /glibc-git/posix/regcomp.c:3028
==12555== by 0x4EE7BBF: parse_branch /glibc-git/posix/regcomp.c:2160
==12555== by 0x4EE7C9D: parse_reg_exp /glibc-git/posix/regcomp.c:2112
==12555== by 0x4EE80B0: re_compile_internal /glibc-git/posix/regcomp.c:2081
==12555== by 0x4EE9320: regcomp /glibc-git/posix/regcomp.c:500
==12555== by 0x400764: main /tmp/build-glibc-git/bug-regex31.c:23
==12555==
==12555== 3,680 bytes in 115 blocks are definitely lost in loss record 3 of 3
==12555== at 0x4C24185: calloc
/tmp/vg/coregrind/m_replacemalloc/vg_replace_malloc.c:506
==12555== by 0x4EE61D8: parse_expression /glibc-git/posix/regcomp.c:3028
==12555== by 0x4EE7B80: parse_branch /glibc-git/posix/regcomp.c:2153
==12555== by 0x4EE7C9D: parse_reg_exp /glibc-git/posix/regcomp.c:2112
==12555== by 0x4EE80B0: re_compile_internal /glibc-git/posix/regcomp.c:2081
==12555== by 0x4EE9320: regcomp/glibc-git/posix/regcomp.c:500
==12555== by 0x400764: main /tmp/build-glibc-git/bug-regex31.c:23
For all 6-character patterns, I see 3 additional leaks.
I'll attach my pattern generator and modified bug-regex31.c shortly.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.