This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
[donut@azstarnet.com: Bug#166488: on regexec borkage in libc 2.3.1-3]
- From: Daniel Jacobowitz <drow at mvista dot com>
- To: libc-alpha at sources dot redhat dot com
- Date: Sun, 27 Oct 2002 12:05:48 -0500
- Subject: [donut@azstarnet.com: Bug#166488: on regexec borkage in libc 2.3.1-3]
It sounds like someone should go over the regex code with valgrind for
a while. It's reading off the end of a string in several places, at
least.
----- Forwarded message from Matthew Mueller <donut@azstarnet.com> -----
Date: Sun, 27 Oct 2002 01:15:23 -0700
From: Matthew Mueller <donut@azstarnet.com>
Subject: Bug#166488: on regexec borkage in libc 2.3.1-3
To: 166488@bugs.debian.org
Reply-To: Matthew Mueller <donut@azstarnet.com>,
166488@bugs.debian.org
It seems like it is not really related to efence, just that it is an
intermittant type of bug and seemingly random things can make it crash.
But if you run any regex using prog (ex:
LD_LIBRARY_PATH=/usr/lib/debug:/usr/lib/libstdc++_debug valgrind apt-cache search 'a.*dodebebe'
) through valgrind, you can see many errors even if it does not segfault.
such as:
==1541== Use of uninitialised value of size 4
==1541== at 0x40444A36: re_string_context_at (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x404447C3: re_string_reconstruct (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x4043FAE3: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x4043F1F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==1541==
==1541== Conditional jump or move depends on uninitialised value(s)
==1541== at 0x40444A44: re_string_context_at (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x404447C3: re_string_reconstruct (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x4043FAE3: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x4043F1F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==1541==
==1541== Invalid read of size 1
==1541== at 0x404449E0: re_string_context_at (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x404447C3: re_string_reconstruct (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x4043FAE3: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x4043F1F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==1541== Address 0x40CC45EE is 1 bytes after a block of size 13 alloc'd
==1541== at 0x400456AB: malloc (/home/cyrille/Code/2002/packages/my-packages/valgrind-1.0.4/vg_clientfuncs.c:100)
==1541== by 0x40045C14: realloc (/home/cyrille/Code/2002/packages/my-packages/valgrind-1.0.4/vg_clientfuncs.c:262)
==1541== by 0x40443FAD: re_string_realloc_buffers (in /usr/lib/debug/libc-2.3.1.so)
==1541== by 0x40443DA8: re_string_allocate (in /usr/lib/debug/libc-2.3.1.so)
Downgrading to libc6 2.2.5-14.3 makes the errors go away.
--
Matthew Mueller
donut@azstarnet.com
--
To UNSUBSCRIBE, email to debian-glibc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
----- End forwarded message -----
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer