This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[donut@azstarnet.com: Bug#166488: on regexec borkage in libc 2.3.1-3]


It sounds like someone should go over the regex code with valgrind for
a while.  It's reading off the end of a string in several places, at
least.


----- Forwarded message from Matthew Mueller <donut@azstarnet.com> -----

Date: Sun, 27 Oct 2002 01:15:23 -0700
From: Matthew Mueller <donut@azstarnet.com>
Subject: Bug#166488: on regexec borkage in libc 2.3.1-3
To: 166488@bugs.debian.org
Reply-To: Matthew Mueller <donut@azstarnet.com>,
	166488@bugs.debian.org

It seems like it is not really related to efence, just that it is an
intermittant type of bug and seemingly random things can make it crash.
But if you run any regex using prog (ex:
LD_LIBRARY_PATH=/usr/lib/debug:/usr/lib/libstdc++_debug valgrind apt-cache search 'a.*dodebebe'
) through valgrind, you can see many errors even if it does not segfault.

such as:
==1541== Use of uninitialised value of size 4
==1541==    at 0x40444A36: re_string_context_at (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x404447C3: re_string_reconstruct (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x4043FAE3: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x4043F1F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==1541==
==1541== Conditional jump or move depends on uninitialised value(s)
==1541==    at 0x40444A44: re_string_context_at (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x404447C3: re_string_reconstruct (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x4043FAE3: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x4043F1F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==1541==
==1541== Invalid read of size 1
==1541==    at 0x404449E0: re_string_context_at (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x404447C3: re_string_reconstruct (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x4043FAE3: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x4043F1F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==1541==    Address 0x40CC45EE is 1 bytes after a block of size 13 alloc'd
==1541==    at 0x400456AB: malloc (/home/cyrille/Code/2002/packages/my-packages/valgrind-1.0.4/vg_clientfuncs.c:100)
==1541==    by 0x40045C14: realloc (/home/cyrille/Code/2002/packages/my-packages/valgrind-1.0.4/vg_clientfuncs.c:262)
==1541==    by 0x40443FAD: re_string_realloc_buffers (in /usr/lib/debug/libc-2.3.1.so)
==1541==    by 0x40443DA8: re_string_allocate (in /usr/lib/debug/libc-2.3.1.so)

Downgrading to libc6 2.2.5-14.3 makes the errors go away.

-- 
Matthew Mueller
donut@azstarnet.com


-- 
To UNSUBSCRIBE, email to debian-glibc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



----- End forwarded message -----

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]