This is the mail archive of the glibc-bugs-regex@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug regex/12567] New: regexec leaks mem when used multiple times


http://sourceware.org/bugzilla/show_bug.cgi?id=12567

           Summary: regexec leaks mem when used multiple times
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: vapier@gentoo.org


Created attachment 5291
  --> http://sourceware.org/bugzilla/attachment.cgi?id=5291
problem.c

from Luis Fernando Schultz Xavier da Silveira:

The function regexec leaks memory if the same regex_t structure is fed to
multiple inputs. The leak is so dramatic it appears to be at least linear in
the amount of text fed.

Given a regular expression of size m and a text of size n, regcomp is supposed
to run in O(m), regexec in O(mn) and regfree in O(m). Even if the
implementation chooses to adopt another strategy with different time
complexities, this is still a bug because the calls to regexec should be
independent. Accumulation of memory between calls is surely a bug.

I will attach an example program. The regex accepts any string with at least
499 characters such that the 498-th last one (the 0-th being the last one) is
'a'. This regex is compiled and is run against successive random strings of
length 1024. The cflags is REG_NOSUB and the eflags is 0. The regular
expression is prefixed with '^' and suffixed with '$'.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]