Bug 9941

Summary: SEGV
Product: Sisyphus Reporter: at <at>
Component: grepAssignee: placeholder <placeholder>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P2 CC: glebfm, ldv, placeholder
Version: unstable   
Hardware: all   
OS: Linux   

Description at@altlinux.org 2006-08-31 10:21:15 MSD 
$ /bin/grep -m10 -C1 -E '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
zsh: segmentation fault  /bin/grep -m10 -C1 -E '( error:|Command not found)'  >
/dev/null
$ /bin/grep -w $(($?-128)) /usr/include/bits/signum.h 
#define SIGSEGV         11      /* Segmentation violation (ANSI).  */
$
Comment 1 Dmitry V. Levin 2006-08-31 13:48:52 MSD 
$ egrep -m9 -A1 '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
$ egrep -m10 -A1 '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
Segmentation fault
$ egrep -m11 -A1 '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
Comment 2 Dmitry V. Levin 2006-09-02 20:17:22 MSD 
С наскока не зафиксилось...

x86_64$ grep -F -c ' error:' kdebase-3.5.3-alt3.log
10
x86_64$ valgrind ./grep -E -m10 -A1 '( error:|zz )' <kdebase-3.5.3-alt3.log
>/dev/null 
==1234== Memcheck, a memory error detector.
==1234== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==1234== Using LibVEX rev 1606, a library for dynamic binary translation.
==1234== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==1234== Using valgrind-3.2.0, a dynamic binary instrumentation framework.
==1234== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==1234== For more details, rerun with: -v
==1234== 
==1234== Use of uninitialised value of size 8
==1234==    at 0x40D161: dfaexec (dfa.c:2915)
==1234==    by 0x411B4D: EGexecute (search.c:392)
==1234==    by 0x403276: prpending (grep.c:631)
==1234==    by 0x4039F8: grep (grep.c:838)
==1234==    by 0x403D7F: grepfile (grep.c:954)
==1234==    by 0x4055F1: main (grep.c:1778)
==1234== 
==1234== Invalid read of size 1
==1234==    at 0x40D153: dfaexec (dfa.c:2915)
==1234==    by 0x411B4D: EGexecute (search.c:392)
==1234==    by 0x403276: prpending (grep.c:631)
==1234==    by 0x4039F8: grep (grep.c:838)
==1234==    by 0x403D7F: grepfile (grep.c:954)
==1234==    by 0x4055F1: main (grep.c:1778)
==1234==  Address 0x5090EE1 is 0 bytes after a block of size 69,633 alloc'd
==1234==    at 0x4B1A98E: malloc (vg_replace_malloc.c:149)
==1234==    by 0x414146: xmalloc (xmalloc.c:87)
==1234==    by 0x40280C: fillbuf (grep.c:357)
==1234==    by 0x403B11: grep (grep.c:866)
==1234==    by 0x403D7F: grepfile (grep.c:954)
==1234==    by 0x4055F1: main (grep.c:1778)
==1234== 
==1234== Process terminating with default action of signal 11 (SIGSEGV)
Comment 3 Dmitry V. Levin 2006-09-02 20:37:03 MSD 
Нашёл testcase поменьше:
$ printf 'a1\na\n' |grep -E -m1 -A1 '(a1|b)'
a1
Segmentation fault
Comment 4 Dmitry V. Levin 2006-09-02 20:44:05 MSD 
Ещё меньше:

$ printf 'a\nb\n' |env -i grep -m1 -A1 '[a]'
a
Segmentation fault
Comment 5 Dmitry V. Levin 2006-09-02 20:59:36 MSD 
Fixed in 2.5.1a-alt2.
Comment 6 at@altlinux.org 2006-09-05 13:18:19 MSD 
Ура!