Bug 9941 - SEGV
: SEGV
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/grep)
: unstable
: all Linux
: P2 blocker
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2006-08-31 10:21 by
Modified: 2006-09-05 13:18 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-08-31 10:21:15
$ /bin/grep -m10 -C1 -E '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
zsh: segmentation fault  /bin/grep -m10 -C1 -E '( error:|Command not found)'  >
/dev/null
$ /bin/grep -w $(($?-128)) /usr/include/bits/signum.h 
#define SIGSEGV         11      /* Segmentation violation (ANSI).  */
$
------- Comment #1 From 2006-08-31 13:48:52 -------
$ egrep -m9 -A1 '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
$ egrep -m10 -A1 '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
Segmentation fault
$ egrep -m11 -A1 '( error:|Command not found)'
/raid/beehive/error/kdebase-3.5.3-alt3 >/dev/null
------- Comment #2 From 2006-09-02 20:17:22 -------
С наскока не зафиксилось...

x86_64$ grep -F -c ' error:' kdebase-3.5.3-alt3.log
10
x86_64$ valgrind ./grep -E -m10 -A1 '( error:|zz )' <kdebase-3.5.3-alt3.log
>/dev/null 
==1234== Memcheck, a memory error detector.
==1234== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==1234== Using LibVEX rev 1606, a library for dynamic binary translation.
==1234== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==1234== Using valgrind-3.2.0, a dynamic binary instrumentation framework.
==1234== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==1234== For more details, rerun with: -v
==1234== 
==1234== Use of uninitialised value of size 8
==1234==    at 0x40D161: dfaexec (dfa.c:2915)
==1234==    by 0x411B4D: EGexecute (search.c:392)
==1234==    by 0x403276: prpending (grep.c:631)
==1234==    by 0x4039F8: grep (grep.c:838)
==1234==    by 0x403D7F: grepfile (grep.c:954)
==1234==    by 0x4055F1: main (grep.c:1778)
==1234== 
==1234== Invalid read of size 1
==1234==    at 0x40D153: dfaexec (dfa.c:2915)
==1234==    by 0x411B4D: EGexecute (search.c:392)
==1234==    by 0x403276: prpending (grep.c:631)
==1234==    by 0x4039F8: grep (grep.c:838)
==1234==    by 0x403D7F: grepfile (grep.c:954)
==1234==    by 0x4055F1: main (grep.c:1778)
==1234==  Address 0x5090EE1 is 0 bytes after a block of size 69,633 alloc'd
==1234==    at 0x4B1A98E: malloc (vg_replace_malloc.c:149)
==1234==    by 0x414146: xmalloc (xmalloc.c:87)
==1234==    by 0x40280C: fillbuf (grep.c:357)
==1234==    by 0x403B11: grep (grep.c:866)
==1234==    by 0x403D7F: grepfile (grep.c:954)
==1234==    by 0x4055F1: main (grep.c:1778)
==1234== 
==1234== Process terminating with default action of signal 11 (SIGSEGV)
------- Comment #3 From 2006-09-02 20:37:03 -------
Нашёл testcase поменьше:
$ printf 'a1\na\n' |grep -E -m1 -A1 '(a1|b)'
a1
Segmentation fault
------- Comment #4 From 2006-09-02 20:44:05 -------
Ещё меньше:

$ printf 'a\nb\n' |env -i grep -m1 -A1 '[a]'
a
Segmentation fault
------- Comment #5 From 2006-09-02 20:59:36 -------
Fixed in 2.5.1a-alt2.
------- Comment #6 From 2006-09-05 13:18:19 -------
Ура!