Bug report: tac crash

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug report: tac crash

From:	Daniel Dunbar
Subject:	Bug report: tac crash
Date:	Sun, 4 May 2008 13:54:28 -0700 (PDT)

Hi,

The following crashes tac on my machine (6.10 and 6.11):
--
$ echo > x; tac -r x x
Segmentation fault
--

The crash occurs in re_copy_regs and the error has to do with the code 
assuming regs->num_regs is initialized when it is not, in conjunction with 
the regs_allocated parameter. This results in the final loop scribbling -1 over
varying and often large amounts of memory.

It looks to me like the problem is re_copy_regs assuming the state of the 
re_pattern_buffer and the re_registers are in sync, but this doesn't hold when
tac makes multiple re_search calls with the registers on the stack. 

 - Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

Bug report: tac crash, Daniel Dunbar <=
- Re: Bug report: tac crash, Jim Meyering, 2008/05/04
  - Re: Bug report: tac crash, Jim Meyering, 2008/05/05
    - Re: Bug report: tac crash, Jim Meyering, 2008/05/05

Prev by Date: Re: [PATCH] md5sum+sha*sum: add option --quiet/-q to suppress OK messages
Next by Date: Re: Bug report: tac crash
Previous by thread: Re: [PATCH] md5sum+sha*sum: add option --quiet/-q to suppress OK messages
Next by thread: Re: Bug report: tac crash
Index(es):
- Date
- Thread