https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78236
Bug ID: 78236
Summary: regex_iterator constructor is incomplete and creates
uninitialized values that may be used
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: christophe.monat at st dot com
Target Milestone: ---
Created attachment 39982
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=39982&action=edit
Porposed patch to fix the regex_iterator constructor
The following code snippet, when compiled on X8664 with gcc-trunk, dumps core
with any optimization level (you might need to add -std=c++11 depending on your
compiler version).
#include <regex>
#include <cassert>
int main(int argc, char *argv[])
{
char const s[] = "afoo";
std::basic_regex<char> r("(f+)");
{
std::cregex_iterator i(s, s+sizeof(s), r);
std::cregex_iterator j(s, s+sizeof(s), r);
assert(i == j);
}
// The iterator manipulation code must be repeated in the same scope
// to expose the undefined read during the execution of the ==
// operator (stack location reuse)
{
std::cregex_iterator i(s, s+sizeof(s), r);
std::cregex_iterator j;
assert(!(i == j));
}
return 0;
}
This happens during the execution of the operator== that reads some of the
private implementation fields, some of which appear not to be initialized.
The issue is due to the fact that the regex_iterator
(libstdc++v3/include/bits/regex.h) has for instance a pointer member (const
regex_type* _M_pregex) and a user-defined constructor that fails to initialize
it
I have attached a trivial patch that initializes the two fields that are to be
explicitly initialized to avoid the reported issue.
