[Bug libstdc++/61582] New: C11 regex memory corruption

Sun, 22 Jun 2014 17:06:07 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582

            Bug ID: 61582
           Summary: C11 regex memory corruption
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: max at cert dot cx

Hi,

Tested on GCC 4.8.1

----------
#include <regex>

using namespace std;

int main (int argc, char *argv[])
{
      regex r(argv[1]);
      return 0;
}
----------

# g++ c11RE.cpp -o c11RE -std=c++11 -Wall 
# ./c11RE '.*'
# ./c11RE '(|'
Segmentation fault (core dumped)
# ./c11RE '((x|'
*** Error in `./c11RE': malloc(): memory corruption: 0x00007fffa0cb8670 ***

Expected (regex_error):
# ./c11RE '(x}' 
terminate called after throwing an instance of 'std::regex_error'
  what():  regex_error
Aborted (core dumped)

------------
(gdb) r '(|'
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/cx/c11RE '(|'

Program received signal SIGSEGV, Segmentation fault.
0x00000000004022cc in
std::__detail::_StateSeq::_StateSeq(std::__detail::_StateSeq const&) ()
(gdb) bt
#0  0x00000000004022cc in
std::__detail::_StateSeq::_StateSeq(std::__detail::_StateSeq const&) ()
#1  0x0000000000404a05 in std::__detail::_Compiler<char const*,
std::regex_traits<char> >::_M_disjunction() ()
#2  0x0000000000407901 in std::__detail::_Compiler<char const*,
std::regex_traits<char> >::_M_atom() ()
#3  0x00000000004069cb in std::__detail::_Compiler<char const*,
std::regex_traits<char> >::_M_term() ()
#4  0x000000000040567e in std::__detail::_Compiler<char const*,
std::regex_traits<char> >::_M_alternative() ()
#5  0x00000000004049c8 in std::__detail::_Compiler<char const*,
std::regex_traits<char> >::_M_disjunction() ()
#6  0x0000000000403ef2 in std::__detail::_Compiler<char const*,
std::regex_traits<char> >::_Compiler(char const* const&, char const* const&,
std::regex_traits<char>&, unsigned int) ()
#7  0x0000000000403297 in std::shared_ptr<std::__detail::_Automaton>
std::__detail::__compile<char const*, std::regex_traits<char> >(char const*
const&, char const* const&, std::regex_traits<char>&, unsigned int) ()
#8  0x0000000000402abb in std::basic_regex<char, std::regex_traits<char>
>::basic_regex(char const*, unsigned int) ()
#9  0x0000000000401767 in main ()
(gdb) x/i $rip
=> 0x4022cc <_ZNSt8__detail9_StateSeqC2ERKS0_+16>:    mov    (%rax),%rdx
(gdb) x/x $rax
0xffffffffffffffe8:    Cannot access memory at address 0xffffffffffffffe8
(gdb) x/x $rdx
0xffffffffffffffe8:    Cannot access memory at address 0xffffffffffffffe8
------------

BR,
Maksymilian
http://cxsecurity.com/

Reply via email to