** Changed in: lua-lpeg (Ubuntu) Assignee: (unassigned) => Victor Tapia (vtapia)
** Changed in: lua-lpeg (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1580385 Title: /usr/bin/nmap:11:hascaptures:hascaptures:hascaptures:hascaptures:hascaptures Status in lua-lpeg package in Ubuntu: In Progress Status in lua-lpeg source package in Xenial: New Status in lua-lpeg source package in Bionic: New Status in lua-lpeg source package in Disco: New Status in lua-lpeg source package in Eoan: New Status in lua-lpeg package in Debian: Unknown Bug description: [Impact] Under certain conditions, lpeg will crash while walking the pattern tree looking for TCapture nodes. [Test Case] The reproducer, taken from an upstream discussion (link in "Other info"), is: $ cat repro.lua #!/usr/bin/env lua lpeg = require "lpeg" p = lpeg.C(-lpeg.P{lpeg.P'x' * lpeg.V(1) + lpeg.P'y'}) p:match("xx") The program crashes due to a hascaptures() infinite recursion: $ ./repro.lua Segmentation fault (core dumped) (gdb) bt -25 #523984 0x00007ffff7a3743c in hascaptures () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523985 0x00007ffff7a3743c in hascaptures () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523986 0x00007ffff7a3743c in hascaptures () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523987 0x00007ffff7a3743c in hascaptures () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523988 0x00007ffff7a3743c in hascaptures () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523989 0x00007ffff7a3743c in hascaptures () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523990 0x00007ffff7a3815c in ?? () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523991 0x00007ffff7a388e3 in compile () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523992 0x00007ffff7a36fab in ?? () from /usr/lib/x86_64-linux-gnu/lua/5.2/lpeg.so #523993 0x000055555555fd1e in ?? () #523994 0x000055555556a5fc in ?? () #523995 0x00005555555600c8 in ?? () #523996 0x000055555555f63f in ?? () #523997 0x000055555556030f in ?? () #523998 0x000055555555dc91 in lua_pcallk () #523999 0x000055555555b896 in ?? () #524000 0x000055555555c54b in ?? () #524001 0x000055555555fd1e in ?? () #524002 0x0000555555560092 in ?? () #524003 0x000055555555f63f in ?? () #524004 0x000055555556030f in ?? () #524005 0x000055555555dc91 in lua_pcallk () #524006 0x000055555555b64b in ?? () #524007 0x00007ffff7c94bbb in __libc_start_main (main=0x55555555b5f0, argc=2, argv=0x7fffffffe6d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe6c8) at ../csu/libc-start.c:308 #524008 0x000055555555b70a in ?? () The expected behavior is to have the program finish normally [Regression potential] Low, this is a backport from upstream and only limits the infinite recursion in a scenario where it shouldn't happen to begin with (TCapture node search). [Other info] This was fixed upstream in 1.0.1 by stopping the recursion in TCall nodes and controlling that TRule nodes do not follow siblings (sib2) The upstream discussion can be found here: http://lua.2524044.n2.nabble.com/LPeg-intermittent-stack-exhaustion- td7674831.html My analysis can be found here: http://pastebin.ubuntu.com/p/n4824ftZt9/plain/ [Original description] The Ubuntu Error Tracker has been receiving reports about a problem regarding nmap. This problem was most recently seen with version 7.01-2ubuntu2, the problem page at https://errors.ubuntu.com/problem/5e852236a443bab0279d47c8a9b7e55802bfb46f contains more details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lua-lpeg/+bug/1580385/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : sts-sponsors@lists.launchpad.net Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp