Bug 23609 - regex backreference heap errors
Summary: regex backreference heap errors
Status: RESOLVED DUPLICATE of bug 18040
Alias: None
Product: glibc
Classification: Unclassified
Component: regex (show other bugs)
Version: 2.28
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-09-06 07:10 UTC by eggert
Modified: 2018-12-15 21:38 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
Patch for use-after-free bug, from Assaf Gordon (846 bytes, patch)
2018-09-06 07:10 UTC, eggert
Details | Diff
Patch for heap-exhaustion bug (621 bytes, patch)
2018-09-06 07:11 UTC, eggert
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description eggert 2018-09-06 07:10:37 UTC
Created attachment 11231 [details]
Patch for use-after-free bug, from Assaf Gordon

In <https://debbugs.gnu.org/32592#14> Saito Takaaki reported that a friend found a bug in GNU sed regex handling, and Assaf Gordon has found that this was due to use-after-free relating to the back-references. Assaf has a fix, which I'm attaching.

In that same thread, Jim Meyering noted <https://debbugs.gnu.org/32592#35> that there was some seemingly-useless code immediately after Assaf's bug fix. I have looked into this, and it turns out that this code does not properly report an error when heap allocation fails; instead, it just trudges onward and does goodness knows what. I'll attach a second patch for this nearby bug.
Comment 1 eggert 2018-09-06 07:11:18 UTC
Created attachment 11232 [details]
Patch for heap-exhaustion bug
Comment 2 eggert 2018-09-06 08:21:19 UTC
Assaf Gordon writes in <https://debbugs.gnu.org/32592#41> that the use-after-free bug was already reported as Bug#18040. The two bug reports should be merged.
Comment 3 eggert 2018-12-15 21:38:02 UTC
As I mentioned in Comment 2, this is the same bug as Bug#18040. Resolving it as a duplicate.

*** This bug has been marked as a duplicate of bug 18040 ***