This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug regex/17069] New: leak in regcomp
- From: "konstantin.s.serebryany at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 19 Jun 2014 05:53:27 +0000
- Subject: [Bug regex/17069] New: leak in regcomp
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=17069
Bug ID: 17069
Summary: leak in regcomp
Product: glibc
Version: 2.20
Status: NEW
Severity: normal
Priority: P2
Component: regex
Assignee: unassigned at sourceware dot org
Reporter: konstantin.s.serebryany at gmail dot com
CC: drepper.fsp at gmail dot com
regcomp has a memory leak. Present in ancient 2.15 and in fresh trunk.
clang -fsanitize=address -g ./r.c && ASAN_OPTIONS=fast_unwind_on_malloc=0
./a.out 1
==1371==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4943d9 in calloc
#1 0x7fa25a3e57c3 in parse_bracket_exp glibc-trunk/posix/regcomp.c:3045
#2 0x7fa25a3e57c3 in parse_expression glibc-trunk/posix/regcomp.c:2265
#3 0x7fa25a3e9181 in parse_branch glibc-trunk/posix/regcomp.c:2193
#4 0x7fa25a3e9408 in parse_reg_exp glibc-trunk/posix/regcomp.c:2145
#5 0x7fa25a3ea156 in parse glibc-trunk/posix/regcomp.c:2114
#6 0x7fa25a3ea156 in re_compile_internal glibc-trunk/posix/regcomp.c:794
#7 0x7fa25a3ece0f in __regcomp glibc-trunk/posix/regcomp.c:501
#8 0x4b2c6e in main r.c:8
Valgrind sees it too:
gcc -std=c99 -g ./r.c && valgrind --leak-check=full ./a.out 1
==1895== 32 bytes in 1 blocks are definitely lost in loss record 1 of 1
==1895== at 0x4C2B1B8: calloc (vg_replace_malloc.c:618)
==1895== by 0x4F145DE: parse_expression (regcomp.c:3057)
==1895== by 0x4F1246F: parse_branch (regcomp.c:2170)
==1895== by 0x4F127BD: parse_reg_exp (regcomp.c:2122)
==1895== by 0x4F12CBF: re_compile_internal (regcomp.c:2091)
==1895== by 0x4F16E7E: regcomp (regcomp.c:506)
==1895== by 0x4005E9: main (r.c:8)
Running this test with large number of iterations you can see the leak in 'top'
#include <regex.h>
#include <stdlib.h>
int main(int argc, char **argv) {
long n = argc == 2 ? atol(argv[1]) : 1;
for (long i = 0; i < n; i++) {
regex_t r;
regcomp(&r, "[^[][:alpha:][:up[^perword:]\\{-2(?<!27,}ï\\p.o\n"
"]ïïïïï+)][:x[digit:]]\\P{^Gothic}{-109,}^{235}NNNN{214,}{-83}\\z\\w", 0);
regfree(&r);
}
}
Found with the help of regfuzz
--
You are receiving this mail because:
You are on the CC list for the bug.