heap-buffer overflow when searching for regex @\*

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

heap-buffer overflow when searching for regex @\*

From:	Benno Schulenberg
Subject:	heap-buffer overflow when searching for regex @\*
Date:	Sun, 17 Oct 2021 10:52:00 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0

Hi,

When compiling the 'info' program or GNU nano with -fsanitize=address,
then searching in either of the programs for the regex "@\*" (without
the quotes) causes an abortion in gnulib's re_search_internal() at
lib/regexec.c:764.

To reproduce, configure texinfo-6.8 with CFLAGS="-g -O0 -march=native
-fsanitize=address", compile, and then run 'info/ginfo texinfo 2>TRAIL'
and search for "@\*".  In other words, type: /@\*<Enter>.  Then type
five times Shift+}.  Result: info aborts.  See the attached output.

To reproduce with nano, first run 'makeinfo --plain doc/texinfo.texi
>thetext' in the texinfo-6.8 directory, then configure nano-5.9 with
the same CFLAGS, compile, and then run 'src/nano +1 thetext 2>TRAIL'
and type: Ctrl+W Alt+R @\*<Enter>.  Type type six times Alt+W.  Result:
nano aborts.  See the attached output.

Problem still occurs when using a current checkout of gnulib.

Benno

TRAIL-info
Description: Text document

TRAIL-nano
Description: Text document

OpenPGP_signature
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

heap-buffer overflow when searching for regex @\*, Benno Schulenberg <=
- Re: heap-buffer overflow when searching for regex @\*, Paul Eggert, 2021/10/18
  - Re: heap-buffer overflow when searching for regex @\*, Benno Schulenberg, 2021/10/19

Prev by Date: Re: bug#51144: GNU grep 3.7 fails to build on FreeBSD
Next by Date: gnulib does not always detect need for iconv() hack on musl
Previous by thread: Re: emacs: macOS warning in lib/nproc.c
Next by thread: Re: heap-buffer overflow when searching for regex @\*
Index(es):
- Date
- Thread