This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
re_search_2 bug with NULL reference
- From: lav at yars dot free dot net
- To: libc-alpha at sources dot redhat dot com
- Date: Fri, 1 Nov 2002 10:35:05 +0300 (MSK)
- Subject: re_search_2 bug with NULL reference
>Submitter-Id: net
>Originator: Alexander V. Lukyanov
>Organization: Yaroslavl State University
>Confidential: no
>Synopsis: re_search_2 fails with NULL reference
>Severity: serious
>Priority: medium
>Category: libc
>Class: sw-bug
>Release: libc-2.2.93
>Environment:
Host type: i386-redhat-linux-gnu
System: Linux backup 2.4.19 #11 SMP Fri Oct 18 12:49:45 MSD 2002 i686 i686 i386 GNU/Linux
Architecture: i686
Addons: c_stubs glibc-compat linuxthreads
Build CFLAGS: -march=i386 -freorder-blocks -DNDEBUG=1 -g -O3
Build CC: gcc
Compiler version: 3.2 20020903 (Red Hat Linux 8.0 3.2-7)
Kernel headers: 2.4.9-9
Symbol versioning: yes
Build static: yes
Build shared: yes
Build pic-default: no
Build profile: yes
Build omitfp: no
Build bounded: no
Build static-nss: no
>Description:
re_search_2 gets SIGSEGV because of NULL reference when using
le-1.9.1 with syntax highlighting. Older glibc (e.g. 2.2.5) had
no problems with it.
Here is backtrace:
#0 0x08075497 in proceed_next_node (preg=0x80b7424, mctx=0xbffff270,
pidx=0xbffff1fc, node=5, eps_via_nodes=0xbffff200) at regexec.c:909
#1 0x080755e3 in set_regs (preg=0x80b7424, mctx=0xbffff270, nmatch=2,
pmatch=0x80c2768, last_node=17) at regexec.c:1029
#2 0x08074de9 in re_search_internal (preg=0x80b7424,
string=0x80acde0 "/*\n * Copyright (c) 1993-1997 by Alexander V. Lukyanov (lav@yars.free.net)\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public Li"...,
length=1509, start=0, range=17, stop=0, nmatch=2, pmatch=0x80c2768,
eflags=0) at regexec.c:674
#3 0x080747fb in re_search_stub (bufp=0x80b7424,
string=0x80acde0 "/*\n * Copyright (c) 1993-1997 by Alexander V. Lukyanov (lav@yars.free.net)\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public Li"...,
length=1509, start=0, range=1509, stop=1509, regs=0x80b7444, ret_len=0)
at regexec.c:353
#4 0x080746c1 in re_search_2_stub (bufp=0x80b7424,
string1=0x80acde0 "/*\n * Copyright (c) 1993-1997 by Alexander V. Lukyanov (lav@yars.free.net)\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public Li"...,
length1=134925792, string2=0x0, length2=0, start=0, range=1509,
regs=0x80b7444, stop=1509, ret_len=0) at regexec.c:293
#5 0x08074610 in re_search_2 (bufp=0x80b7424,
string1=0x80acde0 "/*\n * Copyright (c) 1993-1997 by Alexander V. Lukyanov (lav@yars.free.net)\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public Li"...,
length1=1509, string2=0x0, length2=0, start=0, range=1509, regs=0x80b7444,
stop=1509) at regexec.c:252
#6 0x0806f929 in syntax_hl::attrib_line(char const*, int, char const*, int, unsigned char*) (
buf1=0x80acde0 "/*\n * Copyright (c) 1993-1997 by Alexander V. Lukyanov (lav@yars.free.net)\n *\n * This program is free software; you can redistribute it and/or modify\n * it under the terms of the GNU General Public Li"...,
len1=1509, buf2=0x0, len2=0, line=0x80bc558 "") at highli.cc:436
#7 0x08063364 in Redisplay(long, long, long) (line=0, ptr=0, limit=34)
at screen.cc:546
#8 0x08061efd in SyncTextWin() () at screen.cc:207
#9 0x080505ed in Edit() () at edit.cc:152
#10 0x0805153b in main (argc=2, argv=0xbffff9a0) at edit.cc:718
#11 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6
And here is why it fails:
(gdb) p mctx->state_log[*pidx]
$1 = (struct re_dfastate_t *) 0x0
>How-To-Repeat:
run le-1.9.1 (ftp://ftp.yars.free.net/unix/util/texteditors/le-1.9.1.tar.gz)
on a C file with a comment at the top. The comment should be shown
as light green on brue by default, but it gets Segmentation fault.
>Fix: