This is the mail archive of the
glibc-bugs-regex@sources.redhat.com
mailing list for the glibc project.
[Bug regex/934] New: segfault in regexec
- From: "zachmann at schlund dot de" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs-regex at sources dot redhat dot com
- Date: 6 May 2005 06:06:02 -0000
- Subject: [Bug regex/934] New: segfault in regexec
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
During the development of a multi threaded application on a multi processor
machine I found a segfault in regexec. I could not reproduce this crash on a
single processor machine. Attached you find a small testprogram that crashes
in about 30 of 100 runs.
Here is a backtrace of a crash:
Program terminated with signal 11, Segmentation fault.
#0 0x0805eb1e in re_acquire_state_context ()
(gdb) bt
#0 0x0805eb1e in re_acquire_state_context ()
#1 0x08061e75 in build_trtable ()
#2 0x0806387e in re_search_internal ()
#3 0x08063c51 in regexec ()
#4 0x080482a2 in run ()
#5 0x08048c21 in pthread_start_thread ()
glibc 2.3.4
gcc 3.3.5
The program is run on a dual Intel(R) Xeon(TM) CPU 2.40GHz with hyberthreading
enabled.
If you need more informations please let me know.
regextest.c
--------------------------------------
#include <sys/types.h>
#include <regex.h>
#include <stdlib.h>
regex_t * regex;
void *run( void * param )
{
int i = 0;
for ( ; i < 1000; ++i )
{
size_t nmatch = 1;
regmatch_t pmatch[nmatch];
regexec( regex, "this can cause a segfault on multi processor machines",
nmatch, pmatch, 0 );
}
}
int main()
{
int not = 4;
int i = 0;
int ret = 0;
char *exp = "a(aaaaaa|bbb(bbbb|ccc)?cccc(cccccccc)?\\.dd)d|"
"eeeeeee|f(gggggggggggggg|hhhhhhhh([0-9](\\.[0-9])?))|"
"i(jjjjj(/[0-9](\\.[0-9])?)?|kkkkkkkk)|"
"l(mmmmmmmmmmmmmmmmmmmmm|nnnnnn)|oooooooooooo\\.ooo|"
"ppppppppppp|qqqq[/ ]?1\\.[0-9]|rrrrrrrrr/[0-9](\\.[0-9])?|"
"ssss|M(tttt|uuu)|N(uuuuuuuu?/[1-9](\\.[0-9])?|aaaa)|"
"bbbbb[ /]?[0-9](\\.[0-9])?|P(aaaaaaaa|b(c/[3-4]|ddddd))|"
"S(a(bbbbb|ccc)|dd|eee|fffff|gggggg|hhhhhhhhhhh)|"
"wwwwwwwwwwwwwww|x(aaaaaaaa|bbb)";
pthread_t pthread_[not];
regex = (regex_t *)malloc( sizeof( regex_t ) );
ret = regcomp( regex, exp, REG_ICASE|REG_EXTENDED );
if ( ret != 0 )
{
printf( "regcomp failed: %d\n", ret );
}
for ( i = 0; i < not; ++i )
{
int error = pthread_create( &pthread_[ i ], NULL, &run, 0 );
if ( error != 0 )
{
printf( "unable to create thread: %d", error );
exit( 1 );
}
}
for ( i = 0; i < not; ++i )
{
pthread_join( pthread_[i], NULL );
}
}
--
Summary: segfault in regexec
Product: glibc
Version: 2.3.4
Status: NEW
Severity: normal
Priority: P2
Component: regex
AssignedTo: gotom at debian dot or dot jp
ReportedBy: zachmann at schlund dot de
CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=934
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.