This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
- From: "starfire01 at astrofrontiers dot com" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 18 Feb 2005 04:55:27 -0000
- Subject: [Bug regex/751] New: regcomp calls malloc with 0 byte request size when pattern begins with BOL anchor '^'
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
Linux Version: RHEL4, FC3
When calling regcomp() with a pattern containing the beginning of line anchor
character, e.g. "^MatchThis", recomp() is successful if the standard malloc
library is used and fails when a replacement malloc library (e.g. mmalloc from
gdb) is used.
Debug output shows that regcomp makes a call to malloc with a zero byte size
request, yet the standard malloc() returns a pointer to memory anyway, thereby
allowing the call to complete. However, the replacement library returns a NULL
upon a 0 byte size request which causes the call to core dump.
Code snippet:
printf( "Calling regcomp\n" );
if ( regcomp( &preg, "^Testpat", REG_NOSUB | REG_EXTENDED ) == 0 )
{
printf( "Successfully compiled pattern\n" );
regfree( &preg );
}
else
{
printf( "Failed to compile pattern\n" );
}
Debug output:
Calling regcomp
==> MALLOC 0x84f4008 256
==> REALLOC 0x84f4110 (nil) 140
==> MALLOC 0x84f41a0 72
==> MALLOC 0x84f41f0 192
==> MALLOC 0x84f42b8 1004
==> MALLOC 0x84f46a8 36
==> MALLOC 0x84f46d0 36
==> MALLOC 0x84f46f8 108
==> MALLOC 0x84f4768 108
==> MALLOC 0x84f47d8 108
==> MALLOC 0x84f4848 4
==> MALLOC 0x84f4858 8
==> REALLOC 0x84f4868 0x84f41a0 144
==> REALLOC 0x84f41a0 0x84f46a8 72
==> REALLOC 0x84f4900 0x84f46d0 72
==> REALLOC 0x84f4950 0x84f46f8 216
==> REALLOC 0x84f4a30 0x84f4768 216
==> REALLOC 0x84f46f8 0x84f47d8 216
==> MALLOC 0x84f47d8 4
==> MALLOC 0x84f47e8 4
==> MALLOC 0x84f47f8 4
==> MALLOC 0x84f4808 4
==> MALLOC 0x84f4818 4
==> MALLOC 0x84f4828 4
==> MALLOC 0x84f4838 4
==> MALLOC 0x84f4b10 4
==> MALLOC 0x84f4b20 4
==> REALLOC 0x84f4b30 (nil) 8
==> REALLOC 0x84f4b40 (nil) 8
==> REALLOC 0x84f4b50 (nil) 8
==> REALLOC 0x84f4b60 (nil) 8
==> REALLOC 0x84f4b70 (nil) 8
==> REALLOC 0x84f4b80 (nil) 8
==> REALLOC 0x84f4b90 (nil) 8
==> REALLOC 0x84f4ba0 (nil) 8
==> REALLOC 0x84f4bb0 (nil) 8
==> REALLOC 0x84f4bc0 (nil) 8
==> MALLOC 0x84f4bd0 8
==> MALLOC 0x84f4be0 52
==> MALLOC 0x84f4c18 8
==> MALLOC 0x84f4c28 12
==> MALLOC 0x84f4c38 8
==> MALLOC 0x84f4c48 0 *** NOTE 0 size call - fail point of
replacement library
==> REALLOC 0x84f4c58 (nil) 8
==> MALLOC 0x84f4c68 52
==> MALLOC 0x84f4ca0 8
==> MALLOC 0x84f4cb0 12
==> MALLOC 0x84f4cc0 8
==> MALLOC 0x84f4cd0 0 *** NOTE 0 size call
==> REALLOC 0x84f4ce0 (nil) 8
==> MALLOC 0x84f4cf0 52
==> MALLOC 0x84f4d28 8
==> MALLOC 0x84f4d38 12
==> MALLOC 0x84f4d48 8
==> MALLOC 0x84f4d58 8
==> REALLOC 0x84f4d68 (nil) 8
==> MALLOC 0x84f4d78 52
==> MALLOC 0x84f4db0 8
==> MALLOC 0x84f4dc0 12
==> MALLOC 0x84f4dd0 8
==> MALLOC 0x84f4de0 8
==> REALLOC 0x84f4df0 (nil) 8
==> FREE 0x84f4bd0
==> FREE 0x84f42b8
==> FREE 0x84f4900
==> FREE (nil)
==> FREE (nil)
Successfully compiled pattern
==> FREE 0x84f41a0
==> FREE 0x84f4858
==> FREE 0x84f4b30
==> FREE 0x84f4848
==> FREE 0x84f47e8
==> FREE 0x84f4b50
==> FREE (nil)
==> FREE 0x84f47f8
==> FREE 0x84f4b60
==> FREE (nil)
==> FREE 0x84f4808
==> FREE 0x84f4b70
==> FREE (nil)
==> FREE 0x84f4818
==> FREE 0x84f4b80
==> FREE (nil)
==> FREE 0x84f4828
==> FREE 0x84f4b90
==> FREE (nil)
==> FREE 0x84f4838
==> FREE 0x84f4ba0
==> FREE (nil)
==> FREE 0x84f4b10
==> FREE 0x84f4bb0
==> FREE (nil)
==> FREE 0x84f4b20
==> FREE 0x84f4bc0
==> FREE (nil)
==> FREE 0x84f47d8
==> FREE 0x84f4b40
==> FREE (nil)
==> FREE 0x84f4950
==> FREE 0x84f4a30
==> FREE 0x84f46f8
==> FREE 0x84f4868
==> FREE (nil)
==> FREE 0x84f4de0
==> FREE (nil)
==> FREE 0x84f4dd0
==> FREE 0x84f4dc0
==> FREE 0x84f4db0
==> FREE (nil)
==> FREE 0x84f4d78
==> FREE 0x84f4df0
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE (nil)
==> FREE 0x84f4c48
==> FREE (nil)
==> FREE 0x84f4c38
==> FREE 0x84f4c28
==> FREE 0x84f4c18
==> FREE (nil)
==> FREE 0x84f4be0
==> FREE 0x84f4c58
==> FREE 0x84f4cd0
==> FREE (nil)
==> FREE 0x84f4cc0
==> FREE 0x84f4cb0
==> FREE 0x84f4ca0
==> FREE (nil)
==> FREE 0x84f4c68
==> FREE 0x84f4ce0
==> FREE 0x84f4d58
==> FREE (nil)
==> FREE 0x84f4d48
==> FREE 0x84f4d38
==> FREE 0x84f4d28
==> FREE (nil)
==> FREE 0x84f4cf0
==> FREE 0x84f4d68
==> FREE (nil)
==> FREE (nil)
==> FREE 0x84f41f0
==> FREE (nil)
==> FREE (nil)
==> FREE 0x84f4110
==> FREE 0x84f4008
==> FREE (nil)
The standard malloc appears to be forgiving in the case of a zero byte request
that masks the regcomp call.
I apologize if this is all expected behavior, however, it did impact my system
when using a malloc that returned NULL upon a 0 byte request.
--
Summary: regcomp calls malloc with 0 byte request size when
pattern begins with BOL anchor '^'
Product: glibc
Version: 2.3.4
Status: NEW
Severity: normal
Priority: P2
Component: regex
AssignedTo: gotom at debian dot or dot jp
ReportedBy: starfire01 at astrofrontiers dot com
CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=751
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.