Re: [PATCH] Invalid read in regdupe in maint-5.8

[Nicholas Clark <nick@ccl4.org>]

On Thu, Sep 25, 2008 at 05:53:14PM +0200, Vincent Pit wrote:
> On maint-5.8, valgrind reports an invalid read of total size 4 (the size
> of a regnode) in regcomp.c:Perl_regdupe:4845 when creating threads
> (testcase attached). Compared to what is allocated in pregcomp, it seems
> that the computed len is one regnode too long. The patch attached fixes
> the error and passes all tests with 34415.
> 
> Vincent.


> --- regcomp.c	2008-09-19 23:03:55.000000000 +0200
> +++ regcomp.c	2008-09-25 17:30:56.000000000 +0200
> @@ -4840,7 +4840,7 @@
>      len = r->offsets[0];
>      npar = r->nparens+1;
>  
> -    size = sizeof(regexp) + (len+1)*sizeof(regnode);
> +    size = sizeof(regexp) + len*sizeof(regnode);
>      Newxc(ret, size, char, regexp);
>      Copy(r, ret, size, char);
>  

I can recreate the problem. But there are two things I don't understand.

1: Why does exactly one regexp trigger the warning from valgrind?
   Specifically, /.*::/
   There are lots of regexps being duplicated, off-by-one, and only this
   pattern generates an error. If I tweak the test case to have an explicit
   qr/.*::/ (as well as the one I infer is somewhere in threads.pm) then I
   get exactly two errors from valgrind

2: Why can't I get errors from valgrind in blead? It seems to be the same code,
   with the same off-by-one error in the allocation.

It feels like this bug is more general than maint-5.8, yet I can neither
reproduce it on blead (or maint-5.10) nor satisfy myself that the code is
different and there is no bug there.

Nicholas Clark

---

Follow-Ups from:

Nicholas Clark <nick@ccl4.org>

---

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

---