Project

General

Profile

Bug #9552

grep segfaults when you ask for context

Added by Andrew Stormont about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2018-05-24
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

You can specify the number of surrounding lines that should also be printed out for each match (with -B NUM, -C NUM or just -NUM) as context, but if you do grep with core dump. This is because the check that tests whether the buffer needs to grow is faulty. Due to missing parenthesis it causes the buffer to balloon prematurely and then later not grow when the buffer is no longer big enough, causing a buffer overflow. It's also possible that after growing it still won't be big enough so we need to do the check in a loop.

Related issues

Related to illumos gate - Bug #8858: /usr/bin/grep doesn't support -E optionClosed2017-11-23

Actions

History

#1

Updated by Andrew Stormont about 2 years ago

  • Subject changed from grep segfaults when you as for context to grep segfaults when you ask for context
#2

Updated by Andrew Stormont about 2 years ago

  • Description updated (diff)
#3

Updated by Yuri Pankov about 2 years ago

Could you provide an example as it doesn't dump core for me?

#4

Updated by Andrew Stormont about 2 years ago

I can do better than that. I can give you a diff: https://www.illumos.org/rb/r/1090/

#5

Updated by Yuri Pankov about 2 years ago

Thanks, but it would still be nice to know how to reproduce the issue (and add a test case, if possible).

#6

Updated by Andrew Stormont about 2 years ago

Try this:

root@omniosce:~# grep -2 hello /var/adm/messages
Segmentation Fault (core dumped)
#7

Updated by Andrew Stormont about 2 years ago

Stack trace:

# pstack /var/cores/core.grep.21164
core '/var/cores/core.grep.21164' of 21164:     /tmp/grep -2 hello /var/adm/messages
 fee361a0 memcpy   (3, 8047e3f, 0, feeca983, 8047e3f, 0) + 160
 08053935 process_file (8047e3f, 0, fedd2a00, feec9d24, fef447cc, 0) + 77
 08053a9e process_path (8047e3f, 8047d50, 8054797, d7acdc4, 4b, 8050c98) + 10c
 08054335 main     (3, 8047d50, 8047d64, 8051bc3, 0, 0) + 7fc
 08051be8 _start_crt (4, 8047d50, fefcf323, 0, 0, 0) + 97
 08051aba _start   (4, 8047e2c, 8047e39, 8047e3f, 0, 0) + 1a
#8

Updated by Andrew Stormont about 2 years ago

  • Related to Bug #8858: /usr/bin/grep doesn't support -E option added
#9

Updated by Electric Monk about 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit d9241f995480d9097812b34500484c0fff9d7528

commit  d9241f995480d9097812b34500484c0fff9d7528
Author: Andrew Stormont <astormont@racktopsystems.com>
Date:   2018-06-01T18:03:01.000Z

    9552 grep segfaults when you ask for context
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Andy Fiddaman <af@citrus-it.net>
    Approved by: Robert Mustacchi <rm@joyent.com>

Also available in: Atom PDF