GNU logs - #34142, boring messages


Message sent to bug-sed@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#34142: AddressSanitizer reported heap-buffer-overflow
Resent-From: Hongxu Chen <leftcopy.chx@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-sed@HIDDEN
Resent-Date: Sun, 20 Jan 2019 06:11:02 +0000
Resent-Message-ID: <handler.34142.B.15479646321208 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 34142
X-GNU-PR-Package: sed
X-GNU-PR-Keywords: 
To: 34142 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-sed@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.15479646321208
          (code B ref -1); Sun, 20 Jan 2019 06:11:02 +0000
Received: (at submit) by debbugs.gnu.org; 20 Jan 2019 06:10:32 +0000
Received: from localhost ([127.0.0.1]:38258 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gl6JT-0000JQ-Q9
	for submit <at> debbugs.gnu.org; Sun, 20 Jan 2019 01:10:32 -0500
Received: from eggs.gnu.org ([209.51.188.92]:48749)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leftcopy.chx@HIDDEN>) id 1gl6JR-0000JA-Fr
 for submit <at> debbugs.gnu.org; Sun, 20 Jan 2019 01:10:30 -0500
Received: from lists.gnu.org ([209.51.188.17]:43863)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leftcopy.chx@HIDDEN>)
 id 1gl6JK-0005ae-8O
 for submit <at> debbugs.gnu.org; Sun, 20 Jan 2019 01:10:22 -0500
Received: from eggs.gnu.org ([209.51.188.92]:58930)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leftcopy.chx@HIDDEN>) id 1gl6JI-0002z0-ES
 for bug-sed@HIDDEN; Sun, 20 Jan 2019 01:10:22 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 HTML_MESSAGE autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leftcopy.chx@HIDDEN>) id 1gl6JA-0005Tg-RS
 for bug-sed@HIDDEN; Sun, 20 Jan 2019 01:10:16 -0500
Received: from mail-it1-x136.google.com ([2607:f8b0:4864:20::136]:40510)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <leftcopy.chx@HIDDEN>)
 id 1gl6J6-0005Kl-Sb
 for bug-sed@HIDDEN; Sun, 20 Jan 2019 01:10:10 -0500
Received: by mail-it1-x136.google.com with SMTP id h193so11144977ita.5
 for <bug-sed@HIDDEN>; Sat, 19 Jan 2019 22:10:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=FiMviPiFmlfU3UjuOjuj33uoETILXph46CagH9RBZTc=;
 b=uRMU3AbgOto6Ma42FNVTRkhRj5d2BFcK5DCTl2LF9Osv5sV0268jW8SUrh2L+BMgpf
 0UldWVkYsKEVSu/F2X85RniIrHak3gqa2PoghEajNSGcramyX5gR0EP+14oG0sqw9/4u
 TZMQ6ssO70bYey4Misp0s0/mwuKgh3qMpIu66N9AU07emk2AAdeLDDTkVt4xjMAQXEJq
 8jmKMpzJb1WbnLl/m+WbBYY7H20GfF0NoYCR6yruYHO/Spcs3UK+4CBDoUPiHufcKGo5
 Q82YwcFCQM8YrDHrO6jQntsXQKjPvlkBAdWYScKg+9zDZ43JZYPVHEJgyaR9/nVNyzRv
 m7ag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=FiMviPiFmlfU3UjuOjuj33uoETILXph46CagH9RBZTc=;
 b=WXvixl3Ff6WJVIKQoLDHkoGw9FHLVD88D2hyY8DUur/ClXEW5ZUm4VUc4CrmLZoxO5
 DqdW436vpuvKwdKYB0f1bmXbKlZtM11YQ3gVPxT7M26qlEgWCZ2dbmgEyGmaj8glkOru
 Q3nsgsuXBFkY+WDDP1P92XobveG3XiuE9r7BhxaSXvT0/9trwzruTs33W2qvHYlYoRWV
 t5tW4p9bWJxg9+oF3l0g9OcE8bQpl7Jv6fj1+KOWJZ6rUE9pb7o7feR6i4WjGVjbUdaR
 CKpdrKSoQvnvdqjPa36OAY3sFT2qaqSGIJY2kyRrZltsVABmBXfSb45oYs4xzc/R4Z6z
 etzw==
X-Gm-Message-State: AJcUukdHhAHrywIWx6Tbbjy17ScHe7ydC3iAcHv00h/mrDwlnjAW53cF
 cWbjbsq4JOU89mybQTGi0Sr2vf13fjo8wv2E0l1pzHC/
X-Google-Smtp-Source: ALg8bN6jGbraBkqtAtcY79aZB93NZw5SpZRjjAMtl3nu40eAC+DtQWmzVx11TBpGhQw8snthVtW01Fo5P3PXiONENgs=
X-Received: by 2002:a05:660c:91:: with SMTP id
 t17mr4980292itj.41.1547964598846; 
 Sat, 19 Jan 2019 22:09:58 -0800 (PST)
MIME-Version: 1.0
From: Hongxu Chen <leftcopy.chx@HIDDEN>
Date: Sun, 20 Jan 2019 14:09:48 +0800
Message-ID: <CAJPBKOHEQt0GJ2nF0fTZL9Ld4=sGZiUvrejieSgD9taxGT62ww@HIDDEN>
Content-Type: multipart/mixed; boundary="0000000000000a9597057fdd98a7"
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::136
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: 1.0 (+)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

--0000000000000a9597057fdd98a7
Content-Type: multipart/alternative; boundary="0000000000000a9594057fdd98a5"

--0000000000000a9594057fdd98a5
Content-Type: text/plain; charset="UTF-8"

Hi,

    When latest sed (4.7.4-f8503-dirty) is compiled with ASan, it report a
heap-buffer-overflow when executing the following command.

      echo '0000000000000000000000000000' | ./sed -f c02.sed

   =================================================================
==13920==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x606000000233 at pc 0x0000004b4136 bp 0x7ffc475e3930 sp 0x7ffc475e30e0
READ of size 26 at 0x606000000233 thread T0
    #0 0x4b4135 in __interceptor_memcmp.part.283
(/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135)
    #1 0x5b274c in proceed_next_node
/home/hongxu/FOT/sed-O0/./lib/regexec.c:1296:9
    #2 0x597a4c in set_regs /home/hongxu/FOT/sed-O0/./lib/regexec.c:1453:18
    #3 0x569a4f in re_search_internal
/home/hongxu/FOT/sed-O0/./lib/regexec.c:864:10
    #4 0x56acd7 in re_search_stub
/home/hongxu/FOT/sed-O0/./lib/regexec.c:425:12
    #5 0x56b061 in rpl_re_search
/home/hongxu/FOT/sed-O0/./lib/regexec.c:289:10
    #6 0x52f572 in match_regex /home/hongxu/FOT/sed-O0/sed/regexp.c:358:11
    #7 0x5292d1 in do_subst /home/hongxu/FOT/sed-O0/sed/execute.c:1015:8
    #8 0x5233a2 in execute_program
/home/hongxu/FOT/sed-O0/sed/execute.c:1543:15
    #9 0x520cba in process_files
/home/hongxu/FOT/sed-O0/sed/execute.c:1680:16
    #10 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17
    #11 0x7f1dc2297b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #12 0x41b219 in _start
(/home/hongxu/FOT/sed-O0/install/bin/sed+0x41b219)

0x606000000233 is located 0 bytes to the right of 51-byte region
[0x606000000200,0x606000000233)
allocated by thread T0 here:
    #0 0x4db0d0 in malloc (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4db0d0)
    #1 0x5624f4 in xmalloc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:41:13
    #2 0x5627c4 in xzalloc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:86:18
    #3 0x520e16 in line_init /home/hongxu/FOT/sed-O0/sed/execute.c:281:15
    #4 0x5209ad in process_files
/home/hongxu/FOT/sed-O0/sed/execute.c:1654:3
    #5 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17
    #6 0x7f1dc2297b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135) in
__interceptor_memcmp.part.283
Shadow bytes around the buggy address:
  0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c0c7fff8000: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c0c7fff8010: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x0c0c7fff8020: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
  0x0c0c7fff8030: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
=>0x0c0c7fff8040: 00 00 00 00 00 00[03]fa fa fa fa fa 00 00 00 00
  0x0c0c7fff8050: 00 00 03 fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0c7fff8060: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c0c7fff8070: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x0c0c7fff8080: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c7fff8090: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==13920==ABORTING
[1]    13917 done       echo '0000000000000000000000000000' |
       13920 abort      ./sed -f c02.sed

c02.sed is attached (it seems ok when executing with the c02.sed content
directly, `echo '0000000000000000000000000000' | ./sed -f
"s000;s0\(..*\)*\1\(\)\S00"`).

This seems an issue in lib/regexec.c since we found GNU debbugs #34140 has
a similar case.

Best Regards,
Hongxu

--0000000000000a9594057fdd98a5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div di=
r=3D"ltr"><div dir=3D"ltr"><div>Hi,</div><div><br></div><div>=C2=A0 =C2=A0 =
When latest sed (4.7.4-f8503-dirty) is compiled with ASan, it report a heap=
-buffer-overflow when executing the following command.</div><div><br></div>=
<div>=C2=A0 =C2=A0 =C2=A0 echo &#39;0000000000000000000000000000&#39; | ./s=
ed -f c02.sed</div><div><br></div><div>=C2=A0 =C2=A0=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D</div><div>=3D=3D13920=3D=3DERROR: AddressSanitizer=
: heap-buffer-overflow on address 0x606000000233 at pc 0x0000004b4136 bp 0x=
7ffc475e3930 sp 0x7ffc475e30e0</div><div>READ of size 26 at 0x606000000233 =
thread T0</div><div>=C2=A0 =C2=A0 #0 0x4b4135 in __interceptor_memcmp.part.=
283 (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135)</div><div>=C2=A0 =C2=
=A0 #1 0x5b274c in proceed_next_node /home/hongxu/FOT/sed-O0/./lib/regexec.=
c:1296:9</div><div>=C2=A0 =C2=A0 #2 0x597a4c in set_regs /home/hongxu/FOT/s=
ed-O0/./lib/regexec.c:1453:18</div><div>=C2=A0 =C2=A0 #3 0x569a4f in re_sea=
rch_internal /home/hongxu/FOT/sed-O0/./lib/regexec.c:864:10</div><div>=C2=
=A0 =C2=A0 #4 0x56acd7 in re_search_stub /home/hongxu/FOT/sed-O0/./lib/rege=
xec.c:425:12</div><div>=C2=A0 =C2=A0 #5 0x56b061 in rpl_re_search /home/hon=
gxu/FOT/sed-O0/./lib/regexec.c:289:10</div><div>=C2=A0 =C2=A0 #6 0x52f572 i=
n match_regex /home/hongxu/FOT/sed-O0/sed/regexp.c:358:11</div><div>=C2=A0 =
=C2=A0 #7 0x5292d1 in do_subst /home/hongxu/FOT/sed-O0/sed/execute.c:1015:8=
</div><div>=C2=A0 =C2=A0 #8 0x5233a2 in execute_program /home/hongxu/FOT/se=
d-O0/sed/execute.c:1543:15</div><div>=C2=A0 =C2=A0 #9 0x520cba in process_f=
iles /home/hongxu/FOT/sed-O0/sed/execute.c:1680:16</div><div>=C2=A0 =C2=A0 =
#10 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17</div><div>=C2=
=A0 =C2=A0 #11 0x7f1dc2297b96 in __libc_start_main /build/glibc-OTsEL5/glib=
c-2.27/csu/../csu/libc-start.c:310</div><div>=C2=A0 =C2=A0 #12 0x41b219 in =
_start (/home/hongxu/FOT/sed-O0/install/bin/sed+0x41b219)</div><div><br></d=
iv><div>0x606000000233 is located 0 bytes to the right of 51-byte region [0=
x606000000200,0x606000000233)</div><div>allocated by thread T0 here:</div><=
div>=C2=A0 =C2=A0 #0 0x4db0d0 in malloc (/home/hongxu/FOT/sed-O0/install/bi=
n/sed+0x4db0d0)</div><div>=C2=A0 =C2=A0 #1 0x5624f4 in xmalloc /home/hongxu=
/FOT/sed-O0/lib/xmalloc.c:41:13</div><div>=C2=A0 =C2=A0 #2 0x5627c4 in xzal=
loc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:86:18</div><div>=C2=A0 =C2=A0 #3 =
0x520e16 in line_init /home/hongxu/FOT/sed-O0/sed/execute.c:281:15</div><di=
v>=C2=A0 =C2=A0 #4 0x5209ad in process_files /home/hongxu/FOT/sed-O0/sed/ex=
ecute.c:1654:3</div><div>=C2=A0 =C2=A0 #5 0x5300dc in main /home/hongxu/FOT=
/sed-O0/sed/sed.c:382:17</div><div>=C2=A0 =C2=A0 #6 0x7f1dc2297b96 in __lib=
c_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310</di=
v><div><br></div><div>SUMMARY: AddressSanitizer: heap-buffer-overflow (/hom=
e/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135) in __interceptor_memcmp.part.=
283</div><div>Shadow bytes around the buggy address:</div><div>=C2=A0 0x0c0=
c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>=C2=A0=
 0x0c0c7fff8000: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa</div><div>=
=C2=A0 0x0c0c7fff8010: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd</div=
><div>=C2=A0 0x0c0c7fff8020: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd f=
a</div><div>=C2=A0 0x0c0c7fff8030: fa fa fa fa fd fd fd fd fd fd fd fa fa f=
a fa fa</div><div>=3D&gt;0x0c0c7fff8040: 00 00 00 00 00 00[03]fa fa fa fa f=
a 00 00 00 00</div><div>=C2=A0 0x0c0c7fff8050: 00 00 03 fa fa fa fa fa 00 0=
0 00 00 00 00 00 00</div><div>=C2=A0 0x0c0c7fff8060: fa fa fa fa fd fd fd f=
d fd fd fd fa fa fa fa fa</div><div>=C2=A0 0x0c0c7fff8070: 00 00 00 00 00 0=
0 00 fa fa fa fa fa 00 00 00 00</div><div>=C2=A0 0x0c0c7fff8080: 00 00 00 f=
a fa fa fa fa fd fd fd fd fd fd fd fd</div><div>=C2=A0 0x0c0c7fff8090: fa f=
a fa fa 00 00 00 00 00 00 00 00 fa fa fa fa</div><div>Shadow byte legend (o=
ne shadow byte represents 8 application bytes):</div><div>=C2=A0 Addressabl=
e:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A000</div><div>=C2=A0 Partially ad=
dressable: 01 02 03 04 05 06 07=C2=A0</div><div>=C2=A0 Heap left redzone:=
=C2=A0 =C2=A0 =C2=A0 =C2=A0fa</div><div>=C2=A0 Freed heap region:=C2=A0 =C2=
=A0 =C2=A0 =C2=A0fd</div><div>=C2=A0 Stack left redzone:=C2=A0 =C2=A0 =C2=
=A0 f1</div><div>=C2=A0 Stack mid redzone:=C2=A0 =C2=A0 =C2=A0 =C2=A0f2</di=
v><div>=C2=A0 Stack right redzone:=C2=A0 =C2=A0 =C2=A0f3</div><div>=C2=A0 S=
tack after return:=C2=A0 =C2=A0 =C2=A0 f5</div><div>=C2=A0 Stack use after =
scope:=C2=A0 =C2=A0f8</div><div>=C2=A0 Global redzone:=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 f9</div><div>=C2=A0 Global init order:=C2=A0 =C2=A0 =C2=A0 =
=C2=A0f6</div><div>=C2=A0 Poisoned by user:=C2=A0 =C2=A0 =C2=A0 =C2=A0 f7</=
div><div>=C2=A0 Container overflow:=C2=A0 =C2=A0 =C2=A0 fc</div><div>=C2=A0=
 Array cookie:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ac</div><div>=C2=A0=
 Intra object redzone:=C2=A0 =C2=A0 bb</div><div>=C2=A0 ASan internal:=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0fe</div><div>=C2=A0 Left alloca redzo=
ne:=C2=A0 =C2=A0 =C2=A0ca</div><div>=C2=A0 Right alloca redzone:=C2=A0 =C2=
=A0 cb</div><div>=3D=3D13920=3D=3DABORTING</div><div>[1]=C2=A0 =C2=A0 13917=
 done=C2=A0 =C2=A0 =C2=A0 =C2=A0echo &#39;0000000000000000000000000000&#39;=
 |=C2=A0</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A013920 abort=C2=A0 =C2=A0 =C2=
=A0 ./sed -f c02.sed</div><div><br></div><div>c02.sed is attached (it seems=
 ok when executing with the c02.sed content directly, `echo &#39;0000000000=
000000000000000000&#39; | ./sed -f &quot;s000;s0\(..*\)*\1\(\)\S00&quot;`).=
</div><div><br></div><div>This seems an issue in lib/regexec.c since we fou=
nd GNU debbugs #34140 has a similar case.</div><br clear=3D"all"><div><div =
dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr=
"><font color=3D"#313131" face=3D"Arial, sans-serif"><span style=3D"font-si=
ze:12px">Best Regards,</span></font><div><font color=3D"#313131" face=3D"Ar=
ial, sans-serif"><span style=3D"font-size:12px">Hongxu</span></font></div><=
/div></div></div></div></div></div></div></div></div></div></div>

--0000000000000a9594057fdd98a5--

--0000000000000a9597057fdd98a7
Content-Type: application/octet-stream; name="c02.sed"
Content-Disposition: attachment; filename="c02.sed"
Content-Transfer-Encoding: base64
Content-ID: <f_jr4hzhog0>
X-Attachment-Id: f_jr4hzhog0

czCJMDA7czBcKC4uKlwpKlwxXChcKVxTMDA=
--0000000000000a9597057fdd98a7--




Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Hongxu Chen <leftcopy.chx@HIDDEN>
Subject: bug#34142: Acknowledgement (AddressSanitizer reported
 heap-buffer-overflow)
Message-ID: <handler.34142.B.15479646321208.ack <at> debbugs.gnu.org>
References: <CAJPBKOHEQt0GJ2nF0fTZL9Ld4=sGZiUvrejieSgD9taxGT62ww@HIDDEN>
X-Gnu-PR-Message: ack 34142
X-Gnu-PR-Package: sed
Reply-To: 34142 <at> debbugs.gnu.org
Date: Sun, 20 Jan 2019 06:11:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-sed@HIDDEN

If you wish to submit further information on this problem, please
send it to 34142 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
34142: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D34142
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems


Message sent to bug-sed@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#34142: AddressSanitizer reported heap-buffer-overflow
Resent-From: Assaf Gordon <assafgordon@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-sed@HIDDEN
Resent-Date: Sun, 20 Jan 2019 09:15:03 +0000
Resent-Message-ID: <handler.34142.B34142.154797566320169 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 34142
X-GNU-PR-Package: sed
X-GNU-PR-Keywords: 
To: Hongxu Chen <leftcopy.chx@HIDDEN>, 34142 <at> debbugs.gnu.org
Received: via spool by 34142-submit <at> debbugs.gnu.org id=B34142.154797566320169
          (code B ref 34142); Sun, 20 Jan 2019 09:15:03 +0000
Received: (at 34142) by debbugs.gnu.org; 20 Jan 2019 09:14:23 +0000
Received: from localhost ([127.0.0.1]:38293 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gl9BO-0005FF-KT
	for submit <at> debbugs.gnu.org; Sun, 20 Jan 2019 04:14:22 -0500
Received: from mail-pf1-f175.google.com ([209.85.210.175]:42161)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <assafgordon@HIDDEN>) id 1gl9BL-0005El-BA
 for 34142 <at> debbugs.gnu.org; Sun, 20 Jan 2019 04:14:21 -0500
Received: by mail-pf1-f175.google.com with SMTP id 64so8710134pfr.9
 for <34142 <at> debbugs.gnu.org>; Sun, 20 Jan 2019 01:14:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-language:content-transfer-encoding;
 bh=q/Lp0AsiataOEfiZRL7IasK0bOqKKMb/vmJNoxCVkVU=;
 b=JFuvIRBnsBTZkgm9o51bi9/DhicB9ux72YhOC2zv05MdDfS57hjybV4CDU9WFGpb8c
 zQbKagEF7FypyAI7+EsjOWaGlFW4Ziky9eFhMS4vwPzlPR88fWsI0yj9ydjYqp+YqQ5J
 zGIH9NK3T7AGxDVV/mHDEXsm2r61hyjuciTLm2pVU78p2/Feegy4ZKxmEu7EQttLBKdY
 i5aPusLldrq7oMUgxvLL2hw/EhYPlr+KMmTcBuURKY5R+fP2gr5V6Dk0wxOh3Hp7nSvR
 bx6dWsbNDspHh70JbBGOKb9x+iXfw3OUFFsnMJIvyujQthNir1ptTTqWB2ddA3eCC8UQ
 d1Tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=q/Lp0AsiataOEfiZRL7IasK0bOqKKMb/vmJNoxCVkVU=;
 b=cjLJvc8kqdSOm0daAjKomY0b6NzASdZcuTVSBCRjXbL44lyFMc62xhWangrWfut0kf
 OI3erpSuelKl+NbxarkReqLkUXOX/7SC7Rb2Cez4naij5Qpq/OWFJqpA8zsZQLYxhlbx
 bYaNnQw1tQq724rru9K1rvNOJfGSLVYOHEJDs/X5kydjavs5eobFlK5WajHt24lNRACK
 DUbQuZ+ED6NWRhIRh4d9HoGH8Xn2wsbripIrvvY1t/b20IeFpB8Abgha0S0adTT9jiZH
 HW8aLPFkg/ZElavjEadPoxICNeocMchrtmNly4fYthqsy5gR7/CHohjt6qiZ8UpJzFGc
 4iJw==
X-Gm-Message-State: AJcUukdInH1ohTeaQTmhCLdsYEedeul2Z/jtEhR6tjdMT/elgPRgbd0l
 60EfYxw1mRdNRyJp0eSpAF33LKo0
X-Google-Smtp-Source: ALg8bN7VFOallua4zBR/iEA0MQVgyLbX344ShlWUv1JJSYXJ2GxGMJzNEobdoGgVoYkyJDIHyG4TkA==
X-Received: by 2002:a63:5207:: with SMTP id g7mr24279010pgb.253.1547975652615; 
 Sun, 20 Jan 2019 01:14:12 -0800 (PST)
Received: from tomato.housegordon.com (moose.housegordon.com. [184.68.105.38])
 by smtp.googlemail.com with ESMTPSA id
 v191sm20565810pgb.77.2019.01.20.01.14.11
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 20 Jan 2019 01:14:11 -0800 (PST)
References: <CAJPBKOHEQt0GJ2nF0fTZL9Ld4=sGZiUvrejieSgD9taxGT62ww@HIDDEN>
From: Assaf Gordon <assafgordon@HIDDEN>
Message-ID: <e7ba7ae7-8585-fef9-7a17-553d34be60b7@HIDDEN>
Date: Sun, 20 Jan 2019 02:14:10 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CAJPBKOHEQt0GJ2nF0fTZL9Ld4=sGZiUvrejieSgD9taxGT62ww@HIDDEN>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

(forwarding to gnulib)

Hello,

Hongxu Chen reported a heap-buffer-overflow in gnulib's regexec code.

It can be reproduced with current sed using:

      git clone git://git.sv.gnu.org/sed.git
      cd sed
      ./bootstrap && ./configure
      make build-asan

      echo 00000000000000000000000000 | ./sed/sed -E -e 's/(.*)*\1//'

The above 'sed' invocation is a simplified variation of Hongxu's report.

Details below:

On 2019-01-19 11:09 p.m., Hongxu Chen wrote:
> 
>     =================================================================
> ==13920==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x606000000233 at pc 0x0000004b4136 bp 0x7ffc475e3930 sp 0x7ffc475e30e0
> READ of size 26 at 0x606000000233 thread T0
>      #0 0x4b4135 in __interceptor_memcmp.part.283
> (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135)
>      #1 0x5b274c in proceed_next_node
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1296:9
>      #2 0x597a4c in set_regs /home/hongxu/FOT/sed-O0/./lib/regexec.c:1453:18
>      #3 0x569a4f in re_search_internal
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:864:10
>      #4 0x56acd7 in re_search_stub
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:425:12
>      #5 0x56b061 in rpl_re_search
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:289:10
>      #6 0x52f572 in match_regex /home/hongxu/FOT/sed-O0/sed/regexp.c:358:11
>      #7 0x5292d1 in do_subst /home/hongxu/FOT/sed-O0/sed/execute.c:1015:8
>      #8 0x5233a2 in execute_program
> /home/hongxu/FOT/sed-O0/sed/execute.c:1543:15
>      #9 0x520cba in process_files
> /home/hongxu/FOT/sed-O0/sed/execute.c:1680:16
>      #10 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17
>      #11 0x7f1dc2297b96 in __libc_start_main
> /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
>      #12 0x41b219 in _start
> (/home/hongxu/FOT/sed-O0/install/bin/sed+0x41b219)
> 
> 0x606000000233 is located 0 bytes to the right of 51-byte region
> [0x606000000200,0x606000000233)
> allocated by thread T0 here:
>      #0 0x4db0d0 in malloc (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4db0d0)
>      #1 0x5624f4 in xmalloc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:41:13
>      #2 0x5627c4 in xzalloc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:86:18
>      #3 0x520e16 in line_init /home/hongxu/FOT/sed-O0/sed/execute.c:281:15
>      #4 0x5209ad in process_files
> /home/hongxu/FOT/sed-O0/sed/execute.c:1654:3
>      #5 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17
>      #6 0x7f1dc2297b96 in __libc_start_main
> /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
> 
> SUMMARY: AddressSanitizer: heap-buffer-overflow
> (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135) in
> __interceptor_memcmp.part.283
> Shadow bytes around the buggy address:
>    0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>    0x0c0c7fff8000: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
>    0x0c0c7fff8010: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
>    0x0c0c7fff8020: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
>    0x0c0c7fff8030: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
> =>0x0c0c7fff8040: 00 00 00 00 00 00[03]fa fa fa fa fa 00 00 00 00
>    0x0c0c7fff8050: 00 00 03 fa fa fa fa fa 00 00 00 00 00 00 00 00
>    0x0c0c7fff8060: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
>    0x0c0c7fff8070: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
>    0x0c0c7fff8080: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd
>    0x0c0c7fff8090: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>    Addressable:           00
>    Partially addressable: 01 02 03 04 05 06 07
>    Heap left redzone:       fa
>    Freed heap region:       fd
>    Stack left redzone:      f1
>    Stack mid redzone:       f2
>    Stack right redzone:     f3
>    Stack after return:      f5
>    Stack use after scope:   f8
>    Global redzone:          f9
>    Global init order:       f6
>    Poisoned by user:        f7
>    Container overflow:      fc
>    Array cookie:            ac
>    Intra object redzone:    bb
>    ASan internal:           fe
>    Left alloca redzone:     ca
>    Right alloca redzone:    cb
> ==13920==ABORTING





Message sent to bug-sed@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#34142: AddressSanitizer reported heap-buffer-overflow
Resent-From: Assaf Gordon <assafgordon@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-sed@HIDDEN
Resent-Date: Sun, 20 Jan 2019 09:16:02 +0000
Resent-Message-ID: <handler.34142.B34142.154797571820315 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 34142
X-GNU-PR-Package: sed
X-GNU-PR-Keywords: 
To: Hongxu Chen <leftcopy.chx@HIDDEN>, 34142 <at> debbugs.gnu.org, "bug-gnulib@HIDDEN List" <bug-gnulib@HIDDEN>
Received: via spool by 34142-submit <at> debbugs.gnu.org id=B34142.154797571820315
          (code B ref 34142); Sun, 20 Jan 2019 09:16:02 +0000
Received: (at 34142) by debbugs.gnu.org; 20 Jan 2019 09:15:18 +0000
Received: from localhost ([127.0.0.1]:38302 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gl9CI-0005Hb-9c
	for submit <at> debbugs.gnu.org; Sun, 20 Jan 2019 04:15:18 -0500
Received: from mail-pg1-f180.google.com ([209.85.215.180]:43255)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <assafgordon@HIDDEN>) id 1gl9CG-0005HL-Nv
 for 34142 <at> debbugs.gnu.org; Sun, 20 Jan 2019 04:15:17 -0500
Received: by mail-pg1-f180.google.com with SMTP id v28so8085695pgk.10
 for <34142 <at> debbugs.gnu.org>; Sun, 20 Jan 2019 01:15:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:subject:to:references:message-id:date:user-agent:mime-version
 :in-reply-to:content-language:content-transfer-encoding;
 bh=q/Lp0AsiataOEfiZRL7IasK0bOqKKMb/vmJNoxCVkVU=;
 b=GuZQR7dHt22zaN/XxyElvEEtVROzkR7ilAQhtM8zJ5BuLbAjgi688KlpoOmo1Kllc6
 Tz8Utl8kyxJykuXjz6eh97Xp/kd5SP4VCmAa/tK1DlWuhfxCJemM6ZNJEDWn9GUUbHzG
 6MgK/gciuTyYkUQh+lSVf21zhLEBfXcCddZRG8qk/jK+86vjNNA63qnb2F2gdwrG/bwm
 wrlt31rGDXBOfPoYEYyi8eTyNcyIiobwcy4cRoa/wO4g13XQOqCyXIz5PeZeDYr2JqIe
 sgYLgL4Drnpb1BDfQ2lL00Dwi1oYde7QxGCGa7MQD+15PS1aekyqBVgZhljNZlW10VYh
 jT1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:subject:to:references:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=q/Lp0AsiataOEfiZRL7IasK0bOqKKMb/vmJNoxCVkVU=;
 b=f+/vnK5/Riqlu62PMz9tYaXuDmkrcrkoar2Pgk0o/iNuN+RRfr3qgFCIX95SaXBBdd
 jCh1oQefvYVvYtTgepIlzMrP3HVKSZiWI/NmJbxWinFR1UCNHtqlCQybM/YL9rHNF1pC
 OHbKjfS4bxqZgGG5KJ7bXzlwwvi9ssRPBllrMvbgPqb+IJ5bMOr3imUYyDtmio7IyRys
 hC6iL5xwexZpFKq/648ZgDMc4ry9cW3oS5CWOYAY43agqeEzN8nhEY4QkOg3AkAMVi2K
 hP4w54PtjipOJpy1uLSmepZzVdDxd+batHFkh6AXvILCzGHU69NqrU+naZxh/D1lALlP
 O4sg==
X-Gm-Message-State: AJcUukc8hSXlTeXHljFYaNvfeZRNUmtZAuMtSqWqjBw30F3tsyT+tuoF
 s5ue9ItFZ+FVYG86rJsbj7Y=
X-Google-Smtp-Source: ALg8bN4+kAfA17Zi0AlY2onzw8h49Zugfa/YJCbKUr2NpGVL6BjB3GJBN9QoFCbVFSXj0hYugylloA==
X-Received: by 2002:aa7:83c6:: with SMTP id j6mr8022346pfn.91.1547975710898;
 Sun, 20 Jan 2019 01:15:10 -0800 (PST)
Received: from tomato.housegordon.com (moose.housegordon.com. [184.68.105.38])
 by smtp.googlemail.com with ESMTPSA id
 t185sm13434103pgd.90.2019.01.20.01.15.09
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 20 Jan 2019 01:15:09 -0800 (PST)
From: Assaf Gordon <assafgordon@HIDDEN>
References: <CAJPBKOHEQt0GJ2nF0fTZL9Ld4=sGZiUvrejieSgD9taxGT62ww@HIDDEN>
Message-ID: <33466703-d85e-400d-3f19-f2ece6d9c32a@HIDDEN>
Date: Sun, 20 Jan 2019 02:15:08 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CAJPBKOHEQt0GJ2nF0fTZL9Ld4=sGZiUvrejieSgD9taxGT62ww@HIDDEN>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

(forwarding to gnulib)

Hello,

Hongxu Chen reported a heap-buffer-overflow in gnulib's regexec code.

It can be reproduced with current sed using:

      git clone git://git.sv.gnu.org/sed.git
      cd sed
      ./bootstrap && ./configure
      make build-asan

      echo 00000000000000000000000000 | ./sed/sed -E -e 's/(.*)*\1//'

The above 'sed' invocation is a simplified variation of Hongxu's report.

Details below:

On 2019-01-19 11:09 p.m., Hongxu Chen wrote:
> 
>     =================================================================
> ==13920==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x606000000233 at pc 0x0000004b4136 bp 0x7ffc475e3930 sp 0x7ffc475e30e0
> READ of size 26 at 0x606000000233 thread T0
>      #0 0x4b4135 in __interceptor_memcmp.part.283
> (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135)
>      #1 0x5b274c in proceed_next_node
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:1296:9
>      #2 0x597a4c in set_regs /home/hongxu/FOT/sed-O0/./lib/regexec.c:1453:18
>      #3 0x569a4f in re_search_internal
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:864:10
>      #4 0x56acd7 in re_search_stub
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:425:12
>      #5 0x56b061 in rpl_re_search
> /home/hongxu/FOT/sed-O0/./lib/regexec.c:289:10
>      #6 0x52f572 in match_regex /home/hongxu/FOT/sed-O0/sed/regexp.c:358:11
>      #7 0x5292d1 in do_subst /home/hongxu/FOT/sed-O0/sed/execute.c:1015:8
>      #8 0x5233a2 in execute_program
> /home/hongxu/FOT/sed-O0/sed/execute.c:1543:15
>      #9 0x520cba in process_files
> /home/hongxu/FOT/sed-O0/sed/execute.c:1680:16
>      #10 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17
>      #11 0x7f1dc2297b96 in __libc_start_main
> /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
>      #12 0x41b219 in _start
> (/home/hongxu/FOT/sed-O0/install/bin/sed+0x41b219)
> 
> 0x606000000233 is located 0 bytes to the right of 51-byte region
> [0x606000000200,0x606000000233)
> allocated by thread T0 here:
>      #0 0x4db0d0 in malloc (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4db0d0)
>      #1 0x5624f4 in xmalloc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:41:13
>      #2 0x5627c4 in xzalloc /home/hongxu/FOT/sed-O0/lib/xmalloc.c:86:18
>      #3 0x520e16 in line_init /home/hongxu/FOT/sed-O0/sed/execute.c:281:15
>      #4 0x5209ad in process_files
> /home/hongxu/FOT/sed-O0/sed/execute.c:1654:3
>      #5 0x5300dc in main /home/hongxu/FOT/sed-O0/sed/sed.c:382:17
>      #6 0x7f1dc2297b96 in __libc_start_main
> /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
> 
> SUMMARY: AddressSanitizer: heap-buffer-overflow
> (/home/hongxu/FOT/sed-O0/install/bin/sed+0x4b4135) in
> __interceptor_memcmp.part.283
> Shadow bytes around the buggy address:
>    0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>    0x0c0c7fff8000: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
>    0x0c0c7fff8010: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
>    0x0c0c7fff8020: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
>    0x0c0c7fff8030: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
> =>0x0c0c7fff8040: 00 00 00 00 00 00[03]fa fa fa fa fa 00 00 00 00
>    0x0c0c7fff8050: 00 00 03 fa fa fa fa fa 00 00 00 00 00 00 00 00
>    0x0c0c7fff8060: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
>    0x0c0c7fff8070: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
>    0x0c0c7fff8080: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd
>    0x0c0c7fff8090: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>    Addressable:           00
>    Partially addressable: 01 02 03 04 05 06 07
>    Heap left redzone:       fa
>    Freed heap region:       fd
>    Stack left redzone:      f1
>    Stack mid redzone:       f2
>    Stack right redzone:     f3
>    Stack after return:      f5
>    Stack use after scope:   f8
>    Global redzone:          f9
>    Global init order:       f6
>    Poisoned by user:        f7
>    Container overflow:      fc
>    Array cookie:            ac
>    Intra object redzone:    bb
>    ASan internal:           fe
>    Left alloca redzone:     ca
>    Right alloca redzone:    cb
> ==13920==ABORTING






Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.