[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"grep bug"
From: |
Olatunji Oluwabukunmi Ruwase |
Subject: |
"grep bug" |
Date: |
Thu, 24 Apr 2003 09:18:44 -0700 (PDT) |
Hi,
I came across what seems to be a bug in grep-2.5.1. The problem is the
result of memchr(which could be NULL) is passed to a pointer variable
"end", "end" is then incremented without checking whether or not it is
NULL. "end"(now 0x01) is finally used in a pointer difference operation.
This following snippet from src/search.c:582 is the code
********************************************************
end = memchr (beg + len, eol, (buf + size) - (beg + len));
end++;
while (buf < beg && beg[-1] != eol)
--beg;
*match_size = end - beg;
*********************************************************
Running grep with the following command line triggers this situation
echo " " | grep -F -e ''
This error was flagged by a dynamic bounds checking tool I am working on
while running the regression tests. I would appreciate if you could take a
look at it, to confirm it as a bug or some programming idiom in which case
my tool is generating false alarm
Thank you
tunji
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- "grep bug",
Olatunji Oluwabukunmi Ruwase <=