[Bug libstdc++/61582] C11 regex memory corruption

max at cert dot cx gcc-bugzilla@gcc.gnu.org
Tue Jun 24 19:37:00 GMT 2014 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582

--- Comment #2 from Maksymilian A <max at cert dot cx> ---
Sorry for mistake.
Could you check this again ?

cx@cx:~/REstd11/kozak5$ ~/gcc49/bin/g++ -v
Using built-in specs.
COLLECT_GCC=/home/cx/gcc49/bin/g++
COLLECT_LTO_WRAPPER=/home/cx/gcc49/libexec/gcc/x86_64-unknown-linux-gnu/4.9.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /home/cx/gcc49/source/gcc-4.9.0/configure --disable-multilib
--prefix=/home/cx/gcc49
Thread model: posix
gcc version 4.9.0 (GCC) 
cx@cx:~/REstd11/kozak5$ cat c11re.c
#include <iostream>
#include <string>
#include <regex>

using namespace std;

int main (int argc, char *argv[])
{
    if (std::regex_match ("GNUj", std::regex(argv[1]) ))
        std::cout << "ELO\n";
     return 0;
}
cx@cx:~/REstd11/kozak5$ ~/gcc49/bin/g++ -o c11re c11re.c -std=c++11
cx@cx:~/REstd11/kozak5$ ./c11re '((x|'
terminate called after throwing an instance of 'std::regex_error'
  what():  regex_error
Przerwane (core dumped)
cx@cx:~/REstd11/kozak5$ ./c11re '((.*)()?*{100})'
Naruszenie ochrony pamięci (core dumped)
cx@cx:~/REstd11/kozak5$

(gdb) r '((.*)()?*{100})'
Starting program: /home/cx/REstd11/kozak5/./c11re '((.*)()?*{100})'

Program received signal SIGSEGV, Segmentation fault.
0x0000000000402f15 in std::_Bit_reference::operator bool() const
    ()
(gdb) x/i $rip
=> 0x402f15 <_ZNKSt14_Bit_referencecvbEv+15>:    
    mov    (%rax),%rdx
(gdb) i r
rax            0x200000000063a128    2305843009220223272
rbx            0xffffffffffffffff    -1
rcx            0x200000000063a128    2305843009220223272
rdx            0x8000000000000000    -9223372036854775808
rsi            0x200000000063a128    2305843009220223272
rdi            0x7fffffffd350    140737488343888
rbp            0x7fffffffd310    0x7fffffffd310
rsp            0x7fffffffd310    0x7fffffffd310
r8             0x2    2
r9             0x20    32
r10            0x3    3
r11            0x7ffff75b5798    140737343346584
r12            0x402880    4204672
r13            0x7fffffffe260    140737488347744
r14            0x0    0
r15            0x0    0
=> 0x402f15 <_ZNKSt14_Bit_referencecvbEv+15>:
rip            0x402f15    0x402f15 <std::_Bit_reference::operator bool()
const+15>

...

#0  0x0000000000402f15 in std::_Bit_reference::operator bool() const ()
#1  0x000000000040a1bc in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#2  0x000000000040a275 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#3  0x000000000040a493 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#4  0x000000000040a28f in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#5  0x000000000040a3a5 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#6  0x000000000040a3a5 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits---Type <return>
to continue, or q <return> to quit---
<char>, false>::_M_dfs<true>(long) ()
#7  0x000000000040a3a5 in void std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_dfs<true>(long) ()
#8  0x0000000000407ee0 in bool std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_main<true>() ()
#9  0x0000000000406172 in std::__detail::_Executor<char const*,
std::allocator<std::sub_match<char const*> >, std::regex_traits<char>,
false>::_M_match() ()
#10 0x0000000000404cf5 in bool std::__detail::__regex_algo_impl<char const*,
std::allocator<std::sub_match<char const*> >, char, std::regex_traits<char>,
(std::__detail::_RegexExecutorPolicy)0, true>(char const*, char const*,
std::match_results<char const*, std::allocator<std::sub_match<char const*> >
>&, std::basic_regex<char, std::regex_traits<char> > const&,
std::regex_constants::match_flag_type) ()
#11 0x000000000040449e in bool std::regex_match<char const*,
std::allocator<std::sub_match<char const*> >, char, std::regex_traits<c---Type
<return> to continue, or q <return> to quit---
har> >(char const*, char const*, std::match_results<char const*,
std::allocator<std::sub_match<char const*> > >&, std::basic_regex<char,
std::regex_traits<char> > const&, std::regex_constants::match_flag_type) ()
#12 0x000000000040405c in bool std::regex_match<char const*, char,
std::regex_traits<char> >(char const*, char const*, std::basic_regex<char,
std::regex_traits<char> > const&, std::regex_constants::match_flag_type) ()
#13 0x0000000000403d4c in bool std::regex_match<char, std::regex_traits<char>
>(char const*, std::basic_regex<char, std::regex_traits<char> > const&,
std::regex_constants::match_flag_type) ()
#14 0x0000000000402a5f in main ()

More information about the Gcc-bugs mailing list