Re: Bug#165603: man-db: me too
reassign 165603 libc6
thanks
Hi,
Please see http://bugs.debian.org/165603 for context. The summary is
that apropos segfaults inside regexec() when using glibc 2.3.1 in a
locale other than C. To reproduce, get
http://people.debian.org/~branden/bug165603_index.bt.bz2, uncompress,
install as ~/man/index.bt, 'export LC_ALL=en_US' (or some other non-C
locale installed on the system), and run 'apropos -M ~/man xkb'.
There are no problems with glibc 2.2.5, and according to the NEWS file
glibc's regex implementation has just been completely rewritten.
On Tue, Oct 22, 2002 at 01:54:10AM +0100, Colin Watson wrote:
> Aha! On the off-chance, I tried this in a chroot with glibc 2.3.1 and it
> segfaulted. Ditto with en_US, which I'm guessing Branden's using.
I now believe that this is a bug in glibc. Unfortunately I can't
persuade either gdb or valgrind to give me any line number information
from /usr/lib/debug/libc.so.6, so I can't debug it in any more detail.
(Is this a bug too? If so, I can file it separately.)
> (gdb) bt
> #0 0x400c29e3 in re_exec () from /lib/libc.so.6
> #1 0x400c27c3 in re_exec () from /lib/libc.so.6
> #2 0x400bdae3 in re_exec () from /lib/libc.so.6
> #3 0x400bd1f2 in regexec () from /lib/libc.so.6
> #4 0x080498ad in parse_whatis (page=0xbffffee8 "xkb", lowpage=0x8050b40 "xkb",
> whatis=0x807b00a "the ISO 8859-2 character set encoded in octal, decimal, and hexadecimal") at whatis.c:413
> #5 0x08049a3e in apropos (page=0xbffffee8 "xkb", lowpage=0x8050b40 "xkb") at whatis.c:488
> #6 0x08049d44 in search (page=0xbffffee8 "xkb") at whatis.c:563
> #7 0x0804a0b3 in main (argc=4, argv=0xbffffdd4) at whatis.c:711
A more useful backtrace with the aid of libc6-dbg is:
(gdb) bt
#0 0x400c09e3 in re_string_context_at () from /usr/lib/debug/libc.so.6
#1 0x400c07c3 in re_string_reconstruct () from /usr/lib/debug/libc.so.6
#2 0x400bbae3 in re_search_internal () from /usr/lib/debug/libc.so.6
#3 0x400bb1f2 in regexec () from /usr/lib/debug/libc.so.6
#4 0x080498ad in parse_whatis (page=0xbffffec6 "xkb",
lowpage=0x8050b40 "xkb",
whatis=0x807b00a "the ISO 8859-2 character set encoded in octal, decimal, and hexadecimal") at whatis.c:413
#5 0x08049a3e in apropos (page=0xbffffec6 "xkb", lowpage=0x8050b40 "xkb")
at whatis.c:488
#6 0x08049d44 in search (page=0xbffffec6 "xkb") at whatis.c:563
#7 0x0804a0b3 in main (argc=4, argv=0xbffffdb4) at whatis.c:711
There seems to be some subtle memory corruption. I haven't managed to
pin any of this down to a segfault with a test program yet. However, I
can pin it down to something valgrind complains about quite easily, so I
would suggest that that would be the first place to look.
$ cat regtest.c
#include <stdio.h>
#include <regex.h>
int main (int argc, char **argv)
{
regex_t preg;
int errcode;
errcode = regcomp (&preg, "xkb", REG_EXTENDED | REG_NOSUB | REG_ICASE);
if (errcode) {
perror ("regcomp");
return 1;
}
errcode = regexec (&preg, "hello world", 0, (regmatch_t *) 0, 0);
if (errcode == 0) {
fprintf (stderr, "regexec succeeded incorrectly\n");
return 1;
} else if (errcode != REG_NOMATCH) {
perror ("regexec");
return 1;
}
return 0;
}
$ LD_LIBRARY_PATH=/usr/lib/debug valgrind -v --num-callers=20 ./regtest
==7085== valgrind-1.0.3, a memory error detector for x86 GNU/Linux.
==7085== Copyright (C) 2000-2002, and GNU GPL'd, by Julian Seward.
==7085== Startup, with flags:
==7085== --suppressions=/usr/lib/valgrind/woody.supp
==7085== -v
==7085== --num-callers=20
==7085== Reading suppressions file: /usr/lib/valgrind/woody.supp
==7085== Reading syms from /home/cjwatson/regtest
==7085== object doesn't have any debug info
==7085== Reading syms from /lib/ld-2.3.1.so
==7085== object doesn't have any debug info
==7085== Reading syms from /usr/lib/valgrind/valgrind.so
==7085== Reading syms from /usr/lib/debug/libc-2.3.1.so
==7085== Estimated CPU clock rate is 506 MHz
==7085==
==7085== Conditional jump or move depends on uninitialised value(s)
==7085== at 0x402F4AAC: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==7085== by 0x402F41F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==7085== by 0x8048507: main (in /home/cjwatson/regtest)
==7085== by 0x402609D3: __libc_start_main (in /usr/lib/debug/libc-2.3.1.so)
==7085== by 0x80483F1: (within /home/cjwatson/regtest)
==7085==
==7085== ERROR SUMMARY: 12 errors from 1 contexts (suppressed: 0 from 0)
==7085==
==7085== 12 errors in context 1 of 1:
==7085== Conditional jump or move depends on uninitialised value(s)
==7085== at 0x402F4AAC: re_search_internal (in /usr/lib/debug/libc-2.3.1.so)
==7085== by 0x402F41F2: __regexec (in /usr/lib/debug/libc-2.3.1.so)
==7085== by 0x8048507: main (in /home/cjwatson/regtest)
==7085== by 0x402609D3: __libc_start_main (in /usr/lib/debug/libc-2.3.1.so)
==7085== by 0x80483F1: (within /home/cjwatson/regtest)
==7085== IN SUMMARY: 12 errors from 1 contexts (suppressed: 0 from 0)
==7085==
==7085== malloc/free: in use at exit: 684 bytes in 21 blocks.
==7085== malloc/free: 31 allocs, 10 frees, 977 bytes allocated.
==7085== For a detailed leak analysis, rerun with: --leak-check=yes
==7085==
--7085-- lru: 0 epochs, 0 clearings.
--7085-- translate: new 919 (14529 -> 218524), discard 0 (0 -> 0).
--7085-- dispatch: 0 basic blocks, 2/964 sched events, 920 tt_fast misses.
--7085-- reg-alloc: 313 t-req-spill, 38365+1974 orig+spill uis, 4766 total-reg-r.
--7085-- sanity: 3 cheap, 1 expensive checks.
Thanks,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: