regexp causes SIGSEGV (stack overflow?)

[p5pRT]

Migrated from rt.perl.org#1760 (status was 'resolved')

Searchable as RT1760$

[p5pRT]

From amc@arwen.cs.berkeley.edu

The following program demonstrates a regular expression match on
a long string causing a SIGSEGV​:

#!/usr/bin/perl
$s = 'x';
for ($i = 1; $i < 16; ++$i) {
  $s = $s . $s;
  print length($s), "\n";
  $s =~ /(a?x)*/;
}

After the length of $s reaches 32768, perl crashes. I tried getting a
stack trace from gdb, but the stack appeared to be extremely large, so
maybe the problem is that the stack is overflowing. Should that cause a
SIGSEGV, or should it be handled more gracefully?

Is in necessary for that regular expression to require stack space
proportional to the size of the matched string? (It's been too long
since I took a compilers class.)

By the way, the regular expression is a greatly simplified version of
one I was actually using to remove a prefix from a string and print it.
The original code was structured like this​:

  if ($s =~ s/^((a?x)+)//) { print $1 }

My workaround is structured like this​:

  while ($s =~ s/^((a?x){1,999})//) { print $1 }

Perl Info

Site configuration information for perl 5.00503:

Configured by torin at Wed Sep 22 00:18:38 PDT 1999.

Summary of my perl5 (5.0 patchlevel 5 subversion 3) configuration:
  Platform:
    osname=linux, osvers=2.0.36, archname=i386-linux
    uname='linux perv 2.0.36 #2 wed nov 18 03:00:48 pst 1998 i686 unknown '
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef useperlio=undef d_sfio=undef
  Compiler:
    cc='cc', optimize='-O2', gccversion=2.95.1 19990809 (prerelease)
    cppflags='-Dbool=char -DHAS_BOOL -D_REENTRANT -DDEBIAN -I/usr/local/include'
    ccflags ='-Dbool=char -DHAS_BOOL -D_REENTRANT -DDEBIAN -I/usr/local/include'
    stdchar='char', d_stdstdio=undef, usevfork=false
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldbm -ldb -ldl -lm -lc -lposix -lcrypt
    libc=, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl 5.00503:
    /usr/lib/perl5/5.005/i386-linux
    /usr/lib/perl5/5.005
    /usr/local/lib/site_perl/i386-linux
    /usr/local/lib/site_perl
    /usr/lib/perl5
    .


Environment for perl 5.00503:
    HOME=/home/cs/amc
    LANG (unset)
    LANGUAGE (unset)
    LC_ALL=en_US
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/cs/amc/pkg/Linux/2.2.12/i686/amc/bin:/home/cs/amc/pkg/share/amc/bin:/bin:/sbin:/usr/sbin:/usr/bin:/usr/games:/home/cs/amc/pkg/Linux/2.2.12/i686/misc/bin:/usr/local/bin:/usr/X11R6/bin
    PERL_BADLANG (unset)
    SHELL=/usr/bin/tcsh

[p5pRT]

From [Unknown Contact. See original ticket]

still a problem as of 8101 on both Mandrake 7.2 and Solaris 8.0

The following program demonstrates a regular expression match on
a long string causing a SIGSEGV​:

#!/usr/bin/perl
$s = 'x';
for ($i = 1; $i < 16; ++$i) {
  $s = $s . $s;
  print length($s), "\n";
  $s =~ /(a?x)*/;
}

After the length of $s reaches 32768, perl crashes. I tried getting a
stack trace from gdb, but the stack appeared to be extremely large, so
maybe the problem is that the stack is overflowing. Should that cause a
SIGSEGV, or should it be handled more gracefully?

Is in necessary for that regular expression to require stack space
proportional to the size of the matched string? (It's been too long
since I took a compilers class.)

By the way, the regular expression is a greatly simplified version of
one I was actually using to remove a prefix from a string and print it.
The original code was structured like this​:

  if ($s =~ s/^((a?x)+)//) { print $1 }

My workaround is structured like this​:

  while ($s =~ s/^((a?x){1,999})//) { print $1 }

[p5pRT]

From @gbarr

This is still present in 5.8.0

[p5pRT]

From The RT System itself

bug seems unlikely to be OS related.

[p5pRT]

From The RT System itself

still segfaults bleadperl DEVEL7093

[p5pRT]

From @schwern

Still a problem in bleadperl@​25129.

[p5pRT]

From @hvds

"Michael G Schwern via RT" <perlbug-followup@​perl.org> wrote​:
:Still a problem in bleadperl@​25129.

Note that this bug is (correctly) marked as depending on the metabug
#24274. It will remain a bug until the metabug is fixed (by rewriting
enough of the regexp engine to avoid using the C stack recursively).

Hugo

[p5pRT]

From @smpeters

[amc@​arwen.cs.berkeley.edu - Tue Nov 09 12​:08​:10 1999]​:

-----------------------------------------------------------------
[Please enter your report here]

The following program demonstrates a regular expression match on
a long string causing a SIGSEGV​:

#!/usr/bin/perl
$s = 'x';
for ($i = 1; $i < 16; ++$i) {
$s = $s . $s;
print length($s), "\n";
$s =~ /(a?x)*/;
}

After the length of $s reaches 32768, perl crashes. I tried getting a
stack trace from gdb, but the stack appeared to be extremely large, so
maybe the problem is that the stack is overflowing. Should that cause
a
SIGSEGV, or should it be handled more gracefully?

Is in necessary for that regular expression to require stack space
proportional to the size of the matched string? (It's been too long
since I took a compilers class.)

By the way, the regular expression is a greatly simplified version of
one I was actually using to remove a prefix from a string and print
it.
The original code was structured like this​:

if \($s =~ s/^\(\(a?x\)\+\)//\) \{ print $1 \}

My workaround is structured like this​:

while \($s =~ s/^\(\(a?x\)\{1\,999\}\)//\) \{ print $1 \}

It appears that as of change #27598, this no longer core dumps. davem++ :)

[p5pRT]

@smpeters - Status changed from 'open' to 'resolved'