New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
overflow-1.re test fails on system with small stack #219
Comments
|
…tates). This is to avoid stack overflow on large RE (especially on instrumented builds that have larger stack frames, like AddressSanitizer). Stack overflow reported by Agostino Sarubbo. Related to #219 "overflow-1.re test fails on system with small stack".
This is to avoid stack overflow on large RE (especially on instrumented builds that have larger stack frames, like AddressSanitizer). Partial fix for #219 "overflow-1.re test fails on system with small stack".
This is to avoid stack overflow on large RE (especially on instrumented builds that have larger stack frames, like AddressSanitizer). Partial fix for #219 "overflow-1.re test fails on system with small stack".
This is to avoid stack overflow on large RE (especially on instrumented builds that have larger stack frames, like AddressSanitizer). Partial fix for #219 "overflow-1.re test fails on system with small stack".
|
A quick way to reproduce without polluting the shell: Run the same in GDB to see the faulty recursive function: |
|
This issue was assigned to CVE-2018-21232 |
It backports patches from 2.0 series to fix CVE-2018-21232. References: NixOS#88391 https://www.openwall.com/lists/oss-security/2020/04/27/2 skvadrik/re2c#219 Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
It backports patches from 2.0 series to fix CVE-2018-21232. References: NixOS#88391 https://www.openwall.com/lists/oss-security/2020/04/27/2 skvadrik/re2c#219 Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com> (cherry picked from commit 5854bf0)
The crash happened in a rare case of a very long lexeme that doen't fit into the buffer, forcing buffer reallocation. The crash was caused by an incorrect calculation of the shift offset (it was smaller than necessary). As a consequence, the data from buffer start and up to the beginning of the current lexeme was not discarded (as it should have been), resulting in less free space for new data than expected.
|
@trofi I was testing against 2.0.3 and test still failed. also fails on 2.1.1 running oe-core(master) on qemux86-64 where i build from source inside of the emulator. |
|
@yifan19 Correct, this hasn't been fixed yet. I eliminated some of the recursive functions, but a few still remain (such as |
Backport commits from the following issue: skvadrik/re2c#219 CVE: CVE-2018-21232 Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport commits from the following issue: skvadrik/re2c#219 CVE: CVE-2018-21232 (From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: poky MR: 118243 Type: Integration Disposition: Merged from poky ChangeID: 9d155cbf956024e6ade0f10486ed8fe427652ad0 Description: Backport commits from the following issue: skvadrik/re2c#219 CVE: CVE-2018-21232 (From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
This fixes bug #219. Tested as follows (all tests passed): bash -c "ulimit -s 256; time ./run_tests.py" Original test that revealed the problematic recursive functions: bash -c "ulimit -s 256; echo run | gdb --args ./re2c overflow-1.re"
This fixes bug #219. Tested as follows (all tests passed): bash -c "ulimit -s 256; time ./run_tests.py" Original test that revealed the problematic recursive functions: bash -c "ulimit -s 256; echo run | gdb --args ./re2c overflow-1.re"
This fixes bug #219. Tested as follows (all tests passed): bash -c "ulimit -s 256; time ./run_tests.py" Original test that revealed the problematic recursive functions: bash -c "ulimit -s 256; echo run | gdb --args ./re2c overflow-1.re"
This fixes bug #219. Tested as follows (all tests passed): bash -c "ulimit -s 256; time ./run_tests.py" Original test that revealed the problematic recursive functions: bash -c "ulimit -s 256; echo run | gdb --args ./re2c overflow-1.re"
Factoring out the issue of #215 (comment)
On small stack systems (
ulimit -s 256)overflow-1.retest fails:The text was updated successfully, but these errors were encountered: