Found a possible stack overflow issue

fish98 commented 4 months ago

Hi all,

A stack overflow issue has been found when processing any input/file with a crafted program file. The root cause seems to be the unterminated regexp parsing loop in function concat.

The stack trace should resemble:

==14571==ERROR: AddressSanitizer: stack-overflow on address 0x7ffef4bcdff8 (pc 0x55823c30d446 bp 0x55823c490f88 sp 0x7ffef4bce000 T0)
#0 0x55823c30d446 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> >, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate
#2  0x000055555558b934 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) ()
#3  0x000055555560c3ee in malloc ()
#4  0x0000555555669381 in nodealloc (n=2) at parse.c:36
#5  0x00005555556696a1 in node2 (a=277, b=0x604001ff0ad0, c=0x0) at parse.c:64
#6  0x0000555555669e77 in op2 (a=277, b=0x604001ff0ad0, c=0x0) at parse.c:145
#7  0x0000555555664349 in unary (np=0x604001ff0ad0) at b.c:1059
#8  0x00005555556642ee in unary (np=0x604001ff0a90) at b.c:1056
#9  0x0000555555663c74 in primary () at b.c:977
#10 0x0000555555663a28 in concat (np=0x604001ff0a50) at b.c:1030
#11 0x0000555555663a41 in concat (np=0x604001ff0950) at b.c:1030

Reproducible program file Input.txt is attached and please refer to my email for more detailed information. Thank you : )

plan9 commented 4 months ago

thanks for spotting this issue.

plan9 commented 3 weeks ago

will not fix in the current regexp implementation.

onetrueawk / awk

Found a possible stack overflow issue #221