bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] dfa: fix dfa-heap-overrun failure


From: Paul Eggert
Subject: Re: [PATCH 1/3] dfa: fix dfa-heap-overrun failure
Date: Mon, 14 Sep 2020 00:28:32 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 9/14/20 12:13 AM, Norihiro Tanaka wrote:

when (i >= d->follows[i].elems[j].index), it seems that
map[d->follows[i].elems[j].index] has been already set a value more than 0.

What case violates this assumption?

Thank you for looking into this. I ran into the problem with the dfa-heap-overrun test:

grep -E '(^| )*(a|b)*(c|d)*( |$)' < /dev/null

I can reproduce the problem by applying the attached patch to current dfa.c. This patch brings back the previous algorithm, except with a runtime test of the assumption. If I then run the dfa-heap-overrun test, it dumps core on my platform (Ubuntu 18.04.5 x86-64, en_US.utf8 locale) because the assumption is violated.

Attachment: dfa-resurrect-bug.diff
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]