Subject: [Boost-bugs] [Boost C++ Libraries] #3460: Index out-of-bounds in match_regex with _GLIBCXX_DEBUG
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2009-09-17 09:07:08
#3460: Index out-of-bounds in match_regex with _GLIBCXX_DEBUG
-------------------------------------------------------+--------------------
Reporter: Bart Janssens <bart.janssens@…> | Owner: johnmaddock
Type: Bugs | Status: new
Milestone: Boost 1.41.0 | Component: regex
Version: Boost 1.40.0 | Severity: Problem
Keywords: match_regex m_subs |
-------------------------------------------------------+--------------------
Compiling a program that uses match_regex using the -D_GLIBCXX_DEBUG
results in an error indicating that an index was out of bounds. Compile
the attached testcase with:
{{{
g++ -g -O1 -D_GLIBCXX_DEBUG -lboost_regex -o regex regex.cpp
}}}
Running it displays the following error:
{{{
/usr/include/c++/4.3/debug/vector:237:error: attempt to subscript
container
with out-of-bounds index 2, but container only holds 2 elements.
Objects involved in the operation:
sequence "this" @ 0x0x7fff918bfa40 {
type =
NSt7__debug6vectorIN5boost9sub_matchIN9__gnu_cxx17__normal_iteratorIPKcSsEEEESaIS8_EEE;
}
Aborted
}}}
A backtrace of this says:
{{{
#0 0x00007fead68e6fb5 in raise () from /lib/libc.so.6
#1 0x00007fead68e8bc3 in abort () from /lib/libc.so.6
#2 0x00007fead712587c in __gnu_debug::_Error_formatter::_M_error () from
/usr/lib/libstdc++.so.6
#3 0x0000000000408638 in
std::__debug::vector<boost::sub_match<__gnu_cxx::__normal_iterator<char
const*, std::string> >,
std::allocator<boost::sub_match<__gnu_cxx::__normal_iterator<char const*,
std::string> > > >::operator[] (this=0x7fffdf8e8a50, __n=2) at
/usr/include/c++/4.3/debug/vector:237
#4 0x00000000004104d5 in
boost::re_detail::perl_matcher<__gnu_cxx::__normal_iterator<char const*,
std::string>,
std::allocator<boost::sub_match<__gnu_cxx::__normal_iterator<char const*,
std::string> > >, boost::regex_traits<char, boost::cpp_regex_traits<char>
> >::match_prefix (this=0x7fffdf8e6eb0)
at /usr/local/include/boost/regex/v4/match_results.hpp:418
#5 0x0000000000410899 in
boost::re_detail::perl_matcher<__gnu_cxx::__normal_iterator<char const*,
std::string>,
std::allocator<boost::sub_match<__gnu_cxx::__normal_iterator<char const*,
std::string> > >, boost::regex_traits<char, boost::cpp_regex_traits<char>
> >::match_imp (this=0x7fffdf8e6eb0)
at /usr/local/include/boost/regex/v4/perl_matcher_common.hpp:207
#6 0x0000000000410b5d in
boost::regex_match<__gnu_cxx::__normal_iterator<char const*, std::string>,
std::allocator<boost::sub_match<__gnu_cxx::__normal_iterator<char const*,
std::string> > >, char, boost::regex_traits<char,
boost::cpp_regex_traits<char> > > (first=<value optimized out>,
last=<value optimized out>,
m=<value optimized out>, e=<value optimized out>, flags=<value
optimized out>) at
/usr/local/include/boost/regex/v4/perl_matcher_common.hpp:180
#7 0x0000000000405d7c in main () at
/usr/local/include/boost/regex/v4/regex_match.hpp:100
}}}
It appears that m_subs[2] is used in line 418 of match_results.hpp, but
the size of m_subs is only 2.
Compiling without -D_GLIBCXX_DEBUG allows the program to run, and valgrind
does not detect any errors. I have tested this on the following platforms:
{{{
Linux 2.6.28-15-generic #49-Ubuntu SMP Tue Aug 18 19:25:34 UTC 2009 x86_64
GNU/Linux with g++ (Ubuntu 4.3.3-5ubuntu4) 4.3.3 (Ubuntu Jaunty)
}}}
and
{{{
Linux 2.6.31-9-generic #29-Ubuntu SMP Sun Aug 30 17:39:23 UTC 2009 i686
GNU/Linux with g++ (Ubuntu 4.4.1-4ubuntu1) 4.4.1 (Ubuntu Karmic)
}}}
On Ubuntu Hardy with boost 1.34.1, the problem does not appear.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/3460> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:01 UTC