On Sun, 22 Jan 2023 at 17:07:05 +0000, Simon McVittie wrote:
> On Sat, 07 Jan 2023 at 22:07:31 +0000, Matthew Vernon wrote:
> > I'm struggling a bit here; I wanted to try and bisect pcre2 upstream commits
> > to see where this bug might have been introduced (or get to the bottom of
> > what link-grammar's test is doing wrong, I see they've been troublesome in
> > the past cf #975696).
>
> # apt install git
> # git clone https://github.com/PCRE2Project/pcre2
> # cd /root/pcre2
> # git checkout pcre2-10.42
> # ./autogen.sh
> # ./configure CFLAGS="-fsanitize=address -fno-omit-frame-pointer
> -fsanitize=undefined" --prefix=/usr
> # make
> # ( cd /root/link-grammar-5.11.0~dfsg && debuild
> -eASAN_OPTIONS=detect_leaks=0 -eDEB_BUILD_OPTIONS="noopt
> sanitize=+address,+undefined" -eLD_PRELOAD=libasan.so.8
> -eLD_LIBRARY_PATH=/root/pcre2/.libs -us -uc -b )
> ... tests fail ...
Bisection suggests that the first bad commit is d90fb238 "Refactor
match_data() to always use the heap instead of having an initial frames
vector on the stack; some consequential adjustmentsneeded.", which seems
like a plausible place to have introduced a heap overflow.
smcv
