Bug#510196: seg fault with 'grep -i' on multiple files

[Kyrian]

Good grief, I'd almost completely forgotten about this bug.
This combination of files causes a segfault:

r...@mybox:/tmp# grep -i -A1 -m1 ^word *.txt
a.txt:word 1
Segmentation fault
r...@blackwidow:/tmp#  cat a.txt
word 1
to
your
momma

r...@mybox:/tmp# cat b.txt
word 2
to
your
papa

r...@mybox:/tmp# cat c.txt
word 3
to
your
MP


r...@mybox:/tmp#

Removing the '-i' from the grep commandline results in correct function.

With '-i':

- removing blank lines doesn't fix it
- changing 'word [1-3]' to 'word [a-c]' in the files doesn't fix it.
- running as a non-privileged user doesn't either.
- removing lines up to 2-per-file doesn't work.

Only going back to just one line per file doesn't work.

With 4 lines per file:

- Using '-m1' in the grep command seg faults.
- Using '-m2' in the grep command works.
- Using '-m3' in the grep command works.
- Using '-m4' in the grep command works.
- Using '-m1' but removing '-A1' works.
- Using '-A2' through to '-A5' instead of '-A1' all segfault.

Anyway, enough mucking about, strace of the segfaulting behaviour shows:

stat64("a.txt", {st_mode=S_IFREG|0644, st_size=21, ...}) = 0
open("a.txt", O_RDONLY|O_LARGEFILE)     = 3
read(3, "word 1\nto\nyour\nmomma\n", 32768) = 21
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 9), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0xb7efd000
write(1, "a.txt:word 1\n", 13
)          = 13
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 32205 detached
r...@mybox:/tmp#

I have manually edited out the "a.txt:word 1" which is normal output  
that appears in the middle of the strace output.

And ltrace shows:

memchr("to\nyour\nmomma\n", '\n', 14)            = 0x8063009
__ctype_get_mb_cur_max(6, 10, 0x8063000, 119, 0xb7dcd8ac) = 6
memchr("to\nyour\nmomma\n", '\n', 2)             = NULL
re_search(0x8060970, 0x8063007, 0xf7f9cff9, 0, 0xf7f9cff9) = -1
memchr("\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"..., '\n', 134623240 <unfinished  
...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
r...@mybox:/tmp#

All of which seems to indicate it segfaults after processing the first  
file, and before starting on the next one.

--
Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
  ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org