Package: libonig-dev
Version: 5.2.0-1
Severity: grave
The following (see below) simple C program produces a SEGV in
onig_new. To see this, compile the code using, e.g.,
gcc bug.c -lonig
and then run it:
./a.out
On my debian etch system, I see:
Segmentation fault (core dumped)
I set the severity level to grave because this bug makes the library
unusable to me.
Valgrind shows where the error occurs:
==1902== Invalid read of size 4
==1902== at 0x43F0025: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x4402089: onigenc_unicode_apply_all_case_fold (in
/usr/lib/libonig.so.2.0.0)
==1902== by 0x43F09AD: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F1A1D: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F1B18: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F171E: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F1A1D: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F1B18: (within /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F1CEE: onig_parse_make_tree (in /usr/lib/libonig.so.2.0.0)
==1902== by 0x43F8921: onig_compile (in /usr/lib/libonig.so.2.0.0)
Here is the code to bug.c:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <oniguruma.h>
int main (int argc, char **argv)
{
const UChar *pattern;
OnigErrorInfo err_info;
int status;
regex_t *re;
int i;
for (i = 0; i < 2; i++)
{
pattern = (UChar *) "(?i)[a-z][a-z]+";
status = onig_new (&re, pattern, pattern + strlen ((char *)pattern),
ONIG_OPTION_NONE, ONIG_ENCODING_UTF8,
ONIG_SYNTAX_PERL, &err_info);
onig_free (re);
if (status != ONIG_NORMAL)
{
fprintf (stderr, "onig_new failed\n");
return 1;
}
}
return 0;
}
Thanks,
--John
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
