[ruby-core:116395] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

newer
[ruby-core:116450] [Ruby master...

older
[ruby-core:117267] [Ruby master...

Sundeep (Sundeep Agarwal)

24 Jan 2024 24 Jan '24

2:41 a.m.

Issue #20207 has been reported by Sundeep (Sundeep Agarwal). ---------------------------------------- Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads https://bugs.ruby-lang.org/issues/20207 * Author: Sundeep (Sundeep Agarwal) * Status: Open * Priority: Normal * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- I'm getting segmentation fault for the following regexp with Ruby 3.3.0: ``` ruby puts 'clan'.match?(/(?=.*a)(?!.*n)/) ``` This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

Show replies by date

mame (Yusuke Endoh)

24 Jan 24 Jan

4:23 a.m.

New subject: [ruby-core:116400] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

Issue #20207 has been updated by mame (Yusuke Endoh). Assignee set to make_now_just (Hiroya Fujinami) ---------------------------------------- Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads https://bugs.ruby-lang.org/issues/20207#change-106421 * Author: Sundeep (Sundeep Agarwal) * Status: Open * Priority: Normal * Assignee: make_now_just (Hiroya Fujinami) * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- I'm getting segmentation fault for the following regexp with Ruby 3.3.0: ``` ruby puts 'clan'.match?(/(?=.*a)(?!.*n)/) ``` This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

nobu (Nobuyoshi Nakada)

5:06 a.m.

New subject: [ruby-core:116402] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

Issue #20207 has been updated by nobu (Nobuyoshi Nakada). FYI, it raises a `SystemStackError`. ---------------------------------------- Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads https://bugs.ruby-lang.org/issues/20207#change-106423 * Author: Sundeep (Sundeep Agarwal) * Status: Open * Priority: Normal * Assignee: make_now_just (Hiroya Fujinami) * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- I'm getting segmentation fault for the following regexp with Ruby 3.3.0: ``` ruby puts 'clan'.match?(/(?=.*a)(?!.*n)/) ``` This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

byroot (Jean Boussier)

6:11 a.m.

New subject: [ruby-core:116408] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

Issue #20207 has been updated by byroot (Jean Boussier). @nobu I do get a SEGV on both x86_64 and ARM64: ``` -- C level backtrace information ------------------------------------------- /opt/rubies/3.3.0/lib/libruby.3.3.dylib(rb_vm_bugreport+0xb4c) [0x100fd6534] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(rb_bug_for_fatal_signal+0x100) [0x100e197c8] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(sig_do_nothing+0x0) [0x100f3e14c] /usr/lib/system/libsystem_platform.dylib(_sigtramp+0x38) [0x18494da24] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(match_at+0x21dc) [0x100f1d744] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(onig_search_gpos+0x694) [0x100f25b04] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(rb_reg_match_p+0x1cc) [0x100f09448] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(vm_call_cfunc_with_frame_+0xf0) [0x100fc9228] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(vm_exec_core+0x2048) [0x100faef80] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(rb_vm_exec+0x1ec) [0x100fabdc4] /opt/rubies/3.3.0/lib/libruby.3.3.dylib(rb_f_eval+0x1d8) [0x100fbaf7c] ``` ---------------------------------------- Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads https://bugs.ruby-lang.org/issues/20207#change-106430 * Author: Sundeep (Sundeep Agarwal) * Status: Open * Priority: Normal * Assignee: make_now_just (Hiroya Fujinami) * Backport: 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED ---------------------------------------- I'm getting segmentation fault for the following regexp with Ruby 3.3.0: ``` ruby puts 'clan'.match?(/(?=.*a)(?!.*n)/) ``` This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

byroot (Jean Boussier)

6:13 a.m.

New subject: [ruby-core:116409] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

Issue #20207 has been updated by byroot (Jean Boussier). Also ruby-head backtrace: ``` BUG] Segmentation fault at 0x0000000000000008 ruby 3.4.0dev (2024-01-24T10:33:25Z master 0f417d640d) [x86_64-linux] -- Control frame information ----------------------------------------------- c:0003 p:---- s:0012 e:000011 CFUNC :match? c:0002 p:0007 s:0007 e:000005 EVAL -:1 [FINISH] c:0001 p:0000 s:0003 E:001010 DUMMY [FINISH] -- Ruby level backtrace information ---------------------------------------- -:1:in `<main>' -:1:in `match?' -- Threading information --------------------------------------------------- Total ractor count: 1 Ruby thread count for this ractor: 1 -- Machine register context ------------------------------------------------ RIP: 0x00007f7d2e74dfbd RBP: 0x00007ffec7b14a40 RSP: 0x00007ffec7b12a20 RAX: 0x0000000000000008 RBX: 0x00007ffec7b14aa0 RCX: 0x0000000000000000 RDX: 0x0000000000000002 RDI: 0x0000000000000008 RSI: 0x0000000000000008 R8: 0x00007ffec7b14980 R9: 0x0000000000000001 R10: 0x00005572ce2d8391 R11: 0x0000000000000009 R12: 0x0000000000000000 R13: 0x00005572ce05d500 R14: 0x0000000000000004 R15: 0x00007ffec7b12100 EFL: 0x0000000000010297 -- C level backtrace information ------------------------------------------- /opt/ruby/lib/libruby.so.3.4(rb_print_backtrace+0x14) [0x7f7d2e824371] /ruby/vm_dump.c:820 /opt/ruby/lib/libruby.so.3.4(rb_vm_bugreport) /ruby/vm_dump.c:1151 /opt/ruby/lib/libruby.so.3.4(rb_bug_for_fatal_signal+0x104) [0x7f7d2e617984] /ruby/error.c:1065 /opt/ruby/lib/libruby.so.3.4(sigsegv+0x4d) [0x7f7d2e76fbdd] /ruby/signal.c:926 /lib/x86_64-linux-gnu/libc.so.6(0x7f7d2e152520) [0x7f7d2e152520] /opt/ruby/lib/libruby.so.3.4(match_at+0x60d) [0x7f7d2e74dfbd] /ruby/regexec.c:4125 /opt/ruby/lib/libruby.so.3.4(onig_search_gpos+0x67d) [0x7f7d2e757d9d] /ruby/regexec.c:5370 /opt/ruby/lib/libruby.so.3.4(onig_search+0x1a) [0x7f7d2e75827a] /ruby/regexec.c:5099 /opt/ruby/lib/libruby.so.3.4(reg_onig_search+0x42) [0x7f7d2e734792] /ruby/re.c:1725 /opt/ruby/lib/libruby.so.3.4(rb_reg_onig_match+0x93) [0x7f7d2e739243] /ruby/re.c:1661 /opt/ruby/lib/libruby.so.3.4(rb_reg_match_p+0xfb) [0x7f7d2e73b96b] /ruby/re.c:3824 /opt/ruby/lib/libruby.so.3.4(vm_cfp_consistent_p+0x0) [0x7f7d2e7f5dc4] /ruby/vm_insnhelper.c:3492 ``` ---------------------------------------- Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads https://bugs.ruby-lang.org/issues/20207#change-106431 * Author: Sundeep (Sundeep Agarwal) * Status: Open * Priority: Normal * Assignee: make_now_just (Hiroya Fujinami) * Backport: 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED ---------------------------------------- I'm getting segmentation fault for the following regexp with Ruby 3.3.0: ``` ruby puts 'clan'.match?(/(?=.*a)(?!.*n)/) ``` This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

alanwu (Alan Wu)

5:27 p.m.

New subject: [ruby-core:116432] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

Issue #20207 has been updated by alanwu (Alan Wu). I get a SEGV on darwin if I run it repeatedly. With Valgrind on Linux I get: ``` ==216941== Invalid read of size 4 ==216941== at 0x4AA75B0: match_at (regexec.c:3894) ==216941== by 0x4AB0D2C: onig_search_gpos (regexec.c:5361) ==216941== by 0x4AB1209: onig_search (regexec.c:5090) ==216941== by 0x4A8D811: reg_onig_search (re.c:1725) ==216941== by 0x4A922B2: rb_reg_onig_match (re.c:1661) ==216941== by 0x4A949EA: rb_reg_match_p (re.c:3821) ``` Which points to the following: ``` CASE(OP_POP_POS) MOP_IN(OP_POP_POS); { STACK_POS_END(stkp); s = stkp->u.state.pstr; sprev = stkp->u.state.pstr_prev; } MOP_OUT;

...

...
...
JUMP;


----------------------------------------
Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads
https://bugs.ruby-lang.org/issues/20207#change-106454

* Author: Sundeep (Sundeep Agarwal)
* Status: Open
* Priority: Normal
* Assignee: make_now_just (Hiroya Fujinami)
* Backport: 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED
----------------------------------------
I'm getting segmentation fault for the following regexp with Ruby 3.3.0:

``` ruby
puts 'clan'.match?(/(?=.*a)(?!.*n)/)

This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

naruse (Yui NARUSE)

20 Mar 20 Mar

6:17 p.m.

New subject: [ruby-core:117269] [Ruby master Bug#20207] Segmentation fault for a regexp containing positive and negative lookaheads

Issue #20207 has been updated by naruse (Yui NARUSE). Backport changed from 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED to 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED, 3.3: DONE ruby_3_3 00cb72157a60c20a9b9d9fe81fc974ea83d672b4 merged revision(s) 3e6e3ca2627b1aa71b17de902cc1b8188246a828. ---------------------------------------- Bug #20207: Segmentation fault for a regexp containing positive and negative lookaheads https://bugs.ruby-lang.org/issues/20207#change-107394 * Author: Sundeep (Sundeep Agarwal) * Status: Closed * Assignee: make_now_just (Hiroya Fujinami) * Backport: 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED, 3.3: DONE ---------------------------------------- I'm getting segmentation fault for the following regexp with Ruby 3.3.0: ``` ruby puts 'clan'.match?(/(?=.*a)(?!.*n)/) ``` This is the minimal example for which I was able to produce the issue. `a` and `n` in the above example are just a sample, can be other character combinations too. There has to be at least two characters before them in the input string (`cl` in the above example). The error is seen when the above code is run from a file, but only occasionally from irb. When run from a file, most of the time I get segmentation fault (see attached log file), but sometimes I get the following error: ``` ruby lookaround.rb:1:in `match?': undefined bytecode (bug): /(?=.*a)(?!.*n)/ (RegexpError) from lookaround.rb:1:in `<main>' ``` When asked in the r/ruby forum, somebody else was able to reproduce this issue. They also mentioned that the issue wasn't seen in the Ruby 3.2.2 version. ---Files-------------------------------- lookaround_segfault.log (15.9 KB) -- https://bugs.ruby-lang.org/

500

Age (days ago)

556

Last active (days ago)

List overview

Download

6 comments

6 participants

participants (6)

alanwu (Alan Wu)
byroot (Jean Boussier)
mame (Yusuke Endoh)
naruse (Yui NARUSE)
nobu (Nobuyoshi Nakada)
Sundeep (Sundeep Agarwal)