touch-packages team mailing list archive

[Richard Hansen <1521043@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

less 458 crashes if there are enough capture groups in the regular
expression used for search:

    newline=$(printf \\nx); newline=${newline%x}
    echo x | LESS="+g/(((((x)))))${newline}" less

On amd64, the above produces a segfault:

    Segmentation fault (core dumped)

On i386, the above triggers an assert:

    *** Error in `less': double free or corruption (fasttop): 0x0887f9e8 ***
    Aborted

** Affects: less (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: less (Debian)
     Importance: Unknown
         Status: Unknown


** Tags: trusty wily

** Bug watch added: Debian Bug tracker #707824
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707824

** Also affects: less (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707824
   Importance: Unknown
       Status: Unknown

** Summary changed:

- less crashes if regex has many groups
+ less crashes if search regex has many groups

** Description changed:

- less crashes if there are enough capture groups in the regular
+ less 458 crashes if there are enough capture groups in the regular
  expression used for search:
  
-     newline=$(printf \\nx)
-     newline=${newline%x}
-     echo x | LESS="+g/(((((x)))))${newline}" less
+     newline=$(printf \\nx)
+     newline=${newline%x}
+     echo x | LESS="+g/(((((x)))))${newline}" less
  
  On amd64, the above produces a segfault:
  
-     Segmentation fault (core dumped)
+     Segmentation fault (core dumped)
  
  On i386, the above triggers an assert:
  
-     *** Error in `less': double free or corruption (fasttop): 0x0887f9e8 ***
-     Aborted
+     *** Error in `less': double free or corruption (fasttop): 0x0887f9e8 ***
+     Aborted

** Summary changed:

- less crashes if search regex has many groups
+ less 458 crashes if search regex has many groups

** Tags added: trusty wily

** Description changed:

  less 458 crashes if there are enough capture groups in the regular
  expression used for search:
  
-     newline=$(printf \\nx)
-     newline=${newline%x}
+     newline=$(printf \\nx); newline=${newline%x}
      echo x | LESS="+g/(((((x)))))${newline}" less
  
  On amd64, the above produces a segfault:
  
      Segmentation fault (core dumped)
  
  On i386, the above triggers an assert:
  
      *** Error in `less': double free or corruption (fasttop): 0x0887f9e8 ***
      Aborted

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to less in Ubuntu.
https://bugs.launchpad.net/bugs/1521043

Title:
  less 458 crashes if search regex has many groups

Status in less package in Ubuntu:
  New
Status in less package in Debian:
  Unknown

Bug description:
  less 458 crashes if there are enough capture groups in the regular
  expression used for search:

      newline=$(printf \\nx); newline=${newline%x}
      echo x | LESS="+g/(((((x)))))${newline}" less

  On amd64, the above produces a segfault:

      Segmentation fault (core dumped)

  On i386, the above triggers an assert:

      *** Error in `less': double free or corruption (fasttop): 0x0887f9e8 ***
      Aborted

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/less/+bug/1521043/+subscriptions