Null-pointer dereference in agrep for expression "{+}{7}"

Question

Null-pointer dereference in agrep for expression "{+}{7}"

Sjlver opened this issue 8 years ago · 0 comments

Running agrep '{+}{7}' leads to a null-pointer dereference:

==24104==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000051f502 bp 0x000000000000 sp 0x7ffc522f13c0 T0)
==24104==The signal is caused by a READ memory access.
==24104==Hint: address points to the zero page.
    #0 0x51f501 in tre_match_empty lib/tre-compile.c:1256:17
    #1 0x511a3e in tre_compute_nfl lib/tre-compile.c:1488:12
    #2 0x511a3e in tre_compile lib/tre-compile.c:1997
    #3 0x530464 in tre_regncomp lib/regcomp.c:93:9
    #4 0x50c7af in main src/agrep.c:743:13

This issue was found using LLVM's LibFuzzer.