[Mono-bugs] [Bug 594121] New: Regex crashes with an out of memory exception

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue Apr 6 15:38:20 EDT 2010 

http://bugzilla.novell.com/show_bug.cgi?id=594121

http://bugzilla.novell.com/show_bug.cgi?id=594121#c0


           Summary: Regex crashes with an out of memory exception
    Classification: Mono
           Product: Mono: Class Libraries
           Version: SVN
          Platform: All
        OS/Version: Ubuntu
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: System
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: bojanr at brandeis.edu
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


Created an attachment (id=352677)
 --> (http://bugzilla.novell.com/attachment.cgi?id=352677)
Test case to reproduce the bug.

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.4
(KHTML, like Gecko) Chrome/5.0.368.0 Safari/533.4

When using the new regex engine in SVN trunk, Mono crashes with an out of
memory exception on the regular expression ^+. grep happily accepts the same
regular expression and behaves correctly with regards to it (returning every
line that begins with +). Using the MONO_OLD_RX environment variable does
remedy the behavior, but it's unacceptably slow, with the attached test case
taking more than a minute and a half to run on my 2 GHz Core Duo processor.
More information follows:

mono --version:

[mono] bojan at caprica:/home/bojan/Source
[0] $ time MONO_OLD_RX=1 mono regex-test.exe 
1 matches!

real    2m7.697s
user    1m22.877s
sys    0m0.136s

gmcs --version:

Mono C# compiler version 2.7.0.0

Output from time MONO_OLD_RX=1 mono regex-test.exe:

[mono] bojan at caprica:/home/bojan/Source
[0] $ time MONO_OLD_RX=1 mono regex-test.exe 
1 matches!

real    2m7.697s
user    1m22.877s
sys    0m0.136s

Stack trace from OutOfMemoryException:

Unhandled Exception: System.OutOfMemoryException: Out of memory
at (wrapper managed-to-native) object.__icall_wrapper_mono_array_new_specific
(intptr,int) <0x00004>
at System.Text.RegularExpressions.RxInterpreter/IntStack.Push (int) <0x0006a>
at (wrapper dynamic-method)
System.Text.RegularExpressions.RxInterpreter.Eval_11
(System.Text.RegularExpressions.RxInterpreter,int,int&) <0x000ac>
at System.Text.RegularExpressions.RxInterpreter.Scan
(System.Text.RegularExpressions.Regex,string,int,int) <0x00043>
at System.Text.RegularExpressions.Regex.Match (string,int) <0x00043>
at System.Text.RegularExpressions.Regex.Matches (string,int) <0x00016>
at System.Text.RegularExpressions.Regex.Matches (string) <0x00025>
at RegexTest.Main (string[]) <0x0007c>

Tracing the runtime with mono --trace shows that there's an (infinite) loop in
the regex interpreter, as such:

[0xb74c46f0: 325.60753 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.60759 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
1, )
[0xb74c46f0: 325.60766 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.60772 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
0, )
[0xb74c46f0: 325.60779 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.60785 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
1, )
[0xb74c46f0: 325.60792 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.60799 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
0, )
[0xb74c46f0: 325.60805 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.60812 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
1, )
[0xb74c46f0: 325.60818 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.61154 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
0, )
[0xb74c46f0: 325.61195 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.61202 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
1, )
[0xb74c46f0: 325.61209 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.61215 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
0, )
[0xb74c46f0: 325.61296 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.61303 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
1, )
[0xb74c46f0: 325.61310 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.61316 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
0, )
[0xb74c46f0: 325.61323 7] LEAVE:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)
[0xb74c46f0: 325.61329 7] ENTER:
System.Text.RegularExpressions.RxInterpreter/IntStack:Push (int)(value:0x52ed0,
1, )

This goes on for about 3657201 lines of ENTER/LEAVE tracing, and would've kept
going longer if I hadn't stopped it.

Reproducible: Always

Steps to Reproduce:
1. Download test case.
2. Compile.
3. Run

Actual Results:  
OutOfMemoryException.

Expected Results:  
Returning the correct number of matches.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list