#62 segfault caused by ARE options parsing code


The ARE options parsing code looks for ARE options flags at the beginning of the expression. Thee ARE option flag definitions look something like the following:


The code currently assumes that any expression starting with "(?" starts with one of these ARE option strings. However, this causes expressions which start with non-capturing groups to be improperly parsed. For example:

(?:dont capture x)?but capture y

is parsed as an ARE option string (which happens to contain the "x" flag!), not as 0 or 1 occurances of the string "dont capture x". Since the parsing code assumes the expression is valid, the expression which remains after the improper ARE options parsing would be:

?but capture y

which then tries to reference the portion of the expression prior to the "?". The end result of this is a segfault.

This bug was observed on Solaris 10 using the expect-20081003.tar.gz tarball.

I've attached a patch to correct this behavior by verifying that the initial "(? ... )" string contains only characters understood to be ARE options flag characters. If any non-flag characters are found the string is left to the main parsing loop to deal with. Otherwise, it is treated as a list of ARE options and consumed. Please integrate this (or similar) fix into CVS at your earliest convenience! Thanks in advance.


  • Mike Cumings

    Mike Cumings - 2009-05-05

    Patch correcting improper parsing

  • Mike Cumings

    Mike Cumings - 2009-05-05

    Same patch as unified diff

  • Andreas Kupries

    Andreas Kupries - 2009-05-07
    • assigned_to: nobody --> andreas_kupries
    • status: open --> closed-fixed
  • Andreas Kupries

    Andreas Kupries - 2009-05-07

    Fixed in CVS head, version bumped to


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks