Crash in `regex.replace`

[Lastique]

Make sure you completed the following tasks

• I searched the discussions
• I searched the closed and open issues
• I read the contribution guidelines

Environment and version details

• Operating System+version: Kubuntu 24.04
• Compiler+version: GCC 13.3
• Shell: Bash
• B2 Version: B2 5.4.2 (OS=LINUX, jobs=16) (built from revision 85252c9d6a3817daca23ddae94ce16c7be4d2c12 in tools/build)

Brief problem description

b2 crashes with SIGSEGV when regex.replace is used in a Jamfile like this:

import regex ;

rule check-linkflag-no-undefined ( properties * )
{
    local result ;

    if <link>shared in $(properties)
    {
        local props ;

        for local property in $(properties)
        {
            ECHO "Input property: $(property)" ;

            if [ MATCH "^(<(c|cxx|link)flags>.*-fsanitize=.+)$" : $(property) ]
            {
                property = [ regex.replace $(property) : "-fsanitize=[^\s]+\s*" : "" ] ;  # <- HERE
                # property = [ regex.transform $(property) : "^(.*)\s*$" : 1 ] ;
                if [ MATCH "^(<(c|cxx|link)flags>)\s*$" : $(property) ]
                {
                    continue ;
                }
            }

            ECHO "Output property: $(property)" ;

            props += $(property) ;
        }

        if [ configure.builds ../config//has_linkflag_no_undefined : $(props) : "has -Wl,--no-undefined" ]
        {
            result = <linkflags>"-Wl,--no-undefined" ;
        }
        else if [ configure.builds ../config//has_linkflag_undefined_error : $(props) : "has -Wl,-undefined,error" ]
        {
            result = <linkflags>"-Wl,-undefined,error" ;
        }
    }

    #ECHO Result: $(result) ;
    return $(result) ;
}

In my case, the property that triggers this is "-Wno-unused-local-typedefs -fsanitize=address -ftemplate-backtrace-limit=0".

Here is the backtrace:
b2_crash.txt

Steps to reproduce the issue

This issue appeared in my work-in-progress version of Boost.Filesystem Jamfile. To reproduce:

1. Open libs/filesystem/build/Jamfile.v2.
2. Replace the check-linkflag-no-undefined rule with the one presented above.
3. In Boost root, run b2:

b2 -j 8 --toolset=gcc cxxstd=17-gnu "cxxflags=-Wno-unused-local-typedefs -fsanitize=address -ftemplate-backtrace-limit=0" "linkflags=-fsanitize=address" variant=debug debug-symbols=on threading=multi runtime-link=shared link=static libs/filesystem/test

Actual behavior summary

The build crashes with SIGSEGV.

Expected behavior summary

b2 should not crash.

[Lastique]

Replacing regex.replace with this:

                property = [ string.join [ regex.transform $(property) : "^(.*)-fsanitize=[^\s]+\s*(.*?)$" : 1 2 ] ] ;

also crashes.

[grisumbras]

It turns out, the problem is that the rule is supposed to be called as regex.replace arg arg arg (not as regex.replace arg : arg : arg). The native function expects that something higher in the chain checks arguments, but the argument checking for bound native functions is broken.

https://github.com/bfgroup/b2/blob/main/src/engine/bindjam.cpp#L608-L619 — here an argument spec is supposed to be created, but instead every bound function using this mechanism gets the spec *, which leads to no checking. If the disabled part is re-enabled b2 correctly checks the arguments.

@grafikrobot do you remember why you disabled argument checking? The commit that did it is a9e07ed.