grep has a bug on Sonoma (an assertion failure: advance > 0)

Number:rdar://FB13229196 Date Originated:10/03/2023
Status:Open Resolved:
Product: Product Version:
Classification: Reproducible:
grep is broken on Sonoma:

    printf '%s' '3.2.57(1)-release' | grep -o '[0-9.]*'
    Assertion failed: (advance > 0), function procline, file util.c, line 732.
    zsh: done       printf '%s' '3.2.57(1)-release' | 
    zsh: abort      grep -o '[0-9.]*'

This bug breaks our automation scripts for bringing up new dev machines,
and I imagine that this will cause other critical (but difficult to pinpoint)
problems for others as well.

For minimal reproducers, see:

    # fails
    printf '%s' 'a' | grep -o 'b*'
    # works
    printf '%s' 'a' | grep -o 'b'
    # also works (note: without -o flag)
    printf '%s' 'a' | grep 'b*'

This is the source for the assertion:

For your convenience, the surrounding code:

				 * rdar://problem/86536080 - if our first match
				 * was 0-length, we wouldn't progress past that
				 * point.  Incrementing nst here ensures that if
				 * no other pattern matches, we'll restart the
				 * search at one past the 0-length match and
				 * either make progress or end the search.
				if (pmatch.rm_so == pmatch.rm_eo) {
					if (MB_CUR_MAX > 1) {
						wchar_t wc;
						int advance;

						advance = mbtowc(&wc,

						assert(advance > 0);
						nst += advance;
					} else {

My guess would be that attempting to fix rdar://problem/86536080 resulted in a new bug.


A proof of concept fix

I have a proof of concept fix for the bug (and the analysis thereof) here:

More discussion here:

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!