From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1780 invoked by alias); 4 Feb 2008 14:11:04 -0000 Received: (qmail 1094 invoked by uid 48); 4 Feb 2008 14:10:15 -0000 Date: Mon, 04 Feb 2008 14:11:00 -0000 Message-ID: <20080204141015.1093.qmail@sourceware.org> From: "jakub at redhat dot com" To: glibc-bugs-regex@sources.redhat.com In-Reply-To: <20080204132153.5718.rrt@sc3d.org> References: <20080204132153.5718.rrt@sc3d.org> Reply-To: sourceware-bugzilla@sourceware.org Subject: [Bug regex/5718] Uninitialised struct member in re_compile_internal causes crash in regfree X-Bugzilla-Reason: CC Mailing-List: contact glibc-bugs-regex-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-regex-owner@sourceware.org X-SW-Source: 2008-02/txt/msg00004.txt.bz2 ------- Additional Comments From jakub at redhat dot com 2008-02-04 14:10 ------- GNU APIs don't allow translate, fastmap etc. to be initialized manually, they require it. re_compile_pattern initializes only some fields of the structure, others are already supposed to be initialized before by the caller. E.g. info regex on translate says: If you don't want Regex to do any translation, put zero into this field. You'll get weird results if you change the table's contents anytime between compiling the pattern buffer, compiling its fastmap, and matching or searching with the pattern buffer. >>From this it is clear that you must initialize translate before calling re_compile_pattern, either to NULL, or to a translate table. From the info it is not obvious that a valid translate table must be malloced, but e.g. the old regfree shows that that has been always necessary. void regfree (preg) regex_t *preg; { if (preg->buffer != NULL) free (preg->buffer); preg->buffer = NULL; preg->allocated = 0; preg->used = 0; if (preg->fastmap != NULL) free (preg->fastmap); preg->fastmap = NULL; preg->fastmap_accurate = 0; if (preg->translate != NULL) free (preg->translate); preg->translate = NULL; } The easiest is memset (&re, 0, sizeof (re)); before passing &re to re_compile_pattern (or rely on some other zero initialization) and if you need, set some fields in between. -- What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID http://sourceware.org/bugzilla/show_bug.cgi?id=5718 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.