public inbox for glibc-bugs-regex@sourceware.org
help / color / mirror / Atom feed
* [Bug regex/1291] New: size-overflow bugs in the regex code
@ 2005-09-02 22:51 eggert at gnu dot org
2005-09-02 22:52 ` [Bug regex/1291] " eggert at gnu dot org
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: eggert at gnu dot org @ 2005-09-02 22:51 UTC (permalink / raw)
To: glibc-bugs-regex
The regex code currently misbehaves badly if there's an arithmetic
overflow when calculating sizes, e.g., when doubling buffer sizes.
I'll attach a patch for all the instances of this that I found. These
patches are conservative, in the sense that when I couldn't determine
whether an overflow was possible, I inserted a run-time check.
--
Summary: size-overflow bugs in the regex code
Product: glibc
Version: 2.3.5
Status: NEW
Severity: normal
Priority: P2
Component: regex
AssignedTo: gotom at debian dot or dot jp
ReportedBy: eggert at gnu dot org
CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
bugs at sources dot redhat dot com
BugsThisDependsOn: 1285
http://sources.redhat.com/bugzilla/show_bug.cgi?id=1291
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/1291] size-overflow bugs in the regex code
2005-09-02 22:51 [Bug regex/1291] New: " eggert at gnu dot org
@ 2005-09-02 22:52 ` eggert at gnu dot org
2006-04-25 18:21 ` drepper at redhat dot com
2006-04-26 7:16 ` bonzini at gnu dot org
2 siblings, 0 replies; 5+ messages in thread
From: eggert at gnu dot org @ 2005-09-02 22:52 UTC (permalink / raw)
To: glibc-bugs-regex
------- Additional Comments From eggert at gnu dot org 2005-09-02 22:52 -------
Created an attachment (id=645)
--> (http://sources.redhat.com/bugzilla/attachment.cgi?id=645&action=view)
add some size-overflow checks to regex code
--
http://sources.redhat.com/bugzilla/show_bug.cgi?id=1291
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/1291] size-overflow bugs in the regex code
2005-09-02 22:51 [Bug regex/1291] New: " eggert at gnu dot org
2005-09-02 22:52 ` [Bug regex/1291] " eggert at gnu dot org
@ 2006-04-25 18:21 ` drepper at redhat dot com
2006-04-26 7:16 ` bonzini at gnu dot org
2 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2006-04-25 18:21 UTC (permalink / raw)
To: glibc-bugs-regex
--
Bug 1291 depends on bug 1285, which changed state.
Bug 1285 Summary: regex code should use 'bool' (plus some bug fixes)
http://sourceware.org/bugzilla/show_bug.cgi?id=1285
What |Old Value |New Value
----------------------------------------------------------------------------
Status|NEW |WAITING
Status|WAITING |RESOLVED
Resolution| |WONTFIX
http://sourceware.org/bugzilla/show_bug.cgi?id=1291
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug regex/1291] size-overflow bugs in the regex code
2005-09-02 22:51 [Bug regex/1291] New: " eggert at gnu dot org
2005-09-02 22:52 ` [Bug regex/1291] " eggert at gnu dot org
2006-04-25 18:21 ` drepper at redhat dot com
@ 2006-04-26 7:16 ` bonzini at gnu dot org
2 siblings, 0 replies; 5+ messages in thread
From: bonzini at gnu dot org @ 2006-04-26 7:16 UTC (permalink / raw)
To: glibc-bugs-regex
------- Additional Comments From bonzini at gnu dot org 2006-04-26 07:15 -------
Just to preempt Ulrich, with whom I agree in this case, the patch as is does not
apply.
Please redo the patch without the Idx type, as it could be a good thing to have.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=1291
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-12-01 16:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-1291-132@http.sourceware.org/bugzilla/>
2012-02-06 14:09 ` [Bug regex/1291] size-overflow bugs in the regex code aj at suse dot de
2012-12-01 16:47 ` aj at suse dot de
2005-09-02 22:51 [Bug regex/1291] New: " eggert at gnu dot org
2005-09-02 22:52 ` [Bug regex/1291] " eggert at gnu dot org
2006-04-25 18:21 ` drepper at redhat dot com
2006-04-26 7:16 ` bonzini at gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).