From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <eggert@cs.ucla.edu>
Received: from zimbra.cs.ucla.edu (zimbra.cs.ucla.edu [131.179.128.68])
 by sourceware.org (Postfix) with ESMTPS id 927FE3858D39
 for <libc-alpha@sourceware.org>; Tue, 19 Oct 2021 08:57:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 927FE3858D39
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=cs.ucla.edu
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 12740160083;
 Tue, 19 Oct 2021 01:57:28 -0700 (PDT)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id C9Tr-UKmmfqV; Tue, 19 Oct 2021 01:57:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 1E73D16008A;
 Tue, 19 Oct 2021 01:57:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id pUQJevCj0Yff; Tue, 19 Oct 2021 01:57:27 -0700 (PDT)
Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com
 [172.91.119.151])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id EBB69160083;
 Tue, 19 Oct 2021 01:57:26 -0700 (PDT)
Content-Type: multipart/mixed; boundary="------------8iV0zGfSnjBjGBQwnJCtjKxd"
Message-ID: <b662b6a9-d798-5ddd-1048-a161ab0778b0@cs.ucla.edu>
Date: Tue, 19 Oct 2021 01:57:26 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.1.2
Content-Language: en-US
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: libc-alpha@sourceware.org
References: <20211018221548.76024-1-eggert@cs.ucla.edu>
 <8735oxsct4.fsf@igel.home> <b7b2f9ee-a4dc-01ee-b9fa-ee3f8f36cb0f@cs.ucla.edu>
 <87tuhdqv48.fsf@igel.home>
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
Subject: Re: [PATCH] regex: fix buffer read overrun in search [BZ#28470]
In-Reply-To: <87tuhdqv48.fsf@igel.home>
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, NICE_REPLY_A, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2021 08:57:29 -0000

This is a multi-part message in MIME format.
--------------8iV0zGfSnjBjGBQwnJCtjKxd
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 10/19/21 01:25, Andreas Schwab wrote:
> On Okt 19 2021, Paul Eggert wrote:
> 
>> +	      ch = (mctx.input.valid_len <= offset
> 
> This is backwards.

It's correct as-is, so that comment is merely about style. I revamped 
the patch to turn the comparison around; see attached. Let's not have 
our longstanding style disagreement distract us from the fix.
--------------8iV0zGfSnjBjGBQwnJCtjKxd
Content-Type: text/x-patch; charset=UTF-8;
 name="0001-regex-fix-buffer-read-overrun-in-search-BZ-28470.patch"
Content-Disposition: attachment;
 filename*0="0001-regex-fix-buffer-read-overrun-in-search-BZ-28470.patch"
Content-Transfer-Encoding: base64

RnJvbSA3YmU1ZTY4ODFjZmQxODAwNmNhYzExNmQyN2UzOThhZTM0MmJhNTM2IE1vbiBTZXAg
MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIEVnZ2VydCA8ZWdnZXJ0QGNzLnVjbGEuZWR1
PgpEYXRlOiBNb24sIDE4IE9jdCAyMDIxIDE1OjAwOjIxIC0wNzAwClN1YmplY3Q6IFtQQVRD
SF0gcmVnZXg6IGZpeCBidWZmZXIgcmVhZCBvdmVycnVuIGluIHNlYXJjaCBbQlojMjg0NzBd
CgpQcm9ibGVtIHJlcG9ydGVkIGJ5IEJlbm5vIFNjaHVsZW5iZXJnIGluOgpodHRwczovL2xp
c3RzLmdudS5vcmcvci9idWctZ251bGliLzIwMjEtMTAvbXNnMDAwMzUuaHRtbAoqIHBvc2l4
L3JlZ2V4ZWMuYyAocmVfc2VhcmNoX2ludGVybmFsKTogVXNlIGJldHRlciBib3VuZHMgY2hl
Y2suCi0tLQogcG9zaXgvcmVnZXhlYy5jIHwgNyArKystLS0tCiAxIGZpbGUgY2hhbmdlZCwg
MyBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Bvc2l4L3Jl
Z2V4ZWMuYyBiL3Bvc2l4L3JlZ2V4ZWMuYwppbmRleCA4M2U5YWFmOGNhLi42YWViYTNjMGI0
IDEwMDY0NAotLS0gYS9wb3NpeC9yZWdleGVjLmMKKysrIGIvcG9zaXgvcmVnZXhlYy5jCkBA
IC03NTgsMTAgKzc1OCw5IEBAIHJlX3NlYXJjaF9pbnRlcm5hbCAoY29uc3QgcmVnZXhfdCAq
cHJlZywgY29uc3QgY2hhciAqc3RyaW5nLCBJZHggbGVuZ3RoLAogCiAJCSAgb2Zmc2V0ID0g
bWF0Y2hfZmlyc3QgLSBtY3R4LmlucHV0LnJhd19tYnNfaWR4OwogCQl9Ci0JICAgICAgLyog
SWYgTUFUQ0hfRklSU1QgaXMgb3V0IG9mIHRoZSBidWZmZXIsIGxlYXZlIGl0IGFzICdcMCcu
Ci0JCSBOb3RlIHRoYXQgTUFUQ0hfRklSU1QgbXVzdCBub3QgYmUgc21hbGxlciB0aGFuIDAu
ICAqLwotCSAgICAgIGNoID0gKG1hdGNoX2ZpcnN0ID49IGxlbmd0aAotCQkgICAgPyAwIDog
cmVfc3RyaW5nX2J5dGVfYXQgKCZtY3R4LmlucHV0LCBvZmZzZXQpKTsKKwkgICAgICAvKiBV
c2UgYnVmZmVyIGJ5dGUgaWYgT0ZGU0VUIGlzIGluIGJ1ZmZlciwgb3RoZXJ3aXNlICdcMCcu
ICAqLworCSAgICAgIGNoID0gKG9mZnNldCA8IG1jdHguaW5wdXQudmFsaWRfbGVuCisJCSAg
ICA/IHJlX3N0cmluZ19ieXRlX2F0ICgmbWN0eC5pbnB1dCwgb2Zmc2V0KSA6IDApOwogCSAg
ICAgIGlmIChmYXN0bWFwW2NoXSkKIAkJYnJlYWs7CiAJICAgICAgbWF0Y2hfZmlyc3QgKz0g
aW5jcjsKLS0gCjIuMzEuMQoK
--------------8iV0zGfSnjBjGBQwnJCtjKxd--