[PATCH] Fix segfault in calc_eclosure_iter

[PATCH] Fix segfault in calc_eclosure_iter

[Jakub Jelinek]

Hi!

The first test below segfaults at regcomp time (and second/third as well),
because calc_eclosure_iter accesses *dfa->edests[node].elems even if
dfa->edests[node].nelem == 0.
It doesn't really matter much whether we call duplicate_node_closure
or not (as if we call it in this case, it will be a nop:
dfa->nodes[node].type == ANCHOR, therefore it is != OP_BACK_REF,
but nelem is 0, so all the loop will do is dfa->nexts[node] = dfa->nexts[node];
and break out of the cycle and return with REG_NOERROR),
but certainly we must avoid dereferening elems in that case.

2004-11-09  Jakub Jelinek  <jakub@redhat.com>

	* posix/regcomp.c (calc_eclosure_iter): Don't access
	dfa->edests[node].elems[0] if dfa->edests[node].nelem == 0.
	* posix/rxspencer/tests: Add 5 new tests.

--- libc/posix/regcomp.c.jj	2004-11-09 12:26:44.000000000 +0100
+++ libc/posix/regcomp.c	2004-11-09 13:32:26.851737074 +0100
@@ -1602,7 +1602,9 @@ calc_eclosure_iter (new_set, dfa, node, 
 		? dfa->nodes[node].opr.ctx_type : 0);
   /* If the current node has constraints, duplicate all nodes.
      Since they must inherit the constraints.  */
-  if (constraint && !dfa->nodes[dfa->edests[node].elems[0]].duplicated)
+  if (constraint
+      && dfa->edests[node].nelem
+      && !dfa->nodes[dfa->edests[node].elems[0]].duplicated)
     {
       int org_node, cur_node;
       org_node = cur_node = node;
--- libc/posix/rxspencer/tests.jj	2004-11-09 13:04:35.393211245 +0100
+++ libc/posix/rxspencer/tests	2004-11-09 13:47:27.810041104 +0100
@@ -505,3 +505,8 @@ Char \([a-z0-9_]*\)\[.*	b	Char xyz[k	Cha
 a?b	-	ab	ab
 -\{0,1\}[0-9]*$	b	-5	-5
 a*a*a*a*a*a*a*	&	aaaaaa	aaaaaa
+(\b){0}	-	x	@x	-
+\(\b\)\{0,0\}	b	abc	@abc	-
+a(\b){0}c	-	ac	ac	-
+a(.*)b(\0){0}c	-	abc	abc	@bc,-
+a(.*)b(\0){0}c	-	axbc	axbc	x,-

	Jakub