* [PATCH] Fix regex from reading uninitialized memory
@ 2004-01-13 23:29 Jakub Jelinek
2004-01-14 1:45 ` Ulrich Drepper
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2004-01-13 23:29 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: Glibc hackers
Hi!
2004-01-14 Jakub Jelinek <jakub@redhat.com>
* posix/regcomp.c (peek_token_bracket): Check remaining
string length before re_string_peek_byte (x, 1).
(parse_bracket_symbol): Likewise.
* posix/regex_internal.h (re_string_is_single_byte_char): Return
true at last byte in the string.
* posix/bug-regex22.c (main): Add new test.
--- libc/posix/regcomp.c.jj 2004-01-12 10:52:38.000000000 +0100
+++ libc/posix/regcomp.c 2004-01-14 00:16:17.000000000 +0100
@@ -1881,7 +1881,8 @@ peek_token_bracket (token, input, syntax
}
#endif /* RE_ENABLE_I18N */
- if (c == '\\' && (syntax & RE_BACKSLASH_ESCAPE_IN_LISTS))
+ if (c == '\\' && (syntax & RE_BACKSLASH_ESCAPE_IN_LISTS)
+ && re_string_cur_idx (input) + 1 < re_string_length (input))
{
/* In this case, '\' escape a character. */
unsigned char c2;
@@ -1895,7 +1896,10 @@ peek_token_bracket (token, input, syntax
{
unsigned char c2;
int token_len;
- c2 = re_string_peek_byte (input, 1);
+ if (re_string_cur_idx (input) + 1 < re_string_length (input))
+ c2 = re_string_peek_byte (input, 1);
+ else
+ c2 = 0;
token->opr.c = c2;
token_len = 2;
switch (c2)
@@ -3268,14 +3272,18 @@ parse_bracket_symbol (elem, regexp, toke
{
unsigned char ch, delim = token->opr.c;
int i = 0;
+ if (re_string_eoi(regexp))
+ return REG_EBRACK;
for (;; ++i)
{
- if (re_string_eoi(regexp) || i >= BRACKET_NAME_BUF_SIZE)
+ if (i >= BRACKET_NAME_BUF_SIZE)
return REG_EBRACK;
if (token->type == OP_OPEN_CHAR_CLASS)
ch = re_string_fetch_byte_case (regexp);
else
ch = re_string_fetch_byte (regexp);
+ if (re_string_eoi(regexp))
+ return REG_EBRACK;
if (ch == delim && re_string_peek_byte (regexp, 0) == ']')
break;
elem->opr.name[i] = ch;
--- libc/posix/regex_internal.h.jj 2004-01-12 10:52:38.000000000 +0100
+++ libc/posix/regex_internal.h 2004-01-14 00:18:48.000000000 +0100
@@ -408,7 +408,7 @@ static unsigned char re_string_fetch_byt
#define re_string_first_byte(pstr, idx) \
((idx) == (pstr)->valid_len || (pstr)->wcs[idx] != WEOF)
#define re_string_is_single_byte_char(pstr, idx) \
- ((pstr)->wcs[idx] != WEOF && ((pstr)->valid_len == (idx) \
+ ((pstr)->wcs[idx] != WEOF && ((pstr)->valid_len == (idx) + 1 \
|| (pstr)->wcs[(idx) + 1] != WEOF))
#define re_string_eoi(pstr) ((pstr)->stop <= (pstr)->cur_idx)
#define re_string_cur_idx(pstr) ((pstr)->cur_idx)
--- libc/posix/bug-regex22.c.jj 2004-01-06 23:00:49.000000000 +0100
+++ libc/posix/bug-regex22.c 2004-01-14 00:19:52.000000000 +0100
@@ -97,6 +97,16 @@ main (void)
memset (&re, 0, sizeof (re));
re.translate = trans;
+ s = re_compile_pattern ("[[:DIGIT:]]", 11, &re);
+ if (s == NULL)
+ {
+ printf ("compilation of \"[[:DIGIT:]]\" pattern unexpectedly succeeded: %s\n",
+ s);
+ result = 1;
+ }
+
+ memset (&re, 0, sizeof (re));
+ re.translate = trans;
s = re_compile_pattern ("[[:DIGIT:]]", 2, &re);
if (s == NULL)
{
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Fix regex from reading uninitialized memory
2004-01-13 23:29 [PATCH] Fix regex from reading uninitialized memory Jakub Jelinek
@ 2004-01-14 1:45 ` Ulrich Drepper
0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Drepper @ 2004-01-14 1:45 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Glibc hackers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jakub Jelinek wrote:
> * posix/regcomp.c (peek_token_bracket): Check remaining
> string length before re_string_peek_byte (x, 1).
> (parse_bracket_symbol): Likewise.
> * posix/regex_internal.h (re_string_is_single_byte_char): Return
> true at last byte in the string.
> * posix/bug-regex22.c (main): Add new test.
Applied.
- --
⧠Ulrich Drepper ⧠Red Hat, Inc. ⧠444 Castro St ⧠Mountain View, CA â
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFABJ5+2ijCOnn/RHQRAtTdAJ4wVN40O5++i+Wlv4zNn5BhGsUeXwCfQ8oq
32Ku/ymoshH6kgIMXRnG8T8=
=/2/U
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-01-14 1:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-01-13 23:29 [PATCH] Fix regex from reading uninitialized memory Jakub Jelinek
2004-01-14 1:45 ` Ulrich Drepper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).