From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10363 invoked by alias); 18 Mar 2019 23:27:26 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 10348 invoked by uid 89); 18 Mar 2019 23:27:26 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-17.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=H*x:Mailer, H*UA:Mailer, Shall, HX-Languages-Length:1031 X-Spam-Status: No, score=-17.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: shared-ano163.rev.nazwa.pl Received: from shared-ano163.rev.nazwa.pl (HELO shared-ano163.rev.nazwa.pl) (85.128.223.163) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 18 Mar 2019 23:27:24 +0000 X-Virus-Scanned: by amavisd-new using ClamAV (12) X-Spam-Flag: NO X-Spam-Score: 0 Received: from poczta.nazwa.pl (unknown [10.252.0.71]) by id16c608407a.nazwa.pl (Postfix) with ESMTP id DE4401C2DD8; Tue, 19 Mar 2019 00:27:20 +0100 (CET) Date: Tue, 01 Jan 2019 00:00:00 -0000 From: Rafal Luzynski To: Aurelien Jarno , libc-stable@sourceware.org Cc: Paul Eggert Message-ID: <1004103621.41197.1552951132012@poczta.nazwa.pl> In-Reply-To: <20190316223151.29219-1-aurelien@aurel32.net> References: <20190316223151.29219-1-aurelien@aurel32.net> Subject: Re: [2.29 COMMITTED] regex: fix read overrun [BZ #24114] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.8.4-Rev47 X-Originating-Client: com.openexchange.ox.gui.dhtml X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00006.txt.bz2 16.03.2019 23:31 Aurelien Jarno wrote: > [...] > diff --git a/ChangeLog b/ChangeLog > index 90558e434ce..fb88626efe1 100644 > --- a/ChangeLog > +++ b/ChangeLog > @@ -1,3 +1,11 @@ > +2019-01-31 Paul Eggert > + > + regex: fix read overrun [BZ #24114] > + Problem found by AddressSanitizer, reported by Hongxu Chen in: > + https://debbugs.gnu.org/34140 > + * posix/regexec.c (proceed_next_node): > + Do not read past end of input buffer. > + As far as I know the date in the ChangeLog should be the date when the change was pushed to the git repository, not when the patch was authored. In case of the stable branches it should be the date when it was pushed to the stable branch, not when it was pushed to master. Shall we change this? Here is a correct example: > 2019-03-13 Stefan Liebler > > * elf/dl-sysdep.c (_dl_show_auxv): Remove condition and always The same issue in 2.28 branch. Regards, Rafal