AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-28 07:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

regex: fix buffer read overrun in search [BZ#28470]

Browse Source 
Problem reported by Benno Schulenberg in:
https://lists.gnu.org/r/bug-gnulib/2021-10/msg00035.html
* posix/regexec.c (re_search_internal): Use better bounds check.
This commit is contained in:
Paul Eggert 2021-11-24 14:16:09 -08:00
parent c58d3b7d00
commit c52ef24829
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
posix/regexec.c
View File

@ -758,10 +758,9 @@ re_search_internal (const regex_t *preg, const char *string, Idx length,
offset = match_first - mctx.input.raw_mbs_idx; offset = match_first - mctx.input.raw_mbs_idx;
} }
/* If MATCH_FIRST is out of the buffer, leave it as '\0'. /* Use buffer byte if OFFSET is in buffer, otherwise '\0'. */
Note that MATCH_FIRST must not be smaller than 0. */ ch = (offset < mctx.input.valid_len
ch = (match_first >= length ? re_string_byte_at (&mctx.input, offset) : 0);
? 0 : re_string_byte_at (&mctx.input, offset));
if (fastmap[ch]) if (fastmap[ch])
break; break;
match_first += incr; match_first += incr;