Sourceware Bugzilla – Bug 1291
size-overflow bugs in the regex code
Last modified: 2012-12-01 16:47:23 UTC
The regex code currently misbehaves badly if there's an arithmetic
overflow when calculating sizes, e.g., when doubling buffer sizes.
I'll attach a patch for all the instances of this that I found. These
patches are conservative, in the sense that when I couldn't determine
whether an overflow was possible, I inserted a run-time check.
Created attachment 645 [details]
add some size-overflow checks to regex code
Just to preempt Ulrich, with whom I agree in this case, the patch as is does not
Please redo the patch without the Idx type, as it could be a good thing to have.
Paul, could you recreate the patch so that it applies cleanly against the current git head?
Paul, could you redo the patch for current glibc, please?