Sources Bugzilla – Bug 14780
[PATCH] handle malloc() and realloc() failures in regcomp()
Last modified: 2013-01-17 14:10:10 UTC
Created attachment 6705 [details] Patch for regcomp.c Hi, currently, regcomp() misses a lot of checks for memory allocation failures, and it also does not properly release memory on error paths. This means a malloc error usually causes either a SEGV or a memory leak. The attached patch (regex.diff) adds the return value checks and memory deallocation on failures.
Created attachment 6706 [details] patch w/ malloc() fuzzing, used for testing
Created attachment 6707 [details] test case
I have been debugging this issue by fuzzing re_malloc() and re_realloc(), making them randomly return NULL. The patch with added fuzzing is attached as regex-fuzzed.diff . testcase.c has been used to exercise the modified regcomp(). Memory violations or leaks have been tested using valgrind: valgrind --leak-check=full --show-reachable=yes --trace-children=yes ./testrun.sh ./testcase
Created attachment 6708 [details] handle malloc() and realloc() failures in regcomp() patch updated for current glibc git
Thanks for the patch. Please use the following wiki document as a guideline: http://sourceware.org/glibc/wiki/Contribution%20checklist and post your patch for review on the libc-alpha mailing list: http://www.gnu.org/software/libc/development.html