Sources Bugzilla – Bug 14780
[PATCH] handle malloc() and realloc() failures in regcomp()
Last modified: 2013-01-17 14:10:10 UTC
Created attachment 6705 [details]
Patch for regcomp.c
currently, regcomp() misses a lot of checks for memory allocation
failures, and it also does not properly release memory on error paths.
This means a malloc error usually causes either a SEGV or a memory
The attached patch (regex.diff) adds the return value checks and
memory deallocation on failures.
Created attachment 6706 [details]
patch w/ malloc() fuzzing, used for testing
Created attachment 6707 [details]
I have been debugging this issue by fuzzing re_malloc() and
re_realloc(), making them randomly return NULL. The patch with added
fuzzing is attached as regex-fuzzed.diff . testcase.c has been used to
exercise the modified regcomp().
Memory violations or leaks have been tested using valgrind: valgrind
--leak-check=full --show-reachable=yes --trace-children=yes
Created attachment 6708 [details]
handle malloc() and realloc() failures in regcomp()
patch updated for current glibc git
Thanks for the patch. Please use the following wiki document as a guideline:
and post your patch for review on the libc-alpha mailing list: