This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Fix regex segfaults

From: Jakub Jelinek <jakub at redhat dot com>
To: Ulrich Drepper <drepper at redhat dot com>, Roland McGrath <roland at redhat dot com>
Cc: Glibc hackers <libc-hacker at sources dot redhat dot com>
Date: Mon, 10 Nov 2003 22:16:08 +0100
Subject: [PATCH] Fix regex segfaults
Reply-to: Jakub Jelinek <jakub at redhat dot com>

Hi!

The following patch seems to fix
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109606
The problem is that only valid_len wchar_t's are meaningful in wcs
array, while len can be much larger.
valid_len covers complete characters (if mbrtowc during conversion
returns -2, conversion stops and valid_len is not increased by the
partial bytes, if it returns -1 or 0 then that char is stored into
wcs (so it is not WEOF).

2003-11-10  Jakub Jelinek  <jakub@redhat.com>

	* posix/regex_internal.h (re_string_char_size_at): Don't look beyond
	valid_len wide chars.

--- libc/posix/regex_internal.h.jj	2003-09-23 17:03:01.000000000 +0200
+++ libc/posix/regex_internal.h	2003-11-10 14:44:13.000000000 +0100
@@ -702,7 +702,7 @@ re_string_char_size_at (pstr, idx)
   int byte_idx;
   if (MB_CUR_MAX == 1)
     return 1;
-  for (byte_idx = 1; idx + byte_idx < pstr->len; ++byte_idx)
+  for (byte_idx = 1; idx + byte_idx < pstr->valid_len; ++byte_idx)
     if (pstr->wcs[idx + byte_idx] != WEOF)
       break;
   return byte_idx;

	Jakub

Follow-Ups:
- Re: [PATCH] Fix regex segfaults
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]