|Summary:||regex backreference heap errors|
|Component:||regex||Assignee:||Not yet assigned to anyone <unassigned>|
Patch for use-after-free bug, from Assaf Gordon
Patch for heap-exhaustion bug
Description eggert 2018-09-06 07:10:37 UTC
Created attachment 11231 [details] Patch for use-after-free bug, from Assaf Gordon In <https://debbugs.gnu.org/32592#14> Saito Takaaki reported that a friend found a bug in GNU sed regex handling, and Assaf Gordon has found that this was due to use-after-free relating to the back-references. Assaf has a fix, which I'm attaching. In that same thread, Jim Meyering noted <https://debbugs.gnu.org/32592#35> that there was some seemingly-useless code immediately after Assaf's bug fix. I have looked into this, and it turns out that this code does not properly report an error when heap allocation fails; instead, it just trudges onward and does goodness knows what. I'll attach a second patch for this nearby bug.
Comment 1 eggert 2018-09-06 07:11:18 UTC
Created attachment 11232 [details] Patch for heap-exhaustion bug
Comment 2 eggert 2018-09-06 08:21:19 UTC
Assaf Gordon writes in <https://debbugs.gnu.org/32592#41> that the use-after-free bug was already reported as Bug#18040. The two bug reports should be merged.