This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch, master, updated. glibc-2.13-236-g8887a92
- From: drepper at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 28 May 2011 21:16:40 -0000
- Subject: GNU C Library master sources branch, master, updated. glibc-2.13-236-g8887a92
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 8887a920a4b81a500f54893250085e0d1a52cf9a (commit)
via 4f031072a5055abd83717820b59efdaa463d5853 (commit)
from 9ce9d0ec9001a7e7ac25653f3026233cdd1c0b1f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8887a920a4b81a500f54893250085e0d1a52cf9a
commit 8887a920a4b81a500f54893250085e0d1a52cf9a
Author: Ulrich Drepper <drepper@gmail.com>
Date: Sat May 28 17:14:30 2011 -0400
Fix unnecessary overallocation due to incomplete character
When incomplete characters are found at the end of a string the
code ran amok and allocated lots of memory. Stricter limits
are now in place.
diff --git a/ChangeLog b/ChangeLog
index eeafebd..6df2b05 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
2011-05-28 Ulrich Drepper <drepper@gmail.com>
+ [BZ #12811]
+ * posix/regex_internal.c (build_wcs_buffer): Don't signal we have to
+ grow the buffers more if it already has to be sufficient.
+ (build_wcs_upper_buffer): Likewise.
+ * posix/regexec.c (check_matching): Likewise.
+ (clean_state_log_if_needed): Likewise.
+ (extend_buffers): Don't enlarge buffers beyond size of the input
+ buffer.
+ Patches mostly by Emil Wojak <emil@wojak.eu>.
+ * posix/bug-regex32.c: New file.
+ * posix/Makefile (tests): Add bug-regex32.
+
* locale/findlocale.c (_nl_find_locale): Return right away if
_nl_explode_name failed.
* locale/programs/locarchive.c (add_locale_to_archive): Likewise.
diff --git a/NEWS b/NEWS
index 0b52c3e..333ecc6 100644
--- a/NEWS
+++ b/NEWS
@@ -17,7 +17,7 @@ Version 2.14
12545, 12551, 12582, 12583, 12587, 12597, 12601, 12611, 12625, 12626,
12631, 12650, 12653, 12655, 12660, 12671, 12681, 12685, 12711, 12713,
12714, 12717, 12723, 12724, 12734, 12738, 12746, 12766, 12775, 12777,
- 12782, 12788, 12792, 12795, 12813, 12814
+ 12782, 12788, 12792, 12795, 12811, 12813, 12814
* The RPC implementation in libc is obsoleted. Old programs keep working
but new programs cannot be linked with the routines in libc anymore.
diff --git a/posix/Makefile b/posix/Makefile
index e89f21e..499d53d 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -82,7 +82,7 @@ tests := tstgetopt testfnm runtests runptests \
bug-regex17 bug-regex18 bug-regex19 bug-regex20 \
bug-regex21 bug-regex22 bug-regex23 bug-regex24 \
bug-regex25 bug-regex26 bug-regex27 bug-regex28 \
- bug-regex29 bug-regex30 bug-regex31 \
+ bug-regex29 bug-regex30 bug-regex31 bug-regex32 \
tst-nice tst-nanosleep tst-regex2 \
transbug tst-rxspencer tst-pcre tst-boost \
bug-ga1 tst-vfork1 tst-vfork2 tst-vfork3 tst-waitid \
diff --git a/posix/bug-regex32.c b/posix/bug-regex32.c
new file mode 100644
index 0000000..525232c
--- /dev/null
+++ b/posix/bug-regex32.c
@@ -0,0 +1,36 @@
+// BZ 12811
+#include <regex.h>
+#include <stdio.h>
+#include <locale.h>
+
+static int
+do_test (void)
+{
+ char buf[1000];
+ regex_t preg;
+ if (setlocale (LC_CTYPE, "de_DE.UTF-8") == NULL)
+ {
+ puts ("setlocale failed");
+ return 1;
+ }
+
+ int e = regcomp (&preg, ".*ab", REG_ICASE);
+ if (e != 0)
+ {
+ regerror (e, &preg, buf, sizeof (buf));
+ printf ("regcomp = %d \"%s\"\n", e, buf);
+ return 1;
+ }
+
+ // Incomplete character at the end of the buffer
+ e = regexec (&preg, "aaaaaaaaaaaa\xc4", 0, NULL, 0);
+
+ regfree (&preg);
+ regerror (e, &preg, buf, sizeof (buf));
+ printf ("regexec = %d \"%s\"\n", e, buf);
+
+ return e != REG_NOMATCH;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 8183a29..285ae3b 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -237,13 +237,8 @@ build_wcs_buffer (re_string_t *pstr)
else
p = (const char *) pstr->raw_mbs + pstr->raw_mbs_idx + byte_idx;
mbclen = __mbrtowc (&wc, p, remain_len, &pstr->cur_state);
- if (BE (mbclen == (size_t) -2, 0))
- {
- /* The buffer doesn't have enough space, finish to build. */
- pstr->cur_state = prev_st;
- break;
- }
- else if (BE (mbclen == (size_t) -1 || mbclen == 0, 0))
+ if (BE (mbclen == (size_t) -1 || mbclen == 0
+ || (mbclen == (size_t) -2 && pstr->bufs_len >= pstr->len), 0))
{
/* We treat these cases as a singlebyte character. */
mbclen = 1;
@@ -252,6 +247,12 @@ build_wcs_buffer (re_string_t *pstr)
wc = pstr->trans[wc];
pstr->cur_state = prev_st;
}
+ else if (BE (mbclen == (size_t) -2, 0))
+ {
+ /* The buffer doesn't have enough space, finish to build. */
+ pstr->cur_state = prev_st;
+ break;
+ }
/* Write wide character and padding. */
pstr->wcs[byte_idx++] = wc;
@@ -334,9 +335,11 @@ build_wcs_upper_buffer (re_string_t *pstr)
for (remain_len = byte_idx + mbclen - 1; byte_idx < remain_len ;)
pstr->wcs[byte_idx++] = WEOF;
}
- else if (mbclen == (size_t) -1 || mbclen == 0)
+ else if (mbclen == (size_t) -1 || mbclen == 0
+ || (mbclen == (size_t) -2 && pstr->bufs_len >= pstr->len))
{
- /* It is an invalid character or '\0'. Just use the byte. */
+ /* It is an invalid character, an incomplete character
+ at the end of the string, or '\0'. Just use the byte. */
int ch = pstr->raw_mbs[pstr->raw_mbs_idx + byte_idx];
pstr->mbs[byte_idx] = ch;
/* And also cast it to wide char. */
@@ -449,7 +452,8 @@ build_wcs_upper_buffer (re_string_t *pstr)
for (remain_len = byte_idx + mbclen - 1; byte_idx < remain_len ;)
pstr->wcs[byte_idx++] = WEOF;
}
- else if (mbclen == (size_t) -1 || mbclen == 0)
+ else if (mbclen == (size_t) -1 || mbclen == 0
+ || (mbclen == (size_t) -2 && pstr->bufs_len >= pstr->len))
{
/* It is an invalid character or '\0'. Just use the byte. */
int ch = pstr->raw_mbs[pstr->raw_mbs_idx + src_idx];
diff --git a/posix/regexec.c b/posix/regexec.c
index 8d4475c..9e0c565 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -1,5 +1,5 @@
/* Extended regular expression matching and search library.
- Copyright (C) 2002-2005, 2007, 2009, 2010 Free Software Foundation, Inc.
+ Copyright (C) 2002-2005,2007,2009,2010,2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Isamu Hasegawa <isamu@yamato.ibm.com>.
@@ -1156,7 +1156,8 @@ check_matching (re_match_context_t *mctx, int fl_longest_match,
re_dfastate_t *old_state = cur_state;
int next_char_idx = re_string_cur_idx (&mctx->input) + 1;
- if (BE (next_char_idx >= mctx->input.bufs_len, 0)
+ if ((BE (next_char_idx >= mctx->input.bufs_len, 0)
+ && mctx->input.bufs_len < mctx->input.len)
|| (BE (next_char_idx >= mctx->input.valid_len, 0)
&& mctx->input.valid_len < mctx->input.len))
{
@@ -1732,7 +1733,8 @@ clean_state_log_if_needed (re_match_context_t *mctx, int next_state_log_idx)
{
int top = mctx->state_log_top;
- if (next_state_log_idx >= mctx->input.bufs_len
+ if ((next_state_log_idx >= mctx->input.bufs_len
+ && mctx->input.bufs_len < mctx->input.len)
|| (next_state_log_idx >= mctx->input.valid_len
&& mctx->input.valid_len < mctx->input.len))
{
@@ -4111,7 +4113,7 @@ extend_buffers (re_match_context_t *mctx)
return REG_ESPACE;
/* Double the lengthes of the buffers. */
- ret = re_string_realloc_buffers (pstr, pstr->bufs_len * 2);
+ ret = re_string_realloc_buffers (pstr, MIN (pstr->len, pstr->bufs_len * 2));
if (BE (ret != REG_NOERROR, 0))
return ret;
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4f031072a5055abd83717820b59efdaa463d5853
commit 4f031072a5055abd83717820b59efdaa463d5853
Author: Ulrich Drepper <drepper@gmail.com>
Date: Sat May 28 16:59:30 2011 -0400
Handle failure of _nl_explode_name in all cases
diff --git a/ChangeLog b/ChangeLog
index 8bfd290..eeafebd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2011-05-28 Ulrich Drepper <drepper@gmail.com>
+ * locale/findlocale.c (_nl_find_locale): Return right away if
+ _nl_explode_name failed.
+ * locale/programs/locarchive.c (add_locale_to_archive): Likewise.
+
* sysdeps/unix/sysv/linux/socketcall.h (SOCKOP_sendmmsg): Define.
* debug/xtrace.sh: Unify messages.
diff --git a/locale/findlocale.c b/locale/findlocale.c
index 6b88c96..2fec9a7 100644
--- a/locale/findlocale.c
+++ b/locale/findlocale.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-2001, 2002, 2003, 2006, 2010 Free Software Foundation, Inc.
+/* Copyright (C) 1996-2003, 2006, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -140,6 +140,9 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
*/
mask = _nl_explode_name (loc_name, &language, &modifier, &territory,
&codeset, &normalized_codeset);
+ if (mask == -1)
+ /* Memory allocate problem. */
+ return NULL;
/* If exactly this locale was already asked for we have an entry with
the complete name. */
diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
index 85ba77d..e95bcf1 100644
--- a/locale/programs/locarchive.c
+++ b/locale/programs/locarchive.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2002, 2003, 2005, 2007, 2009 Free Software Foundation, Inc.
+/* Copyright (C) 2002,2003,2005,2007,2009,2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@redhat.com>, 2002.
@@ -1079,6 +1079,8 @@ add_locale_to_archive (ah, name, data, replace)
int mask = _nl_explode_name (strdupa (name),
&language, &modifier, &territory,
&codeset, &normalized_codeset);
+ if (mask == -1)
+ return -1;
if (mask & XPG_NORM_CODESET)
/* This name contains a codeset in unnormalized form.
@@ -1128,6 +1130,7 @@ add_locale_to_archive (ah, name, data, replace)
/* Now read the locale.alias files looking for lines whose
right hand side matches our name after normalization. */
+ int result = 0;
if (alias_file != NULL)
{
FILE *fp;
@@ -1207,6 +1210,11 @@ add_locale_to_archive (ah, name, data, replace)
&rhs_territory,
&rhs_codeset,
&rhs_normalized_codeset);
+ if (rhs_mask == 1)
+ {
+ result = -1;
+ goto out;
+ }
if (!strcmp (language, rhs_language)
&& ((rhs_mask & XPG_CODESET)
/* He has a codeset, it must match normalized. */
@@ -1240,6 +1248,7 @@ add_locale_to_archive (ah, name, data, replace)
}
}
+ out:
fclose (fp);
}
@@ -1248,7 +1257,7 @@ add_locale_to_archive (ah, name, data, replace)
if (mask & XPG_NORM_CODESET)
free ((char *) normalized_codeset);
- return 0;
+ return result;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 16 ++++++++++++++++
NEWS | 2 +-
locale/findlocale.c | 5 ++++-
locale/programs/locarchive.c | 13 +++++++++++--
posix/Makefile | 2 +-
posix/bug-regex32.c | 36 ++++++++++++++++++++++++++++++++++++
posix/regex_internal.c | 24 ++++++++++++++----------
posix/regexec.c | 10 ++++++----
8 files changed, 89 insertions(+), 19 deletions(-)
create mode 100644 posix/bug-regex32.c
hooks/post-receive
--
GNU C Library master sources