This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Fix buffer overrun in regexp matcher

From: OndÅej BÃlka <neleai at seznam dot cz>
To: Andreas Schwab <schwab at suse dot de>
Cc: libc-alpha at sourceware dot org
Date: Thu, 31 Jan 2013 09:47:22 +0100
Subject: Re: [PATCH] Fix buffer overrun in regexp matcher
References: <mvma9rsq85s.fsf@hawking.suse.de>

On Tue, Jan 29, 2013 at 05:13:35PM +0100, Andreas Schwab wrote:
> When extending regex buffers, make sure we allocate enough room for the
> state log.  Merely doubling the space may not be enough if the current
> node has accepted a long run of characters.  This part of the code only
> triggers with multibyte characters.
> 
> @@ -1160,7 +1160,7 @@ check_matching (re_match_context_t *mctx, int fl_longest_match,
>  	  || (BE (next_char_idx >= mctx->input.valid_len, 0)
>  	      && mctx->input.valid_len < mctx->input.len))
>  	{
> -	  err = extend_buffers (mctx);
> +	  err = extend_buffers (mctx, next_char_idx + 1);
>  	  if (BE (err != REG_NOERROR, 0))
>  	    {
>  	      assert (err == REG_ESPACE);
Would not be simpler to avoid changing extend_buffers by writing 
	  err = extend_buffers (MAX (mctx, next_char_idx + 1));

Follow-Ups:
- Re: [PATCH] Fix buffer overrun in regexp matcher
  - From: Andreas Schwab

References:
- [PATCH] Fix buffer overrun in regexp matcher
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]