This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.29.9000-2-g583dd86

From: eggert at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 31 Jan 2019 21:19:00 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.29.9000-2-g583dd86

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  583dd860d5b833037175247230a328f0050dbfe9 (commit)
      from  2bac7daa58da1a313bd452369b0508b31e146637 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=583dd860d5b833037175247230a328f0050dbfe9

commit 583dd860d5b833037175247230a328f0050dbfe9
Author: Paul Eggert <eggert@cs.ucla.edu>
Date:   Mon Jan 21 11:08:13 2019 -0800

    regex: fix read overrun [BZ #24114]
    
    Problem found by AddressSanitizer, reported by Hongxu Chen in:
    https://debbugs.gnu.org/34140
    * posix/regexec.c (proceed_next_node):
    Do not read past end of input buffer.

diff --git a/ChangeLog b/ChangeLog
index 05e13e6..62d732e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
+
+	regex: fix read overrun [BZ #24114]
+	Problem found by AddressSanitizer, reported by Hongxu Chen in:
+	https://debbugs.gnu.org/34140
+	* posix/regexec.c (proceed_next_node):
+	Do not read past end of input buffer.
+
 2019-01-31  Florian Weimer  <fweimer@redhat.com>
 
 	[BZ #24059]
@@ -18002,7 +18010,7 @@
 	(CFLAGS-wcstof_l.c): Likewise.
 	(CPPFLAGS-tst-wchar-h.c): Likewise.
 	(CPPFLAGS-wcstold_l.c): Likewise.
----
+
 2017-12-11  Paul A. Clarke  <pc@us.ibm.com>
 
 	* sysdeps/ieee754/flt-32/s_cosf.c: New implementation.
diff --git a/posix/regexec.c b/posix/regexec.c
index 91d5a79..084b122 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
 	      else if (naccepted)
 		{
 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
-		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
-			      naccepted) != 0)
+		  if (mctx->input.valid_len - *pidx < naccepted
+		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+				  naccepted)
+			  != 0))
 		    return -1;
 		}
 	    }

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |   10 +++++++++-
 posix/regexec.c |    6 ++++--
 2 files changed, 13 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]