This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
[glibc] Fix bad pointer / leak in regex code
- From: Paul Eggert <eggert at sourceware dot org>
- To: glibc-cvs at sourceware dot org
- Date: 21 Aug 2019 18:02:23 -0000
- Subject: [glibc] Fix bad pointer / leak in regex code
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8a80ee5e2bab17a1f8e1e78fab5c33ac7efa8b29
commit 8a80ee5e2bab17a1f8e1e78fab5c33ac7efa8b29
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed Aug 21 09:25:22 2019 -0700
Fix bad pointer / leak in regex code
This was found by Coverity (CID 1484201). [BZ#24844]
* posix/regex_internal.c (create_cd_newstate): Fix use of bad
pointer and/or memory leak when storage is exhausted.
Diff:
---
ChangeLog | 7 +++++++
posix/regex_internal.c | 10 +++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5e07cee..2db09d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2019-08-21 Paul Eggert <eggert@cs.ucla.edu>
+
+ Fix bad pointer / leak in regex code
+ This was found by Coverity (CID 1484201). [BZ#24844]
+ * posix/regex_internal.c (create_cd_newstate): Fix use of bad
+ pointer and/or memory leak when storage is exhausted.
+
2019-08-21 Zack Weinberg <zackw@panix.com>
* misc/syslog.c (__vsyslog_internal)
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 9004ce8..f53ded9 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -1716,15 +1716,19 @@ create_cd_newstate (const re_dfa_t *dfa, const re_node_set *nodes,
{
if (newstate->entrance_nodes == &newstate->nodes)
{
- newstate->entrance_nodes = re_malloc (re_node_set, 1);
- if (__glibc_unlikely (newstate->entrance_nodes == NULL))
+ re_node_set *entrance_nodes = re_malloc (re_node_set, 1);
+ if (__glibc_unlikely (entrance_nodes == NULL))
{
free_state (newstate);
return NULL;
}
+ newstate->entrance_nodes = entrance_nodes;
if (re_node_set_init_copy (newstate->entrance_nodes, nodes)
!= REG_NOERROR)
- return NULL;
+ {
+ free_state (newstate);
+ return NULL;
+ }
nctx_nodes = 0;
newstate->has_constraint = 1;
}