This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] regexec.c fixes

From: Jakub Jelinek <jakub at redhat dot com>
To: Ulrich Drepper <drepper at redhat dot com>, Roland McGrath <roland at redhat dot com>
Cc: Glibc hackers <libc-hacker at sources dot redhat dot com>
Date: Wed, 19 Nov 2003 15:51:58 +0100
Subject: [PATCH] regexec.c fixes
Reply-to: Jakub Jelinek <jakub at redhat dot com>

Hi!

Just 2 small things:
a) re_string_reconstruct ensures pstr->valid_len == pstr->len
   for mb_cur_max == 1 !icase !trans (ie. the simplest case
   where mbs/mbs_case simply point at raw_mbs + raw_mbs_idx).
   Setting it to anything else is wrong (valid_len could
   well be set to value bigger than len, so routines which
   check valid_len could fall off the cliff).
b) extend_buffers calls re_string_realloc_buffers (pstr, pstr->bufs_len * 2)
   (ie. doubles the size of buffers).  But re_string_realloc_buffers
   also sets pstr->bufs_len to the new size, so when extend_buffers
   later uses pstr->bufs_len * 2, it is IMHO twice as many as needed.
   Removing * 2 is not right (efence showed up the code can read/write
   state_log[bufs_len]), but I think + 1 matches the initial state_log
   allocation (which is dfa->nodes_len + 1, not dfa->nodes_len * 2).

2003-11-19  Jakub Jelinek  <jakub@redhat.com>

	* posix/regexec.c (extend_buffers): Don't allocate
	twice as big state_log as needed.  Don't modify pstr->valid_len
	for mb_cur_max == 1 !icase !trans.

--- libc/posix/regexec.c.jj	2003-11-19 10:24:36.000000000 +0100
+++ libc/posix/regexec.c	2003-11-19 17:45:51.000000000 +0100
@@ -3840,7 +3840,7 @@ extend_buffers (mctx)
       /* And double the length of state_log.  */
       re_dfastate_t **new_array;
       new_array = re_realloc (mctx->state_log, re_dfastate_t *,
-			      pstr->bufs_len * 2);
+			      pstr->bufs_len + 1);
       if (BE (new_array == NULL, 0))
 	return REG_ESPACE;
       mctx->state_log = new_array;
@@ -3866,8 +3866,6 @@ extend_buffers (mctx)
 	{
 	  if (pstr->trans != NULL)
 	    re_string_translate_buffer (pstr);
-	  else
-	    pstr->valid_len = pstr->bufs_len;
 	}
     }
   return REG_NOERROR;

	Jakub

Follow-Ups:
- Re: [PATCH] regexec.c fixes
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]