[PATCH] Fix segfault in calc_eclosure_iter
Jakub Jelinek
jakub@redhat.com
Tue Nov 9 12:58:00 GMT 2004
Hi!
The first test below segfaults at regcomp time (and second/third as well),
because calc_eclosure_iter accesses *dfa->edests[node].elems even if
dfa->edests[node].nelem == 0.
It doesn't really matter much whether we call duplicate_node_closure
or not (as if we call it in this case, it will be a nop:
dfa->nodes[node].type == ANCHOR, therefore it is != OP_BACK_REF,
but nelem is 0, so all the loop will do is dfa->nexts[node] =
dfa->nexts[node];
and break out of the cycle and return with REG_NOERROR),
but certainly we must avoid dereferening elems in that case.
2004-11-09 Jakub Jelinek <jakub@redhat.com>
* posix/regcomp.c (calc_eclosure_iter): Don't access
dfa->edests[node].elems[0] if dfa->edests[node].nelem == 0.
* posix/rxspencer/tests: Add 5 new tests.
--- libc/posix/regcomp.c.jj 2004-11-09 12:26:44.000000000 +0100
+++ libc/posix/regcomp.c 2004-11-09 13:32:26.851737074 +0100
@@ -1602,7 +1602,9 @@ calc_eclosure_iter (new_set, dfa, node,
? dfa->nodes[node].opr.ctx_type : 0);
/* If the current node has constraints, duplicate all nodes.
Since they must inherit the constraints. */
- if (constraint && !dfa->nodes[dfa->edests[node].elems[0]].duplicated)
+ if (constraint
+ && dfa->edests[node].nelem
+ && !dfa->nodes[dfa->edests[node].elems[0]].duplicated)
{
int org_node, cur_node;
org_node = cur_node = node;
--- libc/posix/rxspencer/tests.jj 2004-11-09 13:04:35.393211245 +0100
+++ libc/posix/rxspencer/tests 2004-11-09 13:47:27.810041104 +0100
@@ -505,3 +505,8 @@ Char \([a-z0-9_]*\)\[.* b Char xyz[k Cha
a?b - ab ab
-\{0,1\}[0-9]*$ b -5 -5
a*a*a*a*a*a*a* & aaaaaa aaaaaa
+(\b){0} - x @x -
+\(\b\)\{0,0\} b abc @abc -
+a(\b){0}c - ac ac -
+a(.*)b(\0){0}c - abc abc @bc,-
+a(.*)b(\0){0}c - axbc axbc x,-
Jakub
More information about the Libc-alpha
mailing list