[PATCH] regexec: do not infloop on calloc failure
Jim Meyering
jim@meyering.net
Tue Dec 28 17:19:00 GMT 2010
Jim Meyering wrote:
> Testing grep, I was surprised to be able to make it infloop.
> Even more surprised to find that glibc's regex code was at fault.
> Here's the fix:
>
>>From 00d7a845c48a12163d2b053fa8923df01f27277b Mon Sep 17 00:00:00 2001
Humph.
That probably didn't even compile.
Here's a better one:
>From 994f37633f28e3ab4a80d0249c06ef816298919e Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 27 Dec 2010 08:35:22 +0100
Subject: [PATCH] regexec: do not infloop on calloc failure
[BZ #12348]
* posix/regexec.c (build_trtable): Return failure indication upon
calloc failure. Otherwise, re_search_internal could infloop on OOM.
---
ChangeLog | 6 ++++++
posix/regexec.c | 2 ++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e86929e..31b8a73 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-12-27 Jim Meyering <meyering@redhat.com>
+
+ [BZ #12348]
+ * posix/regexec.c (build_trtable): Return failure indication upon
+ calloc failure. Otherwise, re_search_internal could infloop on OOM.
+
2010-12-25 Ulrich Drepper <drepper@gmail.com>
[BZ #12201]
diff --git a/posix/regexec.c b/posix/regexec.c
index 7f7ae31..8d4475c 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -3373,6 +3373,8 @@ build_trtable (const re_dfa_t *dfa, re_dfastate_t *state)
{
state->trtable = (re_dfastate_t **)
calloc (sizeof (re_dfastate_t *), SBC_MAX);
+ if (BE (state->trtable == NULL, 0))
+ return 0;
return 1;
}
return 0;
--
1.7.3.4
More information about the Libc-alpha
mailing list