This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Fix buffer overrun in regexp matcher


On Tue, Jan 29, 2013 at 05:13:35PM +0100, Andreas Schwab wrote:
> When extending regex buffers, make sure we allocate enough room for the
> state log.  Merely doubling the space may not be enough if the current
> node has accepted a long run of characters.  This part of the code only
> triggers with multibyte characters.
> 
> @@ -1160,7 +1160,7 @@ check_matching (re_match_context_t *mctx, int fl_longest_match,
>  	  || (BE (next_char_idx >= mctx->input.valid_len, 0)
>  	      && mctx->input.valid_len < mctx->input.len))
>  	{
> -	  err = extend_buffers (mctx);
> +	  err = extend_buffers (mctx, next_char_idx + 1);
>  	  if (BE (err != REG_NOERROR, 0))
>  	    {
>  	      assert (err == REG_ESPACE);
Would not be simpler to avoid changing extend_buffers by writing 
	  err = extend_buffers (MAX (mctx, next_char_idx + 1));


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]