This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] fix crash for sed "script" /\(\)/x

An empty subexpression in the presence of REG_NOSUB may cause a CONCAT node to have a NULL children, and this would crash in calc_first.

The attached patch cures it by not optimizing the empty subexpression in the first place. It ought not to be very common, so we do not lose much.

Paolo 
2005-02-10  Paolo Bonzini  <bonzini@gnu.org>

	* posix/regcomp.c (lower_subexp): Do not optimize empty
	subexpressions even with REG_NOSUB.
	* posix/rxspencer/tests: Add a previously failing testcase.

--- orig/regcomp.c
+++ mod/regcomp.c
@@ -1321,6 +1321,11 @@ lower_subexp (err, preg, node)
   bin_tree_t *op, *cls, *tree1, *tree;
 
   if (preg->no_sub
+      /* We do not optimize empty subexpressions, because otherwise we may
+	 have bad CONCAT nodes with NULL children.  This is obviously not
+	 very common, so we do not lose much.  An example that triggers
+	 this case is the sed "script" /\(\)/x.  */
+      && node->left
       && (node->token.opr.idx >= 8 * sizeof (dfa->used_bkref_map)
 	  || !(dfa->used_bkref_map & (1 << node->token.opr.idx))))
     return node->left;
--- orig/rxspencer/tests
+++ mod/rxspencer/tests
@@ -376,6 +376,7 @@
 a[bc]d		-	xyzaaabcaababdacd	abd
 a[ab]c		-	aaabc	abc
 abc		s	abc	abc
+()		s	abc	@abc
 a*		&	b	@b
 
 # Let's have some fun -- try to match a C comment.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]