aboutsummaryrefslogtreecommitdiff
path: root/posix
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@redhat.com>2011-11-29 10:52:22 +0100
committerAndreas Schwab <schwab@redhat.com>2011-11-30 11:03:20 +0100
commitf3a6cc0a560a17f32a3e90d2f20501a53cab6058 (patch)
tree52085ca0dbca778c7cdf92bf0ddebe8a6727a432 /posix
parentc5a0802a682dba23f92d47f0f99775aebfbe2539 (diff)
downloadglibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.zip
glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.gz
glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.bz2
Fix access after end of search string in regex matcher
Diffstat (limited to 'posix')
-rw-r--r--posix/fnmatch_loop.c4
-rw-r--r--posix/regcomp.c9
-rw-r--r--posix/regex_internal.h2
-rw-r--r--posix/regexec.c2
4 files changed, 8 insertions, 9 deletions
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
index 18a6667..72bd3ee 100644
--- a/posix/fnmatch_loop.c
+++ b/posix/fnmatch_loop.c
@@ -412,7 +412,7 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
_NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB);
# endif
- idx = findidx (&cp);
+ idx = findidx (&cp, 1);
if (idx != 0)
{
/* We found a table entry. Now see whether the
@@ -422,7 +422,7 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
int32_t idx2;
const UCHAR *np = (const UCHAR *) n;
- idx2 = findidx (&np);
+ idx2 = findidx (&np, string_end - n);
if (idx2 != 0
&& (idx >> 24) == (idx2 >> 24)
&& len == weights[idx2 & 0xffffff])
diff --git a/posix/regcomp.c b/posix/regcomp.c
index b238c08..34ee845 100644
--- a/posix/regcomp.c
+++ b/posix/regcomp.c
@@ -1,5 +1,5 @@
/* Extended regular expression matching and search library.
- Copyright (C) 2002-2007,2009,2010 Free Software Foundation, Inc.
+ Copyright (C) 2002-2007,2009,2010,2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Isamu Hasegawa <isamu@yamato.ibm.com>.
@@ -3409,19 +3409,18 @@ build_equiv_class (bitset_t sbcset, const unsigned char *name)
_NL_COLLATE_EXTRAMB);
indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE,
_NL_COLLATE_INDIRECTMB);
- idx1 = findidx (&cp);
- if (BE (idx1 == 0 || cp < name + strlen ((const char *) name), 0))
+ idx1 = findidx (&cp, -1);
+ if (BE (idx1 == 0 || *cp != '\0', 0))
/* This isn't a valid character. */
return REG_ECOLLATE;
/* Build single byte matcing table for this equivalence class. */
- char_buf[1] = (unsigned char) '\0';
len = weights[idx1 & 0xffffff];
for (ch = 0; ch < SBC_MAX; ++ch)
{
char_buf[0] = ch;
cp = char_buf;
- idx2 = findidx (&cp);
+ idx2 = findidx (&cp, 1);
/*
idx2 = table[ch];
*/
diff --git a/posix/regex_internal.h b/posix/regex_internal.h
index 74dd230..1e4e167 100644
--- a/posix/regex_internal.h
+++ b/posix/regex_internal.h
@@ -755,7 +755,7 @@ re_string_elem_size_at (const re_string_t *pstr, int idx)
indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE,
_NL_COLLATE_INDIRECTMB);
p = pstr->mbs + idx;
- findidx (&p);
+ findidx (&p, pstr->len - idx);
return p - pstr->mbs - idx;
}
else
diff --git a/posix/regexec.c b/posix/regexec.c
index 9e0c565..3ea810b 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -3924,7 +3924,7 @@ check_node_accept_bytes (const re_dfa_t *dfa, int node_idx,
_NL_CURRENT (LC_COLLATE, _NL_COLLATE_EXTRAMB);
indirect = (const int32_t *)
_NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB);
- int32_t idx = findidx (&cp);
+ int32_t idx = findidx (&cp, elem_len);
if (idx > 0)
for (i = 0; i < cset->nequiv_classes; ++i)
{