diff options
author | Andreas Schwab <schwab@redhat.com> | 2011-11-29 10:52:22 +0100 |
---|---|---|
committer | Andreas Schwab <schwab@redhat.com> | 2011-11-30 11:03:20 +0100 |
commit | f3a6cc0a560a17f32a3e90d2f20501a53cab6058 (patch) | |
tree | 52085ca0dbca778c7cdf92bf0ddebe8a6727a432 /posix | |
parent | c5a0802a682dba23f92d47f0f99775aebfbe2539 (diff) | |
download | glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.zip glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.gz glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.bz2 |
Fix access after end of search string in regex matcher
Diffstat (limited to 'posix')
-rw-r--r-- | posix/fnmatch_loop.c | 4 | ||||
-rw-r--r-- | posix/regcomp.c | 9 | ||||
-rw-r--r-- | posix/regex_internal.h | 2 | ||||
-rw-r--r-- | posix/regexec.c | 2 |
4 files changed, 8 insertions, 9 deletions
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index 18a6667..72bd3ee 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -412,7 +412,7 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) _NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB); # endif - idx = findidx (&cp); + idx = findidx (&cp, 1); if (idx != 0) { /* We found a table entry. Now see whether the @@ -422,7 +422,7 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) int32_t idx2; const UCHAR *np = (const UCHAR *) n; - idx2 = findidx (&np); + idx2 = findidx (&np, string_end - n); if (idx2 != 0 && (idx >> 24) == (idx2 >> 24) && len == weights[idx2 & 0xffffff]) diff --git a/posix/regcomp.c b/posix/regcomp.c index b238c08..34ee845 100644 --- a/posix/regcomp.c +++ b/posix/regcomp.c @@ -1,5 +1,5 @@ /* Extended regular expression matching and search library. - Copyright (C) 2002-2007,2009,2010 Free Software Foundation, Inc. + Copyright (C) 2002-2007,2009,2010,2011 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Isamu Hasegawa <isamu@yamato.ibm.com>. @@ -3409,19 +3409,18 @@ build_equiv_class (bitset_t sbcset, const unsigned char *name) _NL_COLLATE_EXTRAMB); indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB); - idx1 = findidx (&cp); - if (BE (idx1 == 0 || cp < name + strlen ((const char *) name), 0)) + idx1 = findidx (&cp, -1); + if (BE (idx1 == 0 || *cp != '\0', 0)) /* This isn't a valid character. */ return REG_ECOLLATE; /* Build single byte matcing table for this equivalence class. */ - char_buf[1] = (unsigned char) '\0'; len = weights[idx1 & 0xffffff]; for (ch = 0; ch < SBC_MAX; ++ch) { char_buf[0] = ch; cp = char_buf; - idx2 = findidx (&cp); + idx2 = findidx (&cp, 1); /* idx2 = table[ch]; */ diff --git a/posix/regex_internal.h b/posix/regex_internal.h index 74dd230..1e4e167 100644 --- a/posix/regex_internal.h +++ b/posix/regex_internal.h @@ -755,7 +755,7 @@ re_string_elem_size_at (const re_string_t *pstr, int idx) indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB); p = pstr->mbs + idx; - findidx (&p); + findidx (&p, pstr->len - idx); return p - pstr->mbs - idx; } else diff --git a/posix/regexec.c b/posix/regexec.c index 9e0c565..3ea810b 100644 --- a/posix/regexec.c +++ b/posix/regexec.c @@ -3924,7 +3924,7 @@ check_node_accept_bytes (const re_dfa_t *dfa, int node_idx, _NL_CURRENT (LC_COLLATE, _NL_COLLATE_EXTRAMB); indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB); - int32_t idx = findidx (&cp); + int32_t idx = findidx (&cp, elem_len); if (idx > 0) for (i = 0; i < cset->nequiv_classes; ++i) { |