diff options
author | Jim Meyering <meyering@fb.com> | 2014-07-12 17:07:21 -0700 |
---|---|---|
committer | Jim Meyering <meyering@fb.com> | 2014-07-13 21:25:22 -0700 |
commit | 7ee03f00188723a4de2b85021e511ced6d7fc4be (patch) | |
tree | b0f6e6b2f903f0da5cc7e3fa9f8c2b5d36ae9548 /posix | |
parent | 9d39d517a7c700d53e2f24e8855a9b3a5e046a63 (diff) | |
download | glibc-7ee03f00188723a4de2b85021e511ced6d7fc4be.zip glibc-7ee03f00188723a4de2b85021e511ced6d7fc4be.tar.gz glibc-7ee03f00188723a4de2b85021e511ced6d7fc4be.tar.bz2 |
regex: don't deref NULL upon heap allocation failure
* posix/regcomp.c: (parse_dup_op): Handle duplicate_tree
failure in one more place.
To trigger the segfault, configure grep -with-included-regex,
build it, and run these commands:
( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ )
Diffstat (limited to 'posix')
-rw-r--r-- | posix/regcomp.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/posix/regcomp.c b/posix/regcomp.c index 076eca3..8f2747b 100644 --- a/posix/regcomp.c +++ b/posix/regcomp.c @@ -2582,6 +2582,8 @@ parse_dup_op (bin_tree_t *elem, re_string_t *regexp, re_dfa_t *dfa, /* Duplicate ELEM before it is marked optional. */ elem = duplicate_tree (elem, dfa); + if (BE (elem == NULL, 0)) + goto parse_dup_op_espace; old_tree = tree; } else |