From aa6ec754f3b4b1df81d186480c534b6486a1e6ee Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Fri, 20 Jun 2014 12:41:27 +0200 Subject: Fix another memory leak in regexp compiler (BZ #17069) --- ChangeLog | 7 +++++++ NEWS | 2 +- posix/bug-regex36.c | 4 ++-- posix/regcomp.c | 6 +++++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 192217d..6d419c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2014-06-20 Andreas Schwab + + [BZ #17069] + * posix/regcomp.c (parse_reg_exp): Deallocate partially + constructed tree before returning error. + * posix/bug-regexp36.c: Expand test case. + 2014-06-20 Stefan Liebler [BZ #6803] diff --git a/NEWS b/NEWS index 5af9404..9c2ba43 100644 --- a/NEWS +++ b/NEWS @@ -20,7 +20,7 @@ Version 2.20 16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16912, 16915, 16916, 16917, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, 17042, - 17048, 17058, 17062. + 17048, 17058, 17062, 17069. * Optimized strchr implementation for AArch64. Contributed by ARM Ltd. diff --git a/posix/bug-regex36.c b/posix/bug-regex36.c index 3dda026..59e2b6d 100644 --- a/posix/bug-regex36.c +++ b/posix/bug-regex36.c @@ -1,4 +1,4 @@ -/* Test regcomp not leaking memory on invalid repetition operator +/* Test regcomp not leaking memory on parse errors Copyright (C) 2014 Free Software Foundation, Inc. This file is part of the GNU C Library. @@ -24,6 +24,6 @@ main (int argc, char **argv) { regex_t r; mtrace (); - regcomp (&r, "[a]\\{-2,}", 0); + regcomp (&r, "[a]\\|[a]\\{-2,}", 0); regfree (&r); } diff --git a/posix/regcomp.c b/posix/regcomp.c index a5020be..076eca3 100644 --- a/posix/regcomp.c +++ b/posix/regcomp.c @@ -2154,7 +2154,11 @@ parse_reg_exp (re_string_t *regexp, regex_t *preg, re_token_t *token, { branch = parse_branch (regexp, preg, token, syntax, nest, err); if (BE (*err != REG_NOERROR && branch == NULL, 0)) - return NULL; + { + if (tree != NULL) + postorder (tree, free_tree, NULL); + return NULL; + } } else branch = NULL; -- cgit v1.1