>From 188801f8e017f0702cbb24390e4f88b3d0da18ff Mon Sep 17 00:00:00 2001 From: Noam Postavsky Date: Sat, 5 Nov 2016 16:51:53 -0400 Subject: [PATCH v3 1/2] Fix computation of regex stack limit The regex stack limit was being computed as the number of stack entries, whereas it was being compared with the current size as measured in bytes. This could cause indefinite looping when nearing the stack limit if re_max_failures happened not to be a multiple of sizeof fail_stack_elt_t (Bug #24751). * src/regex.c (GROW_FAIL_STACK): Compute both current stack size and limit as numbers of stack entries. --- src/regex.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/regex.c b/src/regex.c index ae3fde8..a2d2c52 100644 --- a/src/regex.c +++ b/src/regex.c @@ -1319,23 +1319,20 @@ WEAK_ALIAS (__re_set_syntax, re_set_syntax) #define FAIL_STACK_GROWTH_FACTOR 4 #define GROW_FAIL_STACK(fail_stack) \ - (((fail_stack).size * sizeof (fail_stack_elt_t) \ - >= re_max_failures * TYPICAL_FAILURE_SIZE) \ + (((fail_stack).size >= re_max_failures * TYPICAL_FAILURE_SIZE) \ ? 0 \ : ((fail_stack).stack \ = REGEX_REALLOCATE_STACK ((fail_stack).stack, \ (fail_stack).size * sizeof (fail_stack_elt_t), \ - min (re_max_failures * TYPICAL_FAILURE_SIZE, \ - ((fail_stack).size * sizeof (fail_stack_elt_t) \ - * FAIL_STACK_GROWTH_FACTOR))), \ + min (re_max_failures * TYPICAL_FAILURE_SIZE, \ + ((fail_stack).size * FAIL_STACK_GROWTH_FACTOR)) \ + * sizeof (fail_stack_elt_t)), \ \ (fail_stack).stack == NULL \ ? 0 \ : ((fail_stack).size \ - = (min (re_max_failures * TYPICAL_FAILURE_SIZE, \ - ((fail_stack).size * sizeof (fail_stack_elt_t) \ - * FAIL_STACK_GROWTH_FACTOR)) \ - / sizeof (fail_stack_elt_t)), \ + = (min (re_max_failures * TYPICAL_FAILURE_SIZE, \ + ((fail_stack).size * FAIL_STACK_GROWTH_FACTOR))), \ 1))) -- 2.9.3