bug#15307: minor fix to dfa.c

bug-grep

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#15307: minor fix to dfa.c

From:	Aharon Robbins
Subject:	bug#15307: minor fix to dfa.c
Date:	Sun, 08 Sep 2013 11:53:07 +0200
User-agent:	Heirloom mailx 12.5 6/20/10

The following fix to dfa.c was suggested by a static checking tool.
I'm applying it in the gawk code base.

Basically, it's theoretically possible for len to have run off the end
of the `str' array.

Thanks,

Arnold

diff --git a/dfa.c b/dfa.c
index 8b79eb7..490a075 100644
--- a/dfa.c
+++ b/dfa.c
@@ -1038,7 +1038,8 @@ parse_bracket_exp (void)
                     /* This is in any case an invalid class name.  */
                     str[0] = '\0';
                 }
-              str[len] = '\0';
+              if (len < BRACKET_BUFFER_SIZE)
+                 str[len] = '\0';
 
               /* Fetch bracket.  */
               FETCH_WC (c, wc, _("unbalanced ["));

[Prev in Thread]

Current Thread

[Next in Thread]

bug#15307: minor fix to dfa.c, Aharon Robbins <=
- bug#15307: minor fix to dfa.c, Jim Meyering, 2013/09/08
  - bug#15307: minor fix to dfa.c, Jim Meyering, 2013/09/11

Prev by Date: bug#15192: UTF-16 surrogate pair handling in grep -i option
Next by Date: bug#15307: minor fix to dfa.c
Previous by thread: bug#15192: UTF-16 surrogate pair handling in grep -i option
Next by thread: bug#15307: minor fix to dfa.c
Index(es):
- Date
- Thread