[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19563: grep -F: fix a heap buffer (read) overrun
From: |
Norihiro Tanaka |
Subject: |
bug#19563: grep -F: fix a heap buffer (read) overrun |
Date: |
Mon, 12 Jan 2015 11:31:44 +0900 |
On Sun, 11 Jan 2015 17:49:22 -0800
Jim Meyering <address@hidden> wrote:
> On Sun, Jan 11, 2015 at 4:31 PM, Norihiro Tanaka <address@hidden> wrote:
> ...
> > How about the attachments instead for the second patch?
>
> Thank you for the suggestion.
>
> However, I do not see a problem with Yuliy's fix, so have pushed it,
> along with the other two commits.
>
> Comparing your change to Yuliy's, I have a slight preference
> for his, since it adds work only to the rarely-used code path on
> which this bug was introduced, and keeps the handling of
> "out of bounds TP" closer to the code that makes TP too large.
>
> If you can provide justification for this proposed change,
> would you please do so in the commit log of a rebased patch?
I understood. However, if fill d == 0 before reach in memchr(), even if
fill ep <= tp, bm_delta2_search() can be called, and it is not buggy.
So It is difficult for me to understand that we must exit the loop if
tp <= ep at the point, although I understand that his fix is correct.