[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#32592: heap-use-after-free in regex module
From: |
Jim Meyering |
Subject: |
bug#32592: heap-use-after-free in regex module |
Date: |
Wed, 5 Sep 2018 21:45:57 -0700 |
On Wed, Sep 5, 2018 at 6:28 PM Assaf Gordon <address@hidden> wrote:
>
> Bruno alerted me off-list:
>
> On 05/09/18 07:19 PM, Bruno Haible wrote:
> > Is the ChangeLog entry up-to-date?
> >
> > + * regexec.c (get_subexp): Update 'buf' after call to get_subexp_sub.
> > + Additionally, check for allocation errors and bail out if needed.
> >
> > I don't see a code change for
> > "check for allocation errors and bail out if needed".
>
> Thanks!
>
> I initially had a check for REG_NOERROR there, but removed it.
>
> Attached an updated patch without the outdated comment.
Very nice work!
Your change looks fine: set "buf" to account for potentially-moved
allocation, just as is done on three other lines above.
However, I couldn't help but notice this nonsense right after the line
you inserted:
if (err == REG_NOMATCH)
continue;
}
That is an "if (...) continue;" just before the closing brace of a
for-loop. Those two lines constitute a no-op and should be removed,
though not as part of your change.
- bug#32592: s with i modifier seems to work incorrectly, Assaf Gordon, 2018/09/04
- bug#32592: s with i modifier seems to work incorrectly, Saito Takaaki, 2018/09/04
- bug#32592: heap-use-after-free in regex module (was: s with i modifier seems to work incorrectly), Assaf Gordon, 2018/09/05
- bug#32592: heap-use-after-free in regex module, Assaf Gordon, 2018/09/05
- bug#32592: heap-use-after-free in regex module,
Jim Meyering <=
- bug#32592: heap-use-after-free in regex module, Paul Eggert, 2018/09/06
- bug#32592: heap-use-after-free in regex module, Assaf Gordon, 2018/09/06
- bug#32592: heap-use-after-free in regex module, Paul Eggert, 2018/09/06
- bug#32592: heap-use-after-free in regex module, Jim Meyering, 2018/09/06