bug-sed
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32592: heap-use-after-free in regex module

From: Paul Eggert
Subject: bug#32592: heap-use-after-free in regex module
Date: Thu, 6 Sep 2018 00:18:18 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 
Jim Meyering wrote:

I couldn't help but notice this nonsense right after the line
you inserted:

           if (err == REG_NOMATCH)
             continue;
         }

That is an "if (...) continue;" just before the closing brace of a
for-loop. Those two lines constitute a no-op and should be removed,
though not as part of your change.
Actually I think the abovementioned code should be kept, and the nonsense comes from the fact that some code is missing after the "if". When err != REG_NOMATCH && err != REG_NOERROR, the function should exit the loop and return immediately, because there is a memory allocation error in a subroutine. 

What a coincidence that we would find two bugs right next to each other, huh?...
I filed a bug report against glibc, and unless there's an objection I would like to fix both bugs in glibc and propagate the fix into gnulib. Please see the glibc bug here: 

https://sourceware.org/bugzilla/show_bug.cgi?id=23609
reply via email to
[Prev in Thread] Current Thread [Next in Thread]