[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] fix multi-byte-locale read-beyond-end-of-buffer error
|
From: |
Jim Meyering |
|
Subject: |
[PATCH] fix multi-byte-locale read-beyond-end-of-buffer error |
|
Date: |
Wed, 23 Dec 2009 21:05:52 +0100 |
FYI, here's a fix:
tests/fmbtest.sh provokes the failure, too,
so I'm not planning to add a test case.
>From 60a7e46a1c3ff186c373e776958ea02437b686ef Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Wed, 23 Dec 2009 18:59:30 +0100
Subject: [PATCH] fix multi-byte-locale read-beyond-end-of-buffer error
Avoid read-beyond-end-of-buffer errors, evoked by running this:
LC_ALL=en_US.UTF-8 valgrind src/grep -f <(printf 'a\nb\n') <(echo c)
Conditional jump or move depends on uninitialised value(s)
at 0x78136D: __gconv_transform_utf8_internal (in /lib/libc-2.11.so)
by 0x7E7232: mbrtowc (in /lib/libc-2.11.so)
by 0x8055773: dfaexec (dfa.c:2816)
by 0x804D7B0: EGexecute (search.c:353)
by 0x804ACD8: grepbuf (grep.c:1036)
by 0x804B023: grep (grep.c:1156)
by 0x804B460: grepfile (grep.c:1287)
by 0x804CF0D: main (grep.c:2282)
Conditional jump or move depends on uninitialised value(s)
at 0x7E7248: mbrtowc (in /lib/libc-2.11.so)
by 0x8055773: dfaexec (dfa.c:2816)
by 0x804D7B0: EGexecute (search.c:353)
by 0x804ACD8: grepbuf (grep.c:1036)
by 0x804B023: grep (grep.c:1156)
by 0x804B460: grepfile (grep.c:1287)
by 0x804CF0D: main (grep.c:2282)
* src/dfa.c (dfaexec) [MBS_SUPPORT]: Do not access one byte beyond
end of buffer.
---
src/dfa.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/dfa.c b/src/dfa.c
index d1d7f25..b50f98a 100644
--- a/src/dfa.c
+++ b/src/dfa.c
@@ -2808,13 +2808,13 @@ dfaexec (struct dfa *d, char const *begin, size_t size,
int *backref)
MALLOC(inputwcs, wchar_t, end - (unsigned char const *)begin + 2);
memset(&mbs, 0, sizeof(mbstate_t));
remain_bytes = 0;
- for (i = 0; i < end - (unsigned char const *)begin + 1; i++)
+ for (i = 0; i < end - (unsigned char const *)begin; i++)
{
if (remain_bytes == 0)
{
remain_bytes
= mbrtowc(inputwcs + i, begin + i,
- end - (unsigned char const *)begin - i + 1, &mbs);
+ end - (unsigned char const *)begin - i, &mbs);
if (remain_bytes <= 1)
{
remain_bytes = 0;
--
1.6.6.rc4.284.gb0b11
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] fix multi-byte-locale read-beyond-end-of-buffer error,
Jim Meyering <=