[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/2] regex: test for buffer overrun
From: |
Paul Eggert |
Subject: |
[PATCH 2/2] regex: test for buffer overrun |
Date: |
Tue, 29 Jan 2013 22:40:41 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 |
* m4/regex.m4 (gl_REGEX): Add test case, by Andreas Schwab,
for the just-fixed regex bug.
---
ChangeLog | 6 ++++++
m4/regex.m4 | 61 ++++++++++++++++++++++++++++++++++++++++++-------------------
2 files changed, 48 insertions(+), 19 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ab95829..74f6f66 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-01-29 Paul Eggert <address@hidden>
+
+ regex: test for buffer overrun
+ * m4/regex.m4 (gl_REGEX): Add test case, by Andreas Schwab,
+ for the just-fixed regex bug.
+
2013-01-29 Andreas Schwab <address@hidden>
regex: fix buffer overrun in regexp matcher
diff --git a/m4/regex.m4 b/m4/regex.m4
index b3a6b1c..2f5bd09 100644
--- a/m4/regex.m4
+++ b/m4/regex.m4
@@ -1,4 +1,4 @@
-# serial 61
+# serial 62
# Copyright (C) 1996-2001, 2003-2013 Free Software Foundation, Inc.
#
@@ -43,26 +43,49 @@ AC_DEFUN([gl_REGEX],
const char *s;
struct re_registers regs;
- /* http://sourceware.org/ml/libc-hacker/2006-09/msg00008.html
- This test needs valgrind to catch the bug on Debian
- GNU/Linux 3.1 x86, but it might catch the bug better
- on other platforms and it shouldn't hurt to try the
- test here. */
if (setlocale (LC_ALL, "en_US.UTF-8"))
{
- static char const pat[] = "insert into";
- static char const data[] =
- "\xFF\0\x12\xA2\xAA\xC4\xB1,K\x12\xC4\xB1*\xACK";
- re_set_syntax (RE_SYNTAX_GREP | RE_HAT_LISTS_NOT_NEWLINE
- | RE_ICASE);
- memset (®ex, 0, sizeof regex);
- s = re_compile_pattern (pat, sizeof pat - 1, ®ex);
- if (s)
- result |= 1;
- else if (re_search (®ex, data, sizeof data - 1,
- 0, sizeof data - 1, ®s)
- != -1)
- result |= 1;
+ {
+ /* http://sourceware.org/ml/libc-hacker/2006-09/msg00008.html
+ This test needs valgrind to catch the bug on Debian
+ GNU/Linux 3.1 x86, but it might catch the bug better
+ on other platforms and it shouldn't hurt to try the
+ test here. */
+ static char const pat[] = "insert into";
+ static char const data[] =
+ "\xFF\0\x12\xA2\xAA\xC4\xB1,K\x12\xC4\xB1*\xACK";
+ re_set_syntax (RE_SYNTAX_GREP | RE_HAT_LISTS_NOT_NEWLINE
+ | RE_ICASE);
+ memset (®ex, 0, sizeof regex);
+ s = re_compile_pattern (pat, sizeof pat - 1, ®ex);
+ if (s)
+ result |= 1;
+ else if (re_search (®ex, data, sizeof data - 1,
+ 0, sizeof data - 1, ®s)
+ != -1)
+ result |= 1;
+ }
+
+ {
+ /* This test is from glibc bug 15078.
+ The test case is from Andreas Schwab in
+
<http://www.sourceware.org/ml/libc-alpha/2013-01/msg00967.html>.
+ */
+ static char const pat[] = "[^x]x";
+ static char const data[] =
+ "\xe1\x80\x80\xe1\x80\xbb\xe1\x80\xbd\xe1\x80\x94\xe1\x80"
+ "\xba\xe1\x80\xaf\xe1\x80\x95\xe1\x80\xbax";
+ re_set_syntax (0);
+ memset (®ex, 0, sizeof regex);
+ s = re_compile_pattern (pat, sizeof pat - 1, ®ex);
+ if (s)
+ result |= 1;
+ else if (re_search (®ex, data, sizeof data - 1,
+ 0, sizeof data - 1, 0)
+ != 20)
+ result |= 1;
+ }
+
if (! setlocale (LC_ALL, "C"))
return 1;
}
--
1.7.11.7