Re: EGexecute: avoid access beyond end of buffer

bug-grep

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EGexecute: avoid access beyond end of buffer

From:	Paolo Bonzini
Subject:	Re: EGexecute: avoid access beyond end of buffer
Date:	Mon, 24 May 2010 13:04:27 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.4

On 05/24/2010 11:10 AM, Bruno Haible wrote:

Hi,

Another fix, independent of my previous patch: Avoid an access beyond end of
buffer.

Recall that the second argument to re_search is 'buf', therefore indices
returned by re_search are relative to 'buf', not to 'beg'. The expression
WCHAR ((unsigned char) match[len]) is only valid if

         &match[len]<  end - 1
<==>
         buf + start + len<  end - 1
<==>
         start + len<  end - buf - 1

The previous test
         len<  end - beg - 1
is wrong because
         match may be != beg
or equivalently
         start may be != beg - buf.

Bruno


Correct, I'll apply the patch.

Paolo

[Prev in Thread]

Current Thread

[Next in Thread]

EGexecute: avoid access beyond end of buffer, Bruno Haible, 2010/05/24
- Re: EGexecute: avoid access beyond end of buffer, Paolo Bonzini <=

Prev by Date: Re: EGexecute: don't assume buffer ends in a newline
Next by Date: Re: EGexecute: don't assume buffer ends in a newline
Previous by thread: EGexecute: avoid access beyond end of buffer
Next by thread: [:space:] bugs in 2.6.3?
Index(es):
- Date
- Thread