bug#19061: [PATCH] dfa: building superset, access to unallocated memory

[Jim Meyering]

On Sat, Nov 15, 2014 at 1:11 AM, Norihiro Tanaka <address@hidden> wrote:
> If original DFA does not have any CSETs, no memory allocated for CSET.
> Even then DFA try to copy CSET from original DFA to the superset.  As
> a result, it is caused to access to unallocated memory.  We have no test
> case so that it is very difficult that we always reproduce this bug, as
> CSET may be added only one in building superset.

Thank you for the patch.
That seems like a fine change, but so far, I cannot see how
it avoids accessing uninitialized memory.
I do see that it fixes an error whereby memcpy was being
called with its 2nd argument NULL, though in each case,
the third argument is always 0.  Passing a NULL pointer as
the 2nd argument to memcpy is officially "undefined
behavior", and I confirmed that building with gcc and its
"undefined behavior sanitizer", the problem was exposed,
and that your patch fixes it.

Do you know of a way to make grep crash, as stated in your
proposed NEWS entry?  If so, please give details.

It is UB after all.  Perhaps you found a system whose memcpy
dereferences the source pointer even when the size is 0?