bug#19061: [PATCH] dfa: building superset, access to unallocated memory

[Jim Meyering]

On Sun, Nov 16, 2014 at 1:18 AM, Norihiro Tanaka <address@hidden> wrote:
> On Sat, 15 Nov 2014 22:27:50 -0800
> Jim Meyering <address@hidden> wrote:
>> Thanks for confirming.
>> In that case, since I see no harm in calling xnmalloc with N = 0, I
>> will use a more conservative change: guard only the undefined use of
>> memcpy.
>> I've left your name on this amended patch.
>
> Thanks for the ajustment.  You are right, but the purpose of the code
> is to make a clone of original DFA.  If we do not guard xnmalloc, when
> calloc is 0, charclasses is NULL in original DFA, and it is *NOT* NULL
> in the superset.  I think that it is not right logically.

Does some code assume that V->charclasses != NULL implies
0 < V->calloc? I would argue that such code is incorrect.  I.e.,
in the degenerate case (calloc == 0), the code should not
distinguish between a NULL charclasses member and one
that points to a malloc'd buffer of length 0.