[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32592: heap-use-after-free in regex module

From: Jim Meyering
Subject: bug#32592: heap-use-after-free in regex module
Date: Wed, 5 Sep 2018 21:45:57 -0700

On Wed, Sep 5, 2018 at 6:28 PM Assaf Gordon <address@hidden> wrote:
> Bruno alerted me off-list:
> On 05/09/18 07:19 PM, Bruno Haible wrote:
>  > Is the ChangeLog entry up-to-date?
>  >
>  > +    * regexec.c (get_subexp): Update 'buf' after call to get_subexp_sub.
>  > +    Additionally, check for allocation errors and bail out if needed.
>  >
>  > I don't see a code change for
>  > "check for allocation errors and bail out if needed".
> Thanks!
> I initially had a check for REG_NOERROR there, but removed it.
> Attached an updated patch without the outdated comment.

Very nice work!

Your change looks fine: set "buf" to account for potentially-moved
allocation, just as is done on three other lines above.
However, I couldn't help but notice this nonsense right after the line
you inserted:

          if (err == REG_NOMATCH)

That is an "if (...) continue;" just before the closing brace of a
for-loop. Those two lines constitute a no-op and should be removed,
though not as part of your change.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]