This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi!
get_subexp would happily compare bytes beyond end of buffer (or beyond
end of valid chars).
2004-01-19 Jakub Jelinek <jakub@redhat.com>
* posix/regexec.c (get_subexp): Remove bkref_str variable.
Extend buffers if needed before comparisons.
(get_subexp_sub): Handle clean_state_log_if_needed failure.
--- libc/posix/regexec.c.jj 2004-01-03 13:42:56.000000000 +0100
+++ libc/posix/regexec.c 2004-01-19 15:00:53.000000000 +0100
@@ -2551,7 +2551,6 @@ get_subexp (mctx, bkref_node, bkref_str_
re_sub_match_top_t *sub_top = mctx->sub_tops[sub_top_idx];
re_sub_match_last_t *sub_last;
int sub_last_idx, sl_str, bkref_str_off;
- const char *bkref_str;
if (dfa->nodes[sub_top->node].opr.idx != subexp_num)
continue; /* It isn't related. */
@@ -2567,9 +2566,24 @@ get_subexp (mctx, bkref_node, bkref_str_
sl_str_diff = sub_last->str_idx - sl_str;
/* The matched string by the sub expression match with the substring
at the back reference? */
- if (sl_str_diff > 0
- && memcmp (buf + bkref_str_off, buf + sl_str, sl_str_diff) != 0)
- break; /* We don't need to search this sub expression any more. */
+ if (sl_str_diff > 0)
+ {
+ if (BE (bkref_str_off + sl_str_diff > mctx->input.valid_len, 0))
+ {
+ /* Not enough chars for a successful match. */
+ if (bkref_str_off + sl_str_diff > mctx->input.len)
+ break;
+
+ err = clean_state_log_if_needed (mctx,
+ bkref_str_off
+ + sl_str_diff);
+ if (BE (err != REG_NOERROR, 0))
+ return err;
+ buf = (const char *) re_string_get_buffer (&mctx->input);
+ }
+ if (memcmp (buf + bkref_str_off, buf + sl_str, sl_str_diff) != 0)
+ break; /* We don't need to search this sub expression any more. */
+ }
bkref_str_off += sl_str_diff;
sl_str += sl_str_diff;
err = get_subexp_sub (mctx, sub_top, sub_last, bkref_node,
@@ -2584,7 +2598,6 @@ get_subexp (mctx, bkref_node, bkref_str_
if (BE (err != REG_NOERROR, 0))
return err;
}
- bkref_str = buf + bkref_str_off;
if (sub_last_idx < sub_top->nlasts)
continue;
@@ -2598,8 +2611,24 @@ get_subexp (mctx, bkref_node, bkref_str_
sl_str_off = sl_str - sub_top->str_idx;
/* The matched string by the sub expression match with the substring
at the back reference? */
- if (sl_str_off > 0 && *bkref_str++ != buf[sl_str - 1])
- break; /* We don't need to search this sub expression any more. */
+ if (sl_str_off > 0)
+ {
+ if (BE (bkref_str_off >= mctx->input.valid_len, 0))
+ {
+ /* If we are at the end of the input, we cannot match. */
+ if (bkref_str_off >= mctx->input.len)
+ break;
+
+ err = extend_buffers (mctx);
+ if (BE (err != REG_NOERROR, 0))
+ return err;
+
+ buf = (const char *) re_string_get_buffer (&mctx->input);
+ }
+ if (buf [bkref_str_off++] != buf[sl_str - 1])
+ break; /* We don't need to search this sub expression
+ any more. */
+ }
if (mctx->state_log[sl_str] == NULL)
continue;
/* Does this state have a ')' of the sub expression? */
@@ -2659,8 +2688,7 @@ get_subexp_sub (mctx, sub_top, sub_last,
if (BE (err != REG_NOERROR, 0))
return err;
to_idx = bkref_str + sub_last->str_idx - sub_top->str_idx;
- clean_state_log_if_needed (mctx, to_idx);
- return REG_NOERROR;
+ return clean_state_log_if_needed (mctx, to_idx);
}
/* Find the first node which is '(' or ')' and whose index is SUBEXP_IDX.
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |