Fix read past end of pattern in fnmatch (bug 18032)
Commit Message
[BZ #18032]
* posix/fnmatch_loop.c (FCT): Remove extra increment when skipping
over collating symbol inside a bracket expression.
* posix/tst-fnmatch3.c (do_test): Add test case.
---
posix/fnmatch_loop.c | 5 ++---
posix/tst-fnmatch3.c | 8 +++++---
2 files changed, 7 insertions(+), 6 deletions(-)
Comments
On 02/26/2015 03:00 PM, Andreas Schwab wrote:
> [BZ #18032]
> * posix/fnmatch_loop.c (FCT): Remove extra increment when skipping
> over collating symbol inside a bracket expression.
> * posix/tst-fnmatch3.c (do_test): Add test case.
The changelog does not mention the other change. Otherwise okay.
@@ -892,14 +892,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
}
else if (c == L('[') && *p == L('.'))
{
- ++p;
while (1)
{
c = *++p;
- if (c == '\0')
+ if (c == L('\0'))
return FNM_NOMATCH;
- if (*p == L('.') && p[1] == L(']'))
+ if (c == L('.') && p[1] == L(']'))
break;
}
p += 2;
@@ -21,9 +21,11 @@
int
do_test (void)
{
- const char *pattern = "[[:alpha:]'[:alpha:]\0]";
-
- return fnmatch (pattern, "a", 0) != FNM_NOMATCH;
+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH)
+ return 1;
+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
+ return 1;
+ return 0;
}
#define TEST_FUNCTION do_test ()