From patchwork Thu Oct 20 10:39:33 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Schwab <schwab@suse.de>
X-Patchwork-Id: 16687
Received: (qmail 12854 invoked by alias); 20 Oct 2016 10:39:46 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 12834 invoked by uid 89); 20 Oct 2016 10:39:45 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=BAYES_00,
	RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mx2.suse.de
From: Andreas Schwab <schwab@suse.de>
To: libc-alpha@sourceware.org
Subject: [PATCH] Properly initialize glob structure with
	GLOB_BRACE|GLOB_DOOFFS
X-Yow: INSIDE, I have the same personality disorder as LUCY RICARDO!!
Date: Thu, 20 Oct 2016 12:39:33 +0200
Message-ID: <mvmtwc7mhi2.fsf@hawking.suse.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0

When glob with GLOB_BRACE calls itself recusively on each word of the
brace expansion it doesn't handle GLOB_DOOFFS when initializing the glob
structure.

Andreas.

	[BZ #20707]
	* posix/glob.c (glob): Initialize pglob before checking for
	GLOB_BRACE.  Don't call glob recursively if pattern contains no
	valid brace expression despite GLOB_BRACE.
	* posix/globtest.sh: Test it.
---
 posix/glob.c      | 65 ++++++++++++++++++++++---------------------------------
 posix/globtest.sh | 16 ++++++++++++++
 2 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/posix/glob.c b/posix/glob.c
index ea4b0b61eb..e357195a72 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -312,6 +312,28 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
        also makes all the code that uses gl_offs simpler. */
     pglob->gl_offs = 0;
 
+  if (!(flags & GLOB_APPEND))
+    {
+      pglob->gl_pathc = 0;
+      if (!(flags & GLOB_DOOFFS))
+	pglob->gl_pathv = NULL;
+      else
+	{
+	  size_t i;
+
+	  if (pglob->gl_offs >= ~((size_t) 0) / sizeof (char *))
+	    return GLOB_NOSPACE;
+
+	  pglob->gl_pathv = (char **) malloc ((pglob->gl_offs + 1)
+					      * sizeof (char *));
+	  if (pglob->gl_pathv == NULL)
+	    return GLOB_NOSPACE;
+
+	  for (i = 0; i <= pglob->gl_offs; ++i)
+	    pglob->gl_pathv[i] = NULL;
+	}
+    }
+
   if (flags & GLOB_BRACE)
     {
       const char *begin;
@@ -359,14 +381,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	    {
 	      onealt = (char *) malloc (pattern_len);
 	      if (onealt == NULL)
-		{
-		  if (!(flags & GLOB_APPEND))
-		    {
-		      pglob->gl_pathc = 0;
-		      pglob->gl_pathv = NULL;
-		    }
-		  return GLOB_NOSPACE;
-		}
+		return GLOB_NOSPACE;
 	    }
 
 	  /* We know the prefix for all sub-patterns.  */
@@ -383,7 +398,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	      if (__glibc_unlikely (!alloca_onealt))
 #endif
 		free (onealt);
-	      return glob (pattern, flags & ~GLOB_BRACE, errfunc, pglob);
+	      flags &= ~GLOB_BRACE;
+	      goto no_brace;
 	    }
 
 	  /* Now find the end of the whole brace expression.  */
@@ -404,14 +420,6 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	     points past the final }.  We will accumulate result names from
 	     recursive runs for each brace alternative in the buffer using
 	     GLOB_APPEND.  */
-
-	  if (!(flags & GLOB_APPEND))
-	    {
-	      /* This call is to set a new vector, so clear out the
-		 vector so we can append to it.  */
-	      pglob->gl_pathc = 0;
-	      pglob->gl_pathv = NULL;
-	    }
 	  firstc = pglob->gl_pathc;
 
 	  p = begin + 1;
@@ -463,28 +471,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	}
     }
 
-  if (!(flags & GLOB_APPEND))
-    {
-      pglob->gl_pathc = 0;
-      if (!(flags & GLOB_DOOFFS))
-	pglob->gl_pathv = NULL;
-      else
-	{
-	  size_t i;
-
-	  if (pglob->gl_offs >= ~((size_t) 0) / sizeof (char *))
-	    return GLOB_NOSPACE;
-
-	  pglob->gl_pathv = (char **) malloc ((pglob->gl_offs + 1)
-					      * sizeof (char *));
-	  if (pglob->gl_pathv == NULL)
-	    return GLOB_NOSPACE;
-
-	  for (i = 0; i <= pglob->gl_offs; ++i)
-	    pglob->gl_pathv[i] = NULL;
-	}
-    }
-
+ no_brace:
   oldcount = pglob->gl_pathc + pglob->gl_offs;
 
   /* Find the filename.  */
diff --git a/posix/globtest.sh b/posix/globtest.sh
index 73fe11bd76..e280f7d2b3 100755
--- a/posix/globtest.sh
+++ b/posix/globtest.sh
@@ -794,6 +794,22 @@ if test $failed -ne 0; then
   result=1
 fi
 
+# Test GLOB_BRACE and GLIB_DOOFFS with malloc checking
+failed=0
+${test_wrapper_env} \
+MALLOC_PERTURB_=65 \
+${test_via_rtld_prefix} \
+${common_objpfx}posix/globtest -b -o "$testdir" "file{1,2}" > $testout || failed=1
+cat <<"EOF" | $CMP - $testout >> $logfile || failed=1
+`abc'
+`file1'
+`file2'
+EOF
+if test $failed -ne 0; then
+  echo "GLOB_BRACE+GLOB_DOOFFS test failed" >> $logfile
+  result=1
+fi
+
 if test $result -eq 0; then
     chmod 777 $testdir/noread
     rm -fr $testdir $testout