From patchwork Mon Oct 18 22:15:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggert X-Patchwork-Id: 46363 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C038F385800D for ; Mon, 18 Oct 2021 22:16:05 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from zimbra.cs.ucla.edu (zimbra.cs.ucla.edu [131.179.128.68]) by sourceware.org (Postfix) with ESMTPS id 753C93858C27 for ; Mon, 18 Oct 2021 22:15:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 753C93858C27 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=cs.ucla.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 7B7661600FB for ; Mon, 18 Oct 2021 15:15:53 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id IiVWtgVbchTP; Mon, 18 Oct 2021 15:15:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id A72FB1600EB; Mon, 18 Oct 2021 15:15:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id m6j2gj3Iodw1; Mon, 18 Oct 2021 15:15:52 -0700 (PDT) Received: from penguin.cs.ucla.edu (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 8F17F1600EA; Mon, 18 Oct 2021 15:15:52 -0700 (PDT) From: Paul Eggert To: libc-alpha@sourceware.org Subject: [PATCH] regex: fix buffer read overrun in search [BZ#28470] Date: Mon, 18 Oct 2021 15:15:48 -0700 Message-Id: <20211018221548.76024-1-eggert@cs.ucla.edu> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Problem reported by Benno Schulenberg in: https://lists.gnu.org/r/bug-gnulib/2021-10/msg00035.html * posix/regexec.c (re_search_internal): Use better bounds check. --- posix/regexec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posix/regexec.c b/posix/regexec.c index 83e9aaf8ca..a955aa2182 100644 --- a/posix/regexec.c +++ b/posix/regexec.c @@ -760,7 +760,7 @@ re_search_internal (const regex_t *preg, const char *string, Idx length, } /* If MATCH_FIRST is out of the buffer, leave it as '\0'. Note that MATCH_FIRST must not be smaller than 0. */ - ch = (match_first >= length + ch = (mctx.input.valid_len <= offset ? 0 : re_string_byte_at (&mctx.input, offset)); if (fastmap[ch]) break;