Avoid accessing accessing memory past the end of mb_properties in the

degenerate case of fgrep with an empty pattern in a multibyte locale. Found by phkmalloc.
author: tjr <tjr@FreeBSD.org> 2004-07-04 14:00:25 +0000
committer: tjr <tjr@FreeBSD.org> 2004-07-04 14:00:25 +0000
commit: 6380609efc2a784441844ead766e67bd862a163a (patch)
tree: 3411746a744f861a5ff52960e7f537a25e54cacc /gnu/usr.bin/grep
parent: 0b5402fc6b7225b89bf8a3dd809b4e100b3ea150 (diff)
download: FreeBSD-src-6380609efc2a784441844ead766e67bd862a163a.zip
FreeBSD-src-6380609efc2a784441844ead766e67bd862a163a.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/usr.bin/grep/search.c b/gnu/usr.bin/grep/search.c
index b8a1dcd..b2514a9 100644
--- a/gnu/usr.bin/grep/search.c
+++ b/gnu/usr.bin/grep/search.c
@@ -552,7 +552,8 @@ Fexecute (char const *buf, size_t size, size_t *match_size, int exact)
       if (offset == (size_t) -1)
 	goto failure;
 #ifdef MBS_SUPPORT
-      if (MB_CUR_MAX > 1 && mb_properties[offset+beg-buf] == 0)
+      if (MB_CUR_MAX > 1 && offset + beg - buf < size
+          && mb_properties[offset+beg-buf] == 0)
 	continue; /* It is a part of multibyte character.  */
 #endif /* MBS_SUPPORT */
       beg += offset;
author	tjr <tjr@FreeBSD.org>	2004-07-04 14:00:25 +0000
committer	tjr <tjr@FreeBSD.org>	2004-07-04 14:00:25 +0000
commit	6380609efc2a784441844ead766e67bd862a163a (patch)
tree	3411746a744f861a5ff52960e7f537a25e54cacc /gnu/usr.bin/grep
parent	0b5402fc6b7225b89bf8a3dd809b4e100b3ea150 (diff)
download	FreeBSD-src-6380609efc2a784441844ead766e67bd862a163a.zip FreeBSD-src-6380609efc2a784441844ead766e67bd862a163a.tar.gz