diff options
author | pfg <pfg@FreeBSD.org> | 2016-05-29 16:32:21 +0000 |
---|---|---|
committer | pfg <pfg@FreeBSD.org> | 2016-05-29 16:32:21 +0000 |
commit | 74653565242af2be688aa0532b2b176631380cbe (patch) | |
tree | 07951e79d81fb21cbeb32cd980c1cc5e0cb5826a /lib | |
parent | 8d3a98459606624e931f841c23cf34bfbd371ea8 (diff) | |
download | FreeBSD-src-74653565242af2be688aa0532b2b176631380cbe.zip FreeBSD-src-74653565242af2be688aa0532b2b176631380cbe.tar.gz |
MFC r300378:
libc/regex: fix two buffer underruns.
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
Obtained from: OpenBSD (CVS 1.20, 1.21)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libc/regex/engine.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/lib/libc/regex/engine.c b/lib/libc/regex/engine.c index 72922f6..2ca971b 100644 --- a/lib/libc/regex/engine.c +++ b/lib/libc/regex/engine.c @@ -606,9 +606,9 @@ backref(struct match *m, return(NULL); break; case OBOL: - if ( (sp == m->beginp && !(m->eflags®_NOTBOL)) || - (sp < m->endp && *(sp-1) == '\n' && - (m->g->cflags®_NEWLINE)) ) + if ((sp == m->beginp && !(m->eflags®_NOTBOL)) || + (sp > m->offp && sp < m->endp && + *(sp-1) == '\n' && (m->g->cflags®_NEWLINE))) { /* yes */ } else return(NULL); @@ -622,12 +622,9 @@ backref(struct match *m, return(NULL); break; case OBOW: - if (( (sp == m->beginp && !(m->eflags®_NOTBOL)) || - (sp < m->endp && *(sp-1) == '\n' && - (m->g->cflags®_NEWLINE)) || - (sp > m->beginp && - !ISWORD(*(sp-1))) ) && - (sp < m->endp && ISWORD(*sp)) ) + if (sp < m->endp && ISWORD(*sp) && + ((sp == m->beginp && !(m->eflags®_NOTBOL)) || + (sp > m->offp && !ISWORD(*(sp-1))))) { /* yes */ } else return(NULL); |