Mercurial > hg > octave-nkf > gnulib-hg
diff lib/regcomp.c @ 12572:b11c0a312a68
regcomp, regexec, fnmatch: avoid array bounds read error
* lib/regcomp.c (build_equiv_class): From glibc:
Use only the low 24 bits of a findidx return value as an index
into the weights array. Patch by Ulrich Drepper:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=b7d1c5fa30
* lib/regexec.c (check_node_accept_bytes): Likewise.
* lib/fnmatch_loop.c (FCT): Likewise.
| author | Ulrich Drepper <drepper@redhat.com> |
|---|---|
| date | Mon, 04 Jan 2010 11:18:51 +0100 |
| parents | 64d47f001127 |
| children | 971957a253f8 |
line wrap: on
line diff
--- a/lib/regcomp.c +++ b/lib/regcomp.c @@ -3436,7 +3436,7 @@ /* Build single byte matcing table for this equivalence class. */ char_buf[1] = (unsigned char) '\0'; - len = weights[idx1]; + len = weights[idx1 & 0xffffff]; for (ch = 0; ch < SBC_MAX; ++ch) { char_buf[0] = ch; @@ -3448,11 +3448,15 @@ if (idx2 == 0) /* This isn't a valid character. */ continue; - if (len == weights[idx2]) + /* Compare only if the length matches and the collation rule + index is the same. */ + if (len == weights[idx2 & 0xffffff] && (idx1 >> 24) == (idx2 >> 24)) { int cnt = 0; + while (cnt <= len && - weights[idx1 + 1 + cnt] == weights[idx2 + 1 + cnt]) + weights[(idx1 & 0xffffff) + 1 + cnt] + == weights[(idx2 & 0xffffff) + 1 + cnt]) ++cnt; if (cnt > len)